Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] mirar toolbar removal - Help please.


  • This topic is locked This topic is locked
14 replies to this topic

#1 slimmie

slimmie

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 07 October 2007 - 12:36 PM

I have somehow ended up with the mirar toolbar. Need some help removing it and whatever else I may have lurking deep in my registry. I know enough to be dangerous, so I'd appreciate it if someone who knows what they are doing could help me out. Here is a Hijackthis log. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 2:28:50 PM, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\cisvc.exe
F:\WINDOWS\VGltbQ\command.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
F:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
F:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
F:\WINDOWS\Explorer.EXE
C:\Program Files\dvd43\dvd43_tray.exe
F:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
F:\WINDOWS\tsitra11.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
F:\Program Files\WinAble\winable.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
F:\DOCUME~1\Timm\LOCALS~1\Temp\MirarPrefetchor.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\Timm\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {47D67917-B6D3-BD01-A83B-EF2B58E382BA} - F:\WINDOWS\system32\snyvuut.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [runner1] F:\WINDOWS\tsitra11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A284661A64DB7
8F5287E55E246220D9E728F86C07B5670CA39576CAC59B6
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinAble] F:\Program Files\WinAble\winable.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by133w.bay133...es/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1189473934234
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Command Service (cmdService) - Unknown owner - F:\WINDOWS\VGltbQ\command.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    Advertisements

Register to Remove


#2 __RiP_ChAiN_

__RiP_ChAiN_

    GeekU Teacher

  • Authentic Member
  • PipPip
  • 142 posts

Posted 07 October 2007 - 09:45 PM

Hello slimmie,

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 3.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Posted Image

#3 slimmie

slimmie

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 08 October 2007 - 05:14 PM

Ok, old Java stuff is gone. New Java is installed.

Here is the Hijackthis Uninstall log:

1Click DVD Copy 5.3.1.6
Ad-aware 6 Personal
Adobe Acrobat 5.0
Adobe Download Manager (Remove Only)
Adobe Flash Player ActiveX
Bazooka Scanner
BCM V.92 56K Modem
BroadJump Client Foundation
CCleaner (remove only)
Charter High Speed Internet Self-Installation Wizard
Command
Dell ResourceCD
Digital Line Detect
DVD43 v3.9.0
HijackThis 1.99.1
HP Photo and Imaging 2.0 - Photosmart Printer Series
Intel® PRO Ethernet Adapter and Software
Intel® PROSet II
Java™ 6 Update 3
LimeWire 4.14.8
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Web Publishing Wizard 1.52
Microsoft XML Parser and SDK
Mirar
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MUSICMATCH® Jukebox
MySpaceIM
Nero Suite
Network Monitor
Norton AntiVirus 2002
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
OIN
Outerinfo
Palm Desktop
Photodex Presenter
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
Picasa 2
Pop-Up Stopper Free Edition
PowerQuest PartitionMagic 8.0
ProShow Gold
QuickTime
Registry Mechanic
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Shockwave
Sony USB Driver
Sound Blaster Live!
Spybot - Search & Destroy 1.2
SpywareBlaster v3.5.1
TSA
URGE
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Service Pack 2
Yahoo! Toolbar



Here is the combofix log:

ComboFix 07-10-07.2 - Timm 2007-10-08 18:25:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.96 [GMT -4:00]
Running from: F:\Documents and Settings\Timm\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Documents and Settings\Jessica\Application Data\STEM32~1
F:\Documents and Settings\Jessica\Application Data\WinTouch
F:\Documents and Settings\Jessica\Application Data\WinTouch\config.cfg.d9bacd987c58773e5e85a075cef6fe2c
F:\Documents and Settings\Jessica\Application Data\WinTouch\wintouch.cfg
F:\Documents and Settings\Jessica\Application Data\WinTouch\WinTouch.exe
F:\Documents and Settings\Jessica\Application Data\WinTouch\WTUninstaller.exe
F:\Documents and Settings\Jessica\My Documents\MBOLS~1
F:\Documents and Settings\Jessica\My Documents\MBOLS~1\?hkdsk.exe
F:\Documents and Settings\Jessica\Start Menu\Programs\Outerinfo
F:\Documents and Settings\Jessica\Start Menu\Programs\Outerinfo\Terms.lnk
F:\Documents and Settings\Jessica\Start Menu\Programs\Outerinfo\Uninstall.lnk
F:\Documents and Settings\Timm\My Documents\ICROSO~1.NET
F:\Documents and Settings\Timm\My Documents\MCROSO~1
F:\onoes.exe
F:\Program Files\delfin
F:\Program Files\inetget2
F:\Program Files\outerinfo
F:\Program Files\outerinfo\Terms.rtf
F:\Program Files\WinAble
F:\Program Files\WinAble\winable.exe
F:\Program Files\Words
F:\Program Files\Words\list.txt
F:\Program Files\Words\UnInstall.exe
F:\Program Files\Words\Words.exe
F:\WINDOWS\b103.exe
F:\WINDOWS\b104.exe
F:\WINDOWS\b111.exe
F:\WINDOWS\b122.exe
F:\WINDOWS\b128.exe
F:\WINDOWS\b138.exe
F:\WINDOWS\b143.exe
F:\WINDOWS\b147.exe
F:\WINDOWS\b999.exe
F:\WINDOWS\mcroso~1.net
F:\WINDOWS\pppatc~1
F:\WINDOWS\pppatc~1\?ppPatch\
F:\WINDOWS\pppatc~1\logonui.exe
F:\WINDOWS\system32\atmtd.dll
F:\WINDOWS\system32\atmtd.dll._
F:\WINDOWS\system32\bszip.dll
F:\WINDOWS\system32\cmd.com
F:\WINDOWS\system32\netstat.com
F:\WINDOWS\system32\ping.com
F:\WINDOWS\system32\regedit.com
F:\WINDOWS\system32\snyvuut.dll
F:\WINDOWS\system32\svcp.csv
F:\WINDOWS\system32\taskkill.com
F:\WINDOWS\system32\tasklist.com
F:\WINDOWS\system32\tracert.com
F:\WINDOWS\system32\tsuninst.exe
F:\WINDOWS\system32\version69ie7fix.dll
F:\WINDOWS\system32\winnb58.dll
F:\WINDOWS\system32\winsub.xml
F:\WINDOWS\system32\wnsintisv32.exe
F:\WINDOWS\uninstall_nmon.vbs
F:\WINDOWS\VGltbQ\asappsrv.dll
F:\WINDOWS\VGltbQ\command.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\Network Monitor


((((((((((((((((((((((((( Files Created from 2007-09-08 to 2007-10-08 )))))))))))))))))))))))))))))))
.

