Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still Infected with Browser Hijacks and Pop-Ups


  • Please log in to reply
13 replies to this topic

#1 mtnbay

mtnbay

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 02 January 2009 - 02:47 PM

Here is what I come up with when I run a scan. Any and all help would be greatly appreciated. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:55 AM, on 1/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {F92E9705-546D-4BD2-A451-9EE8B6B1B679} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) -
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Plug-in 1.5.0_08) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} -
O20 - Winlogon Notify: jkkll - C:\WINDOWS\system32\jkkll.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10653 bytes

BC AdBot (Login to Remove)

 


#2 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 08 January 2009 - 10:26 AM

mtnbay

1. Go HERE and download File Lister.Save it to your Desktop
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
As the program runs, it will appear that nothing is happening.
When the program is fnished it will produce a log for you C:\Files.txt
Copy and paste the contents of that log in your reply.
Posted Image
Microsoft MVP