2007-10-08 18:24 51,200 --a------ F:\WINDOWS\NirCmd.exe
2007-10-07 11:36 <DIR> d-------- F:\Program Files\Temporary
2007-10-06 14:30 <DIR> d-------- F:\Program Files\Bazooka Scanner
2007-10-06 08:04 <DIR> d-------- F:\Program Files\MTV Networks
2007-10-06 00:36 6,400 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\splitter.sys
2007-10-06 00:35 539,136 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\msftedit.dll
2007-10-06 00:16 6,058,496 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-10-06 00:16 52,224 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-10-06 00:16 459,264 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-10-06 00:16 383,488 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-10-06 00:16 267,776 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-10-06 00:16 2,455,488 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2007-10-06 00:16 13,824 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-10-06 00:14 <DIR> d-------- F:\9e6c56b35e4743da6ed39e42f523e2
2007-10-05 23:40 <DIR> d-------- F:\WINDOWS\ServicePackFiles
2007-10-05 22:54 77,312 --a------ F:\WINDOWS\SYSTEM32\browser.dll
2007-10-05 22:54 614,912 --a------ F:\WINDOWS\SYSTEM32\h323msp.dll
2007-10-05 22:54 40,960 --a------ F:\WINDOWS\SYSTEM32\mf3216.dll
2007-10-05 22:54 40,960 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\evtgprov.dll
2007-10-05 22:54 331,264 --a------ F:\WINDOWS\SYSTEM32\ipnathlp.dll
2007-10-05 22:53 66,560 --a------ F:\WINDOWS\SYSTEM32\mtxclu.dll
2007-10-05 22:53 581,120 --a------ F:\WINDOWS\SYSTEM32\rpcrt4.dll
2007-10-05 22:53 397,824 --a------ F:\WINDOWS\SYSTEM32\rpcss.dll
2007-10-05 22:53 243,200 --a------ F:\WINDOWS\SYSTEM32\es.dll
2007-10-05 22:53 101,376 --a------ F:\WINDOWS\SYSTEM32\txflog.dll
2007-10-05 22:53 1,285,120 --a------ F:\WINDOWS\SYSTEM32\ole32.dll
2007-10-05 22:49 239,104 --a------ F:\WINDOWS\SYSTEM32\srrstr.dll
2007-10-05 22:38 18,944 --a------ F:\WINDOWS\SYSTEM32\qmgrprxy.dll
2007-10-05 21:01 5,632 --a--c--- F:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_adsiisex.dll
2007-10-05 21:01 2,134,528 --a--c--- F:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_smtpsnap.dll
2007-10-05 21:01 175,104 --a--c--- F:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_smtpadm.dll
2007-10-05 21:00 170,496 --a------ F:\WINDOWS\SYSTEM32\LXCASUI.DLL
2007-10-05 20:55 52,864 --a------ F:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys
2007-10-05 20:49 57,472 --a------ F:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys
2007-10-05 20:45 40,840 --a------ F:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys
2007-10-05 20:43 74,752 --a------ F:\WINDOWS\SYSTEM32\storprop.dll
2007-10-05 20:43 24,661 --a--c--- F:\WINDOWS\SYSTEM32\DLLCACHE\spxcoins.dll
2007-10-05 20:43 24,661 --a------ F:\WINDOWS\SYSTEM32\spxcoins.dll
2007-10-05 20:43 13,312 --a--c--- F:\WINDOWS\SYSTEM32\DLLCACHE\irclass.dll
2007-10-05 20:43 13,312 --a------ F:\WINDOWS\SYSTEM32\irclass.dll
2007-10-05 20:43 11,264 --a------ F:\WINDOWS\SYSTEM32\DRIVERS\irenum.sys
2007-10-02 16:03 35,840 -ra------ F:\WINDOWS\tsitra11.exe
2007-10-01 19:22 <DIR> d-------- F:\WINDOWS\kifz
2007-10-01 15:52 <DIR> d--hs---- F:\WINDOWS\VGltbQ
2007-10-01 15:52 <DIR> d-------- F:\Documents and Settings\LocalService\Application Data\NetMon
2007-10-01 15:52 <DIR> d-------- F:\Documents and Settings\LocalService\Application Data\NetMon
2007-10-01 15:52 <DIR> d-------- F:\Documents and Settings\LocalService\Application Data\NetMon
2007-09-29 14:17 <DIR> d-------- F:\House Stuff
2007-09-16 12:13 <DIR> d-------- F:\Incomplete
2007-09-16 12:06 <DIR> d-------- F:\Program Files\LimeWire
2007-09-11 08:05 271,224 --a------ F:\WINDOWS\SYSTEM32\mucltui.dll
2007-09-10 21:04 <DIR> d-------- F:\Documents and Settings\Jessica\Application Data\OfficeUpdate12
2007-09-10 21:03 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-09-09 16:57 65,536 --a------ F:\WINDOWS\SYSTEM32\A3d.dll
2007-09-09 16:57 61,440 --a------ F:\WINDOWS\MIDIDEF.EXE
2007-09-09 16:57 39,936 -ra------ F:\WINDOWS\SYSTEM32\P16X.dll
2007-09-09 16:57 33,792 -ra------ F:\WINDOWS\SYSTEM32\P16Xres.dll
2007-09-09 16:57 24,576 --a------ F:\WINDOWS\MIXERDEF.EXE
2007-09-09 16:57 1,293,440 -ra------ F:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-05 22:02 --------- d-------- F:\Documents and Settings\Timm\Application Data\MSN6
2007-10-05 21:26 --------- d--h----- F:\Program Files\InstallShield Installation Information
2007-09-10 22:36 --------- d-------- F:\Program Files\Windows Media Connect 2
2007-09-04 17:00 --------- d-------- F:\Program Files\eMule
2007-08-21 21:49 --------- d-------- F:\Documents and Settings\All Users\Application Data\1Click DVD Copy
2007-08-21 18:47 --------- d-------- F:\Documents and Settings\Timm\Application Data\1clickdvdcopy
2007-08-19 19:04 --------- d-------- F:\Program Files\1Click DVD Copy 5
2007-08-19 19:00 --------- d-------- F:\Documents and Settings\All Users\Application Data\vsosdk
2007-08-19 18:16 --------- d-------- F:\Documents and Settings\Timm\Application Data\Vso
2007-08-19 18:13 87608 --a------ F:\Documents and Settings\Timm\Application Data\ezpinst.exe
2007-08-19 18:13 47360 --a------ F:\WINDOWS\system32\drivers\pcouffin.sys
2007-08-19 18:13 47360 --a------ F:\Documents and Settings\Timm\Application Data\pcouffin.sys
2007-08-15 11:45 524288 --a------ F:\WINDOWS\opuc.dll
2007-08-13 18:54 413696 --a------ F:\WINDOWS\SYSTEM32\vbscript.dll
2007-08-13 18:54 156160 --a------ F:\WINDOWS\SYSTEM32\msls31.dll
2007-08-13 18:45 78336 --a------ F:\WINDOWS\SYSTEM32\ieencode.dll
2007-08-13 18:44 40960 --a------ F:\WINDOWS\SYSTEM32\licmgr10.dll
2007-08-13 18:39 71680 --a------ F:\WINDOWS\SYSTEM32\admparse.dll
2007-08-13 18:39 55296 --a------ F:\WINDOWS\SYSTEM32\iesetup.dll
2007-08-13 18:36 36352 --a------ F:\WINDOWS\SYSTEM32\imgutil.dll
2007-08-13 18:32 45568 --a------ F:\WINDOWS\SYSTEM32\mshta.exe
2007-08-13 18:01 48128 --a------ F:\WINDOWS\SYSTEM32\mshtmler.dll
2007-08-10 17:46 --------- d-------- F:\Documents and Settings\Timm\Application Data\BitTorrent
2007-08-10 17:25 --------- d-------- F:\Program Files\BitTorrent
2007-07-30 19:19 92504 --a------ F:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 19:19 549720 --a------ F:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 19:19 53080 --a------ F:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 19:19 43352 --a------ F:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 19:19 325976 --a------ F:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 19:19 203096 --a------ F:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 19:19 1712984 --a------ F:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 19:18 33624 --a------ F:\WINDOWS\SYSTEM32\wups.dll
2007-07-30 19:18 207736 --a------ F:\WINDOWS\SYSTEM32\muweb.dll
2007-07-23 16:08 737280 --a------ F:\WINDOWS\iun6002.exe
2007-05-27 04:50 1547 --a------ F:\Program Files\plugin.inf
2007-05-27 04:49 181968 --a------ F:\Program Files\addrmap.dat
2005-10-27 16:36 13569536 --a--c--- F:\Program Files\Adobe Premiere Elements 2.0.msi
2004-02-03 19:04 560 --a------ F:\Documents and Settings\Timm\PCDOC.BAT
2005-07-29 20:24:26 472 --sha-r F:\WINDOWS\VGltbQ\p35Qvk.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}"= F:\WINDOWS\system32\version69ie7fix.dll [ ]

[HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}]
[HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2003-10-06 15:16]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 13:26]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 F:\WINDOWS\BCMSMMSG.exe]
"nwiz"="nwiz.exe" [2003-10-06 15:16 F:\WINDOWS\SYSTEM32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-26 21:02]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 10:40]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
"NvMediaCenter"=RUNDLL32.EXE F:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - F:\Program Files\Digital Line Detect\DLG.exe [2002-11-12 21:00:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
"C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
C:\WINDOWS\System32\hphmon04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
"C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
C:\PROGRA~1\NORTON~1\navapw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDRealtime]
C:\WINDOWS\realtime.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

R1 cdrbsvsd;cdrbsvsd;F:\WINDOWS\system32\drivers\cdrbsvsd.sys
S2 RZFTWGSH;RZFTWGSH;\??\C:\WINDOWS\system32\rzftwgsh.nkt
S3 BCMModem;BCM V.92 56K Modem;F:\WINDOWS\system32\DRIVERS\BCMSM.sys
S3 Dot4 HPH11;Dot4 HPH11;F:\WINDOWS\system32\DRIVERS\hphid411.sys
S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11;F:\WINDOWS\system32\DRIVERS\hphipr11.sys
S3 Dot4Usb HPH11;Dot4Usb HPH11;F:\WINDOWS\system32\drivers\hphius11.sys
S3 NMSCFG;NIC Management Service Configuration Driver;\??\C:\WINDOWS\System32\drivers\NMSCFG.SYS
S3 NMSSvc;Intel® NMS;C:\WINDOWS\System32\NMSSvc.exe
S4 hpt3xx;hpt3xx;F:\WINDOWS\system32\DRIVERS\hpt3xx.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80ee6c1e-ec5f-11db-ad22-806d6172696f}]
play\Command- "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"

.
Contents of the 'Scheduled Tasks' folder
"2007-10-08 20:08:00 F:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 18:37:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-08 18:59:44 - machine was rebooted
F:\ComboFix-quarantined-files.txt ... 2007-10-08 18:59
.
--- E O F ---


And the new Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 7:06:34 PM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
F:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
F:\WINDOWS\Explorer.EXE
C:\Program Files\dvd43\dvd43_tray.exe
F:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
F:\WINDOWS\system32\taskmgr.exe
F:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
F:\Documents and Settings\Timm\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by133w.bay133...es/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1189473934234
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe



Hope this helps. Thanks.

#4 __RiP_ChAiN_

__RiP_ChAiN_

    GeekU Teacher

  • Authentic Member
  • PipPip
  • 142 posts

Posted 08 October 2007 - 10:27 PM

Hello slimmie,

Using Add Or Remove Programs remove the following entries (if present): (To get into add Or Remove Programs press the START button > Control Panel > Add Or Remove Programs.)

Command
LimeWire 4.14.8
Mirar
Network Monitor
OIN
Outerinfo


A. Please RUN HijackThis
B. 1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\rzftwgsh.nkt
F:\WINDOWS\tsitra11.exe

Folder::
F:\WINDOWS\kifz
F:\WINDOWS\VGltbQ
F:\Documents and Settings\LocalService\Application Data\NetMon
F:\Incomplete
F:\Program Files\LimeWire
F:\Program Files\eMule

Driver::
RZFTWGSH



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Posted Image

#5 slimmie

slimmie

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 09 October 2007 - 04:54 PM

[b]ComboFix Log[/b]

ComboFix 07-10-07.2 - Timm 2007-10-09 18:35:18.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.88 [GMT -4:00]
Running from: F:\Documents and Settings\Timm\Desktop\ComboFix.exe
Command switches used :: F:\Documents and Settings\Timm\Desktop\CFscript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\rzftwgsh.nkt
F:\WINDOWS\tsitra11.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Documents and Settings\LocalService\Application Data\NetMon
F:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
F:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
F:\Incomplete
F:\Incomplete\downloads.bak
F:\Incomplete\downloads.dat
F:\Incomplete\T-186308-Tiger Lilly.mp3
F:\Incomplete\T-3454143-deb talan - two points.mp3
F:\Incomplete\T-3488791-Matchbook Romance - Midnight.mp3
F:\Incomplete\T-3892067-Matchbook Romance - Monsters.mp3
F:\Incomplete\T-3930399-Deb Talan - Comfort.mp3
F:\Incomplete\T-4568141-Deb Talan - 05 - My Favorite Coat.wma
F:\Incomplete\T-4845529-Deb Talan - 09 - Wild Horse.wma
F:\Incomplete\T-5176605-Deb Talan - 07 - Thanksgiving.wma
F:\Incomplete\T-5279860-Deb_Talan-Ashes_on_Your_Eyes-11.wma
F:\Incomplete\T-6333462-David Gray - Be Mine.mp3
F:\Incomplete\T-6590389-Deb Talan - 03 - The Gladdest Thing.wma
F:\Incomplete\T-6702378-secondhand serenade-i hate this song.mp3
F:\Program Files\eMule
F:\Program Files\eMule\Temp1.part
F:\Program Files\eMule\Temp1.part.met
F:\Program Files\eMule\Temp1.part.met.bak
F:\Program Files\eMule\Temp2.part
F:\Program Files\eMule\Temp2.part.met
F:\Program Files\eMule\Temp2.part.met.bak
F:\WINDOWS\kifz
F:\WINDOWS\kifz\wu
F:\WINDOWS\tsitra11.exe
F:\WINDOWS\VGltbQ
F:\WINDOWS\VGltbQ\p35Qvk.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_RZFTWGSH
-------\RZFTWGSH


((((((((((((((((((((((((( Files Created from 2007-09-09 to 2007-10-09 )))))))))))))))))))))))))))))))
.

2007-10-08 18:24 51,200 --a------ F:\WINDOWS\NirCmd.exe
2007-10-07 11:36 <DIR> d-------- F:\Program Files\Temporary
2007-10-06 14:30 <DIR> d-------- F:\Program Files\Bazooka Scanner
2007-10-06 08:04 <DIR> d-------- F:\Program Files\MTV Networks
2007-10-06 00:36 6,400 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\splitter.sys
2007-10-06 00:35 539,136 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\msftedit.dll
2007-10-06 00:16 6,058,496 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-10-06 00:16 52,224 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-10-06 00:16 459,264 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-10-06 00:16 383,488 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-10-06 00:16 267,776 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-10-06 00:16 2,455,488 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2007-10-06 00:16 13,824 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-10-06 00:14 <DIR> d-------- F:\9e6c56b35e4743da6ed39e42f523e2
2007-10-05 23:40 <DIR> d-------- F:\WINDOWS\ServicePackFiles
2007-10-05 22:54 77,312 --a------ F:\WINDOWS\SYSTEM32\browser.dll
2007-10-05 22:54 614,912 --a------ F:\WINDOWS\SYSTEM32\h323msp.dll
2007-10-05 22:54 40,960 --a------ F:\WINDOWS\SYSTEM32\mf3216.dll
2007-10-05 22:54 40,960 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\evtgprov.dll
2007-10-05 22:54 331,264 --a------ F:\WINDOWS\SYSTEM32\ipnathlp.dll
2007-10-05 22:53 66,560 --a------ F:\WINDOWS\SYSTEM32\mtxclu.dll
2007-10-05 22:53 581,120 --a------ F:\WINDOWS\SYSTEM32\rpcrt4.dll
2007-10-05 22:53 397,824 --a------ F:\WINDOWS\SYSTEM32\rpcss.dll
2007-10-05 22:53 243,200 --a------ F:\WINDOWS\SYSTEM32\es.dll
2007-10-05 22:53 101,376 --a------ F:\WINDOWS\SYSTEM32\txflog.dll
2007-10-05 22:53 1,285,120 --a------ F:\WINDOWS\SYSTEM32\ole32.dll
2007-10-05 22:49 239,104 --a------ F:\WINDOWS\SYSTEM32\srrstr.dll
2007-10-05 22:38 18,944 --a------ F:\WINDOWS\SYSTEM32\qmgrprxy.dll
2007-10-05 21:01 5,632 --a--c--- F:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_adsiisex.dll
2007-10-05 21:01 2,134,528 --a--c--- F:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_smtpsnap.dll
2007-10-05 21:01 175,104 --a--c--- F:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_smtpadm.dll
2007-10-05 21:00 170,496 --a------ F:\WINDOWS\SYSTEM32\LXCASUI.DLL
2007-10-05 20:55 52,864 --a------ F:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys
2007-10-05 20:49 57,472 --a------ F:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys
2007-10-05 20:45 40,840 --a------ F:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys
2007-10-05 20:43 74,752 --a------ F:\WINDOWS\SYSTEM32\storprop.dll
2007-10-05 20:43 24,661 --a--c--- F:\WINDOWS\SYSTEM32\DLLCACHE\spxcoins.dll
2007-10-05 20:43 24,661 --a------ F:\WINDOWS\SYSTEM32\spxcoins.dll
2007-10-05 20:43 13,312 --a--c--- F:\WINDOWS\SYSTEM32\DLLCACHE\irclass.dll
2007-10-05 20:43 13,312 --a------ F:\WINDOWS\SYSTEM32\irclass.dll
2007-10-05 20:43 11,264 --a------ F:\WINDOWS\SYSTEM32\DRIVERS\irenum.sys
2007-09-29 14:17 <DIR> d-------- F:\House Stuff
2007-09-11 08:05 271,224 --a------ F:\WINDOWS\SYSTEM32\mucltui.dll
2007-09-10 21:04 <DIR> d-------- F:\Documents and Settings\Jessica\Application Data\OfficeUpdate12
2007-09-10 21:03 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-09-09 16:57 65,536 --a------ F:\WINDOWS\SYSTEM32\A3d.dll
2007-09-09 16:57 61,440 --a------ F:\WINDOWS\MIDIDEF.EXE
2007-09-09 16:57 39,936 -ra------ F:\WINDOWS\SYSTEM32\P16X.dll
2007-09-09 16:57 33,792 -ra------ F:\WINDOWS\SYSTEM32\P16Xres.dll
2007-09-09 16:57 24,576 --a------ F:\WINDOWS\MIXERDEF.EXE
2007-09-09 16:57 1,293,440 -ra------ F:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-05 22:02 --------- d-------- F:\Documents and Settings\Timm\Application Data\MSN6
2007-10-05 21:26 --------- d--h----- F:\Program Files\InstallShield Installation Information
2007-09-10 22:36 --------- d-------- F:\Program Files\Windows Media Connect 2
2007-08-21 21:49 --------- d-------- F:\Documents and Settings\All Users\Application Data\1Click DVD Copy
2007-08-21 18:47 --------- d-------- F:\Documents and Settings\Timm\Application Data\1clickdvdcopy
2007-08-19 19:04 --------- d-------- F:\Program Files\1Click DVD Copy 5
2007-08-19 19:00 --------- d-------- F:\Documents and Settings\All Users\Application Data\vsosdk
2007-08-19 18:16 --------- d-------- F:\Documents and Settings\Timm\Application Data\Vso
2007-08-19 18:13 87608 --a------ F:\Documents and Settings\Timm\Application Data\ezpinst.exe
2007-08-19 18:13 47360 --a------ F:\WINDOWS\system32\drivers\pcouffin.sys
2007-08-19 18:13 47360 --a------ F:\Documents and Settings\Timm\Application Data\pcouffin.sys
2007-08-15 11:45 524288 --a------ F:\WINDOWS\opuc.dll
2007-08-13 18:54 413696 --a------ F:\WINDOWS\SYSTEM32\vbscript.dll
2007-08-13 18:54 156160 --a------ F:\WINDOWS\SYSTEM32\msls31.dll
2007-08-13 18:45 78336 --a------ F:\WINDOWS\SYSTEM32\ieencode.dll
2007-08-13 18:44 40960 --a------ F:\WINDOWS\SYSTEM32\licmgr10.dll
2007-08-13 18:39 71680 --a------ F:\WINDOWS\SYSTEM32\admparse.dll
2007-08-13 18:39 55296 --a------ F:\WINDOWS\SYSTEM32\iesetup.dll
2007-08-13 18:36 36352 --a------ F:\WINDOWS\SYSTEM32\imgutil.dll
2007-08-13 18:32 45568 --a------ F:\WINDOWS\SYSTEM32\mshta.exe
2007-08-13 18:01 48128 --a------ F:\WINDOWS\SYSTEM32\mshtmler.dll
2007-08-10 17:46 --------- d-------- F:\Documents and Settings\Timm\Application Data\BitTorrent
2007-08-10 17:25 --------- d-------- F:\Program Files\BitTorrent
2007-07-30 19:19 92504 --a------ F:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 19:19 549720 --a------ F:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 19:19 53080 --a------ F:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 19:19 43352 --a------ F:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 19:19 325976 --a------ F:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 19:19 203096 --a------ F:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 19:19 1712984 --a------ F:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 19:18 33624 --a------ F:\WINDOWS\SYSTEM32\wups.dll
2007-07-30 19:18 207736 --a------ F:\WINDOWS\SYSTEM32\muweb.dll
2007-07-23 16:08 737280 --a------ F:\WINDOWS\iun6002.exe
2007-05-27 04:50 1547 --a------ F:\Program Files\plugin.inf
2007-05-27 04:49 181968 --a------ F:\Program Files\addrmap.dat
2005-10-27 16:36 13569536 --a--c--- F:\Program Files\Adobe Premiere Elements 2.0.msi
2004-02-03 19:04 560 --a------ F:\Documents and Settings\Timm\PCDOC.BAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}"= F:\WINDOWS\system32\version69ie7fix.dll [ ]

[HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}]
[HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2003-10-06 15:16]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 13:26]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 F:\WINDOWS\BCMSMMSG.exe]
"nwiz"="nwiz.exe" [2003-10-06 15:16 F:\WINDOWS\SYSTEM32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-26 21:02]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 10:40]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
"NvMediaCenter"=RUNDLL32.EXE F:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

F:\Documents and Settings\Jessica\Start Menu\Programs\Startup\
HotSync Manager.lnk - F:\Program Files\Sony Handheld\HOTSYNC.EXE [2002-08-09 17:36:20]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - F:\Program Files\Digital Line Detect\DLG.exe [2002-11-12 21:00:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
"C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
C:\WINDOWS\System32\hphmon04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
"C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
C:\PROGRA~1\NORTON~1\navapw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDRealtime]
C:\WINDOWS\realtime.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

R1 cdrbsvsd;cdrbsvsd;F:\WINDOWS\system32\drivers\cdrbsvsd.sys
S3 BCMModem;BCM V.92 56K Modem;F:\WINDOWS\system32\DRIVERS\BCMSM.sys
S3 Dot4 HPH11;Dot4 HPH11;F:\WINDOWS\system32\DRIVERS\hphid411.sys
S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11;F:\WINDOWS\system32\DRIVERS\hphipr11.sys
S3 Dot4Usb HPH11;Dot4Usb HPH11;F:\WINDOWS\system32\drivers\hphius11.sys
S3 NMSCFG;NIC Management Service Configuration Driver;\??\C:\WINDOWS\System32\drivers\NMSCFG.SYS
S3 NMSSvc;Intel® NMS;C:\WINDOWS\System32\NMSSvc.exe
S4 hpt3xx;hpt3xx;F:\WINDOWS\system32\DRIVERS\hpt3xx.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80ee6c1e-ec5f-11db-ad22-806d6172696f}]
play\Command- "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"

.
Contents of the 'Scheduled Tasks' folder
"2007-10-09 20:08:00 F:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 18:40:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-09 18:44:09 - machine was rebooted
F:\ComboFix-quarantined-files.txt ... 2007-10-09 18:44
F:\ComboFix2.txt ... 2007-10-08 18:59
.
--- E O F ---



Hijackthis Log

Logfile of HijackThis v1.99.1
Scan saved at 6:45:32 PM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
F:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
F:\WINDOWS\Explorer.EXE
C:\Program Files\dvd43\dvd43_tray.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
F:\WINDOWS\system32\notepad.exe
F:\Documents and Settings\Timm\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by133w.bay133...es/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1189473934234
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

#6 __RiP_ChAiN_

__RiP_ChAiN_

    GeekU Teacher

  • Authentic Member
  • PipPip
  • 142 posts

Posted 09 October 2007 - 10:33 PM

Hello slimmie,

Your logs are looking good, how is your computer running?
Posted Image

#7 slimmie

slimmie

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 10 October 2007 - 06:33 PM

Seems to be doing fine. And no sign of the annoying toolbars or pop-ups. Thanks, I really appreciate all your help. :thumbup:

#8 __RiP_ChAiN_

__RiP_ChAiN_

    GeekU Teacher

  • Authentic Member
  • PipPip
  • 142 posts

Posted 11 October 2007 - 10:19 AM

Hello slimmie,

Let's do one last virus scan to make sure that we got everything, since this was a pretty infected computer.

Lets run an F-Secure online scan for Viruses, Spyware and RootKits:
  • [*Go to http://support.f-sec.../home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient

Posted Image

#9 slimmie

slimmie

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 11 October 2007 - 07:45 PM

Ok, here you go. The F-secure Log.......... Scanning Report Thursday, October 11, 2007 17:55:58 - 21:42:54 Computer name: CAPPELLS Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ F:\ -------------------------------------------------------------------------------- Result: 117 malware found Adware.Mirar (spyware) System (Disinfected) Backdoor.Win32.EggDrop.v (virus) C:\ONOES.EXE (Renamed & Submitted) F:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP40\A0007053.EXE (Renamed & Submitted) Possible Browser Hijack attempt (spyware) System (Disinfected) Targetsaver (spyware) System (Disinfected) Tracking Cookie (spyware) System (Disinfected) System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System System Trojan-Downloader.Win32.Adload.lv (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP97\A0019484.EXE (Renamed & Submitted) C:\PROGRAM FILES\WINABLE\WINABLE.EXE (Renamed & Submitted) F:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP40\A0007035.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Agent.buo (virus) F:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP40\A0007039.EXE (Renamed) F:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP40\A0007118.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Agent.cbx (virus) F:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP40\A0007026.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Agent.dlx (virus) F:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP40\A0007027.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Agent.dpn (virus) F:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP40\A0007024.EXE (Renamed & Submitted) F:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP29\A0006348.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Agent.duy (virus) F:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP28\A0006323.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Agent.dve (virus) F:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP41\A0007142.EXE (Renamed & Submitted) F:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP30\A0006360.EXE (Renamed & Submitted) Trojan-Downloader.Win32.PurityScan.dx (virus) F:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP40\A0007036.EXE (Renamed & Submitted) Trojan-Downloader.Win32.PurityScan.eg (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP95\A0019420.EXE (Renamed) Trojan-Downloader.Win32.PurityScan.eh (virus) C:\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN.EXE (Renamed & Submitted) Trojan-Downloader.Win32.TSUpdate.f (virus) C:\PROGRAM FILES\COMMON FILES\KIFZ\KIFZP.EXE (Renamed & Submitted) Trojan-Downloader.Win32.TSUpdate.l (virus) C:\PROGRAM FILES\COMMON FILES\KIFZ\KIFZA.EXE (Renamed & Submitted) Trojan-Downloader.Win32.TSUpdate.n (virus) C:\PROGRAM FILES\COMMON FILES\KIFZ\KIFZM.EXE Trojan-Downloader.Win32.TSUpdate.p (virus) C:\PROGRAM FILES\COMMON FILES\KIFZ\KIFZL.EXE (Renamed & Submitted) Trojan.Win32.Agent.bnd (virus) C:\PROGRAM FILES\INSIDER\INSIDER.EXE (Renamed & Submitted) C:\PROGRAM FILES\INSIDER\UNINSTALL.EXE (Renamed & Submitted) F:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP40\A0007028.EXE (Renamed & Submitted) F:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP40\A0007033.EXE (Renamed & Submitted) Trojan.Win32.Agent.bqn (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP97\A0019483.EXE (Renamed & Submitted) C:\PROGRAM FILES\TEMPORARY\WININSTALL.EXE (Renamed & Submitted) W32/DLoader.BFLL.dropper (virus) F:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP40\A0007021.EXE W32/NetMon.C (virus) C:\PROGRAM FILES\NETWORK MONITOR\NETMON.EXE (Submitted) W32/PurityScan.BGU.dropper (virus) C:\PROGRAM FILES\OUTERINFO\OIUNINSTALLER.EXE (Submitted) W32/VBWorm.MYT (virus) C:\WINDOWS\SYSTEM32\BSZIP.DLL (Submitted) F:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP40\A0007042.DLL (Submitted) -------------------------------------------------------------------------------- Statistics Scanned: Files: 104996 System: 4975 Not scanned: 3 Actions: Disinfected: 4 Renamed: 26 Deleted: 0 None: 87 Submitted: 28 Files not scanned: F:\PAGEFILE.SYS F:\WINDOWS\SYSTEM32\CONFIG\DEFAULT F:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{1DA7D1B0-808F-46B7-ACED-D596B0D9F521}.BIN -------------------------------------------------------------------------------- Options Scanning engines: F-Secure Libra: 2.4.2, 2007-10-10 F-Secure AVP: 7.0.171, 2007-10-11 F-Secure Orion: 1.2.37, 2007-10-11 F-Secure Blacklight: 1.0.64 F-Secure Draco: 1.0.35, 0597-150-72 F-Secure Pegasus: 1.19.0, 2007-09-11 Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX Use Advanced heuristics

#10 __RiP_ChAiN_

__RiP_ChAiN_

    GeekU Teacher

  • Authentic Member
  • PipPip
  • 142 posts

Posted 12 October 2007 - 10:52 AM

Hello slimmie,

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\SYSTEM32\BSZIP.DLL
Folder::
C:\PROGRAM FILES\COMMON FILES\KIFZ
C:\PROGRAM FILES\INSIDER
C:\PROGRAM FILES\TEMPORARY
C:\PROGRAM FILES\NETWORK MONITOR
C:\PROGRAM FILES\OUTERINFO



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Posted Image

#11 slimmie

slimmie

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 13 October 2007 - 10:49 AM

Ok, here you go.

Combofix Log

ComboFix 07-10-07.2 - Timm 2007-10-13 12:38:14.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.88 [GMT -4:00]
Running from: F:\Documents and Settings\Timm\Desktop\ComboFix.exe
Command switches used :: F:\Documents and Settings\Timm\Desktop\CFscript.txt
* Created a new restore point

FILE::
C:\WINDOWS\SYSTEM32\BSZIP.DLL
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRAM FILES\COMMON FILES\KIFZ
C:\PROGRAM FILES\COMMON FILES\KIFZ\KIFZA.0XE
C:\PROGRAM FILES\COMMON FILES\KIFZ\kifzd\class-barrel
C:\PROGRAM FILES\COMMON FILES\KIFZ\kifzd\kifzc.dll
C:\PROGRAM FILES\COMMON FILES\KIFZ\kifzd\vocabulary
C:\PROGRAM FILES\COMMON FILES\KIFZ\KIFZL.0XE
C:\PROGRAM FILES\COMMON FILES\KIFZ\KIFZP.0XE
C:\PROGRAM FILES\INSIDER
C:\PROGRAM FILES\INSIDER\INSIDER.0XE
C:\PROGRAM FILES\INSIDER\UNINSTALL.0XE
C:\PROGRAM FILES\NETWORK MONITOR
C:\PROGRAM FILES\NETWORK MONITOR\netmon.exe
C:\PROGRAM FILES\OUTERINFO
C:\PROGRAM FILES\OUTERINFO\OiUninstaller.exe
C:\PROGRAM FILES\OUTERINFO\outerinfo.ico
C:\PROGRAM FILES\OUTERINFO\Terms.rtf
C:\PROGRAM FILES\TEMPORARY
C:\PROGRAM FILES\TEMPORARY\WININSTALL.0XE
C:\WINDOWS\SYSTEM32\BSZIP.DLL

.
((((((((((((((((((((((((( Files Created from 2007-09-13 to 2007-10-13 )))))))))))))))))))))))))))))))
.

2007-10-09 18:52 582,656 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2007-10-08 18:24 51,200 --a------ F:\WINDOWS\NirCmd.exe
2007-10-07 11:36 <DIR> d-------- F:\Program Files\Temporary
2007-10-06 14:30 <DIR> d-------- F:\Program Files\Bazooka Scanner
2007-10-06 08:04 <DIR> d-------- F:\Program Files\MTV Networks
2007-10-06 00:36 6,400 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\splitter.sys
2007-10-06 00:35 539,136 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\msftedit.dll
2007-10-06 00:16 6,058,496 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-10-06 00:16 52,224 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-10-06 00:16 459,264 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-10-06 00:16 383,488 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-10-06 00:16 267,776 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-10-06 00:16 2,455,488 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2007-10-06 00:16 13,824 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-10-06 00:14 <DIR> d-------- F:\9e6c56b35e4743da6ed39e42f523e2
2007-10-05 23:40 <DIR> d-------- F:\WINDOWS\ServicePackFiles
2007-10-05 22:54 77,312 --a------ F:\WINDOWS\SYSTEM32\browser.dll
2007-10-05 22:54 614,912 --a------ F:\WINDOWS\SYSTEM32\h323msp.dll
2007-10-05 22:54 40,960 --a------ F:\WINDOWS\SYSTEM32\mf3216.dll
2007-10-05 22:54 40,960 -----c--- F:\WINDOWS\SYSTEM32\DLLCACHE\evtgprov.dll
2007-10-05 22:54 331,264 --a------ F:\WINDOWS\SYSTEM32\ipnathlp.dll
2007-10-05 22:53 66,560 --a------ F:\WINDOWS\SYSTEM32\mtxclu.dll
2007-10-05 22:53 582,656 --a------ F:\WINDOWS\SYSTEM32\rpcrt4.dll
2007-10-05 22:53 397,824 --a------ F:\WINDOWS\SYSTEM32\rpcss.dll
2007-10-05 22:53 243,200 --a------ F:\WINDOWS\SYSTEM32\es.dll
2007-10-05 22:53 101,376 --a------ F:\WINDOWS\SYSTEM32\txflog.dll
2007-10-05 22:53 1,285,120 --a------ F:\WINDOWS\SYSTEM32\ole32.dll
2007-10-05 22:49 239,104 --a------ F:\WINDOWS\SYSTEM32\srrstr.dll
2007-10-05 22:38 18,944 --a------ F:\WINDOWS\SYSTEM32\qmgrprxy.dll
2007-10-05 21:01 5,632 --a--c--- F:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_adsiisex.dll
2007-10-05 21:01 2,134,528 --a--c--- F:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_smtpsnap.dll
2007-10-05 21:01 175,104 --a--c--- F:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_smtpadm.dll
2007-10-05 21:00 170,496 --a------ F:\WINDOWS\SYSTEM32\LXCASUI.DLL
2007-10-05 20:55 52,864 --a------ F:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys
2007-10-05 20:49 57,472 --a------ F:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys
2007-10-05 20:45 40,840 --a------ F:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys
2007-10-05 20:43 74,752 --a------ F:\WINDOWS\SYSTEM32\storprop.dll
2007-10-05 20:43 24,661 --a--c--- F:\WINDOWS\SYSTEM32\DLLCACHE\spxcoins.dll
2007-10-05 20:43 24,661 --a------ F:\WINDOWS\SYSTEM32\spxcoins.dll
2007-10-05 20:43 13,312 --a--c--- F:\WINDOWS\SYSTEM32\DLLCACHE\irclass.dll
2007-10-05 20:43 13,312 --a------ F:\WINDOWS\SYSTEM32\irclass.dll
2007-10-05 20:43 11,264 --a------ F:\WINDOWS\SYSTEM32\DRIVERS\irenum.sys
2007-09-29 14:17 <DIR> d-------- F:\House Stuff

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-05 22:02 --------- d-------- F:\Documents and Settings\Timm\Application Data\MSN6
2007-10-05 21:26 --------- d--h----- F:\Program Files\InstallShield Installation Information
2007-09-10 22:36 --------- d-------- F:\Program Files\Windows Media Connect 2
2007-09-10 21:14 --------- d-------- F:\Documents and Settings\Jessica\Application Data\OfficeUpdate12
2007-09-10 21:03 --------- d-------- F:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-08-21 21:49 --------- d-------- F:\Documents and Settings\All Users\Application Data\1Click DVD Copy
2007-08-21 18:47 --------- d-------- F:\Documents and Settings\Timm\Application Data\1clickdvdcopy
2007-08-21 02:15 683520 --a------ F:\WINDOWS\SYSTEM32\inetcomm.dll
2007-08-19 19:04 --------- d-------- F:\Program Files\1Click DVD Copy 5
2007-08-19 19:00 --------- d-------- F:\Documents and Settings\All Users\Application Data\vsosdk
2007-08-19 18:16 --------- d-------- F:\Documents and Settings\Timm\Application Data\Vso
2007-08-19 18:13 87608 --a------ F:\Documents and Settings\Timm\Application Data\ezpinst.exe
2007-08-19 18:13 47360 --a------ F:\WINDOWS\system32\drivers\pcouffin.sys
2007-08-19 18:13 47360 --a------ F:\Documents and Settings\Timm\Application Data\pcouffin.sys
2007-08-15 11:45 524288 --a------ F:\WINDOWS\opuc.dll
2007-08-13 18:54 413696 --a------ F:\WINDOWS\SYSTEM32\vbscript.dll
2007-08-13 18:54 156160 --a------ F:\WINDOWS\SYSTEM32\msls31.dll
2007-08-13 18:45 78336 --a------ F:\WINDOWS\SYSTEM32\ieencode.dll
2007-08-13 18:44 40960 --a------ F:\WINDOWS\SYSTEM32\licmgr10.dll
2007-08-13 18:39 71680 --a------ F:\WINDOWS\SYSTEM32\admparse.dll
2007-08-13 18:39 55296 --a------ F:\WINDOWS\SYSTEM32\iesetup.dll
2007-08-13 18:36 36352 --a------ F:\WINDOWS\SYSTEM32\imgutil.dll
2007-08-13 18:32 45568 --a------ F:\WINDOWS\SYSTEM32\mshta.exe
2007-08-13 18:01 48128 --a------ F:\WINDOWS\SYSTEM32\mshtmler.dll
2007-07-30 19:19 92504 --a------ F:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 19:19 549720 --a------ F:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 19:19 53080 --a------ F:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 19:19 43352 --a------ F:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 19:19 325976 --a------ F:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 19:19 271224 --a------ F:\WINDOWS\SYSTEM32\mucltui.dll
2007-07-30 19:19 203096 --a------ F:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 19:19 1712984 --a------ F:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 19:18 33624 --a------ F:\WINDOWS\SYSTEM32\wups.dll
2007-07-30 19:18 207736 --a------ F:\WINDOWS\SYSTEM32\muweb.dll
2007-07-23 16:08 737280 --a------ F:\WINDOWS\iun6002.exe
2007-05-27 04:50 1547 --a------ F:\Program Files\plugin.inf
2007-05-27 04:49 181968 --a------ F:\Program Files\addrmap.dat
2005-10-27 16:36 13569536 --a--c--- F:\Program Files\Adobe Premiere Elements 2.0.msi
2004-02-03 19:04 560 --a------ F:\Documents and Settings\Timm\PCDOC.BAT
.

((((((((((((((((((((((((((((( snapshot@2007-10-08_18.38.24.43 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 14,048 2007-03-06 01:22:36 F:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 F:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
----a-w 124,928 2007-08-20 10:02:09 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 10:02:11 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 F:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 F:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 F:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 F:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 F:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 F:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
----a-w 683,520 2007-08-21 06:25:02 F:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 F:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 F:\WINDOWS\$hf_mig$\KB941202\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 F:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
-c----w 581,120 2004-08-04 07:56:44 F:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
-c----w 248,320 2007-03-09 11:28:00 F:\WINDOWS\$NtUninstallKB933729$\xpsp3res.dll
-c----w 213,216 2005-10-12 23:12:26 F:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 F:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
-c----w 683,520 2007-05-16 15:12:02 F:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
-c----w 213,216 2007-03-06 01:22:41 F:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 F:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
----a-w 500,120 2007-05-07 20:38:46 F:\WINDOWS\Downloaded Program Files\daas_s.dll
----a-w 192,920 2007-05-07 20:39:00 F:\WINDOWS\Downloaded Program Files\fsauc.dll
----a-w 254,360 2007-05-07 20:39:24 F:\WINDOWS\Downloaded Program Files\fscax.dll
-c----w 124,928 2007-06-27 14:34:51 F:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
-c----w 214,528 2007-08-13 22:35:38 F:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
-c----w 132,608 2007-06-27 14:34:51 F:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
-c----w 61,952 2007-08-13 22:36:26 F:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
-c----w 63,488 2007-06-27 08:27:04 F:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
-c----w 153,088 2007-06-27 14:34:51 F:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
-c----w 230,400 2007-06-27 14:34:51 F:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
-c----w 161,792 2007-06-27 07:00:33 F:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
-c----w 383,488 2007-06-27 14:34:51 F:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
-c----w 384,512 2007-06-27 14:34:51 F:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
-c----w 6,058,496 2007-06-27 14:34:55 F:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
-c----w 44,544 2007-06-27 14:34:55 F:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
-c----w 267,776 2007-06-27 14:34:55 F:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 F:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
-c----w 625,152 2007-06-27 08:27:30 F:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
-c----w 27,648 2007-06-27 14:34:56 F:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
-c----w 459,264 2007-06-27 14:34:56 F:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
-c----w 52,224 2007-06-27 14:34:56 F:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
-c----w 3,583,488 2007-07-19 04:00:00 F:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
-c----w 477,696 2007-06-27 14:34:57 F:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
-c----w 193,024 2007-06-27 14:34:58 F:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
-c----w 671,232 2007-06-27 14:34:58 F:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
-c----w 102,400 2007-06-27 14:34:58 F:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
-c----w 105,984 2007-06-27 14:34:58 F:\WINDOWS\ie7updates\KB939653-IE7\url.dll
-c----w 1,152,000 2007-06-27 14:34:58 F:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
-c----w 232,960 2007-06-27 14:34:59 F:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
-c----w 823,808 2007-06-27 14:34:59 F:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w 213,216 2007-03-06 01:22:41 F:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 F:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
----a-r 167,936 2007-10-09 23:08:32 F:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
----a-r 34,304 2007-10-09 23:08:32 F:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
----a-r 8,192 2007-10-09 23:08:32 F:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
----a-r 3,584 2007-10-09 23:08:32 F:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
----a-r 114,688 2007-10-09 23:08:32 F:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
----a-r 16,384 2007-10-09 23:08:32 F:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
----a-r 30,720 2007-10-09 23:08:32 F:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
----a-r 22,528 2007-10-09 23:08:32 F:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
----a-r 45,056 2007-10-09 23:08:32 F:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
----a-r 90,112 2007-10-09 23:08:32 F:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
----a-w 14,048 2005-10-12 23:12:25 F:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 F:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
----a-w 584,192 2007-07-09 13:09:42 F:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
----a-w 115,712 2007-06-13 06:53:14 F:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
----a-w 582,656 2007-07-09 13:16:16 F:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 F:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 F:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 F:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 F:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spuninst.exe
----a-w 124,928 2007-08-20 10:04:34 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieudinit.exe
----a-w 625,152 2007-08-17 10:21:21 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iexplore.exe
----a-w 27,648 2007-08-20 10:04:39 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\jsproxy.dll
----a-w 459,264 2007-08-20 10:04:39 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\occache.dll
----a-w 105,984 2007-08-20 10:04:42 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\wininet.dll
----a-w 124,928 2007-08-20 10:02:09 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\occache.dll
----a-w 105,984 2007-08-20 10:02:11 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 F:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 F:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 F:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
----a-w 683,520 2007-08-21 06:15:44 F:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
----a-w 683,520 2007-08-21 06:25:02 F:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 F:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 F:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 F:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
----a-w 124,928 2007-08-20 10:04:34 F:\WINDOWS\SYSTEM32\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 F:\WINDOWS\SYSTEM32\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 F:\WINDOWS\SYSTEM32\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 F:\WINDOWS\SYSTEM32\icardie.dll
------w 63,488 2007-08-17 10:20:54 F:\WINDOWS\SYSTEM32\ie4uinit.exe
------w 153,088 2007-08-20 10:04:34 F:\WINDOWS\SYSTEM32\ieakeng.dll
------w 230,400 2007-08-20 10:04:35 F:\WINDOWS\SYSTEM32\ieaksie.dll
------w 161,792 2007-08-17 07:34:25 F:\WINDOWS\SYSTEM32\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 F:\WINDOWS\SYSTEM32\ieapfltr.dll
------w 384,512 2007-08-20 10:04:35 F:\WINDOWS\SYSTEM32\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 F:\WINDOWS\SYSTEM32\ieframe.dll
------w 44,544 2007-08-20 10:04:38 F:\WINDOWS\SYSTEM32\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 F:\WINDOWS\SYSTEM32\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 F:\WINDOWS\SYSTEM32\ieudinit.exe
------w 27,648 2007-08-20 10:04:39 F:\WINDOWS\SYSTEM32\jsproxy.dll
----a-w 18,089,592 2007-09-28 05:19:39 F:\WINDOWS\SYSTEM32\MRT.exe
----a-w 459,264 2007-08-20 10:04:39 F:\WINDOWS\SYSTEM32\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 F:\WINDOWS\SYSTEM32\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 F:\WINDOWS\SYSTEM32\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 F:\WINDOWS\SYSTEM32\mshtmled.dll
------w 193,024 2007-08-20 10:04:41 F:\WINDOWS\SYSTEM32\msrating.dll
------w 671,232 2007-08-20 10:04:42 F:\WINDOWS\SYSTEM32\mstime.dll
------w 102,400 2007-08-20 10:04:42 F:\WINDOWS\SYSTEM32\occache.dll
----a-w 105,984 2007-08-20 10:04:42 F:\WINDOWS\SYSTEM32\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 F:\WINDOWS\SYSTEM32\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 F:\WINDOWS\SYSTEM32\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 F:\WINDOWS\SYSTEM32\wininet.dll
----a-w 350,720 2007-06-19 07:24:36 F:\WINDOWS\SYSTEM32\xpsp3res.dll
-c----w 124,928 2007-08-20 10:04:34 F:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
-c----w 214,528 2007-08-20 10:04:34 F:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
-c----w 132,608 2007-08-20 10:04:34 F:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
-c----w 63,488 2007-08-20 10:04:34 F:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
-c----w 63,488 2007-08-17 10:20:54 F:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
-c----w 153,088 2007-08-20 10:04:34 F:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
-c----w 230,400 2007-08-20 10:04:35 F:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
-c----w 161,792 2007-08-17 07:34:25 F:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
-c----w 384,512 2007-08-20 10:04:35 F:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
-c----w 44,544 2007-08-20 10:04:38 F:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
-c--a-w 625,152 2007-08-17 10:21:21 F:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
-c--a-w 683,520 2007-08-21 06:15:44 F:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
-c----w 27,648 2007-08-20 10:04:39 F:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
-c----w 3,584,512 2007-08-20 10:04:41 F:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
-c----w 477,696 2007-08-20 10:04:41 F:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
-c----w 193,024 2007-08-20 10:04:41 F:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
-c----w 671,232 2007-08-20 10:04:42 F:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
-c----w 102,400 2007-08-20 10:04:42 F:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
-c----w 105,984 2007-08-20 10:04:42 F:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
-c----w 1,152,000 2007-08-20 10:04:42 F:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
-c----w 232,960 2007-08-20 10:04:42 F:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
-c----w 824,832 2007-08-20 10:04:43 F:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
.
----a-r 167,936 2007-09-11 21:10:32 F:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
----a-r 34,304 2007-09-11 21:10:32 F:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
----a-r 8,192 2007-09-11 21:10:32 F:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
----a-r 3,584 2007-09-11 21:10:32 F:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
----a-r 114,688 2007-09-11 21:10:32 F:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
----a-r 16,384 2007-09-11 21:10:32 F:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
----a-r 30,720 2007-09-11 21:10:32 F:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
----a-r 22,528 2007-09-11 21:10:32 F:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
----a-r 45,056 2007-09-11 21:10:32 F:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
----a-r 90,112 2007-09-11 21:10:32 F:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
----a-w 124,928 2007-06-27 14:34:51 F:\WINDOWS\SYSTEM32\advpack.dll
----a-w 214,528 2007-08-13 22:35:38 F:\WINDOWS\SYSTEM32\dxtrans.dll
----a-w 132,608 2007-06-27 14:34:51 F:\WINDOWS\SYSTEM32\extmgr.dll
----a-w 61,952 2007-08-13 22:36:26 F:\WINDOWS\SYSTEM32\icardie.dll
------w 63,488 2007-06-27 08:27:04 F:\WINDOWS\SYSTEM32\ie4uinit.exe
------w 153,088 2007-06-27 14:34:51 F:\WINDOWS\SYSTEM32\ieakeng.dll
------w 230,400 2007-06-27 14:34:51 F:\WINDOWS\SYSTEM32\ieaksie.dll
------w 161,792 2007-06-27 07:00:33 F:\WINDOWS\SYSTEM32\ieakui.dll
----a-w 383,488 2007-06-27 14:34:51 F:\WINDOWS\SYSTEM32\ieapfltr.dll
------w 384,512 2007-06-27 14:34:51 F:\WINDOWS\SYSTEM32\iedkcs32.dll
----a-w 6,058,496 2007-06-27 14:34:55 F:\WINDOWS\SYSTEM32\ieframe.dll
------w 44,544 2007-06-27 14:34:55 F:\WINDOWS\SYSTEM32\iernonce.dll
----a-w 267,776 2007-06-27 14:34:55 F:\WINDOWS\SYSTEM32\iertutil.dll
----a-w 13,824 2007-06-27 08:27:05 F:\WINDOWS\SYSTEM32\ieudinit.exe
------w 27,648 2007-06-27 14:34:56 F:\WINDOWS\SYSTEM32\jsproxy.dll
----a-w 17,474,680 2007-09-06 02:50:42 F:\WINDOWS\SYSTEM32\MRT.exe
----a-w 459,264 2007-06-27 14:34:56 F:\WINDOWS\SYSTEM32\msfeeds.dll
----a-w 52,224 2007-06-27 14:34:56 F:\WINDOWS\SYSTEM32\msfeedsbs.dll
----a-w 3,583,488 2007-07-19 04:00:00 F:\WINDOWS\SYSTEM32\mshtml.dll
----a-w 477,696 2007-06-27 14:34:57 F:\WINDOWS\SYSTEM32\mshtmled.dll
------w 193,024 2007-06-27 14:34:58 F:\WINDOWS\SYSTEM32\msrating.dll
------w 671,232 2007-06-27 14:34:58 F:\WINDOWS\SYSTEM32\mstime.dll
------w 102,400 2007-06-27 14:34:58 F:\WINDOWS\SYSTEM32\occache.dll
----a-w 105,984 2007-06-27 14:34:58 F:\WINDOWS\SYSTEM32\url.dll
----a-w 1,152,000 2007-06-27 14:34:58 F:\WINDOWS\SYSTEM32\urlmon.dll
----a-w 232,960 2007-06-27 14:34:59 F:\WINDOWS\SYSTEM32\webcheck.dll
----a-w 823,808 2007-06-27 14:34:59 F:\WINDOWS\SYSTEM32\wininet.dll
----a-w 248,320 2007-03-09 11:28:00 F:\WINDOWS\SYSTEM32\xpsp3res.dll
-c----w 124,928 2007-06-27 14:34:51 F:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
-c----w 214,528 2007-08-13 22:35:38 F:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
-c----w 132,608 2007-06-27 14:34:51 F:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
-c----w 63,488 2007-06-27 08:27:04 F:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
-c----w 153,088 2007-06-27 14:34:51 F:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
-c----w 230,400 2007-06-27 14:34:51 F:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
-c----w 161,792 2007-06-27 07:00:33 F:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
-c----w 384,512 2007-06-27 14:34:51 F:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
-c----w 44,544 2007-06-27 14:34:55 F:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
-c--a-w 625,152 2007-06-27 08:27:30 F:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
-c--a-w 683,520 2007-05-16 15:12:02 F:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
-c----w 27,648 2007-06-27 14:34:56 F:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
-c----w 3,583,488 2007-07-19 04:00:00 F:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
-c----w 477,696 2007-06-27 14:34:57 F:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
-c----w 193,024 2007-06-27 14:34:58 F:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
-c----w 671,232 2007-06-27 14:34:58 F:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
-c----w 102,400 2007-06-27 14:34:58 F:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
-c----w 105,984 2007-06-27 14:34:58 F:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
-c----w 1,152,000 2007-06-27 14:34:58 F:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
-c----w 232,960 2007-06-27 14:34:59 F:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
-c----w 823,808 2007-06-27 14:34:59 F:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2003-10-06 15:16]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 13:26]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 F:\WINDOWS\BCMSMMSG.exe]
"nwiz"="nwiz.exe" [2003-10-06 15:16 F:\WINDOWS\SYSTEM32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-26 21:02]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 10:40]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
"NvMediaCenter"=RUNDLL32.EXE F:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

F:\Documents and Settings\Jessica\Start Menu\Programs\Startup\
HotSync Manager.lnk - F:\Program Files\Sony Handheld\HOTSYNC.EXE [2002-08-09 17:36:20]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - F:\Program Files\Digital Line Detect\DLG.exe [2002-11-12 21:00:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
"C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
C:\WINDOWS\System32\hphmon04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
"C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
C:\PROGRA~1\NORTON~1\navapw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDRealtime]
C:\WINDOWS\realtime.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

R1 cdrbsvsd;cdrbsvsd;F:\WINDOWS\system32\drivers\cdrbsvsd.sys
S3 BCMModem;BCM V.92 56K Modem;F:\WINDOWS\system32\DRIVERS\BCMSM.sys
S3 Dot4 HPH11;Dot4 HPH11;F:\WINDOWS\system32\DRIVERS\hphid411.sys
S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11;F:\WINDOWS\system32\DRIVERS\hphipr11.sys
S3 Dot4Usb HPH11;Dot4Usb HPH11;F:\WINDOWS\system32\drivers\hphius11.sys
S3 NMSCFG;NIC Management Service Configuration Driver;\??\C:\WINDOWS\System32\drivers\NMSCFG.SYS
S3 NMSSvc;Intel® NMS;C:\WINDOWS\System32\NMSSvc.exe
S4 hpt3xx;hpt3xx;F:\WINDOWS\system32\DRIVERS\hpt3xx.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80ee6c1e-ec5f-11db-ad22-806d6172696f}]
play\Command- "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"

.
Contents of the 'Scheduled Tasks' folder
"2007-10-13 16:08:00 F:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-13 12:43:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-13 12:45:44 - machine was rebooted
F:\ComboFix-quarantined-files.txt ... 2007-10-13 12:45
F:\ComboFix2.txt ... 2007-10-09 18:44
F:\ComboFix3.txt ... 2007-10-08 18:59
.
--- E O F ---


And the Hijackthis Log

Logfile of HijackThis v1.99.1
Scan saved at 12:48:47 PM, on 10/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
F:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\dvd43\dvd43_tray.exe
F:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\Timm\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by133w.bay133...es/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1189473934234
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

#12 __RiP_ChAiN_

__RiP_ChAiN_

    GeekU Teacher

  • Authentic Member
  • PipPip
  • 142 posts

Posted 13 October 2007 - 11:37 AM

Hello slimmie,

Now your computer appears to be fully cleaned of malware. Is your computer still running well?
Posted Image

#13 slimmie

slimmie

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 13 October 2007 - 01:15 PM

Yeah, seems fine. Thanks. Are there any programs that I should be running periodically to keep my computer cleaned off? I run Spybot & Adaware pretty often & take care of the registry & temp files using c-cleaner & Registry mechanic. Any other suggestions? And is it safe to assume that I shoud stay away from Limewire? Any suggestions for a replacement?

#14 __RiP_ChAiN_

__RiP_ChAiN_

    GeekU Teacher

  • Authentic Member
  • PipPip
  • 142 posts

Posted 13 October 2007 - 01:26 PM

Hello slimmie,

And is it safe to assume that I shoud stay away from Limewire? Any suggestions for a replacement?

I would advise staying away from it, yes. I can't and won't help you find a replacement for it per forum rules.

Please delete the following folder:

C:\Qoobox

Go ahead and delete any tools we may have used in the fix process.

Congratulations, your computer is now clean of malware!

Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources
  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

Posted Image

#15 __RiP_ChAiN_

__RiP_ChAiN_

    GeekU Teacher

  • Authentic Member
  • PipPip
  • 142 posts

Posted 21 October 2007 - 12:56 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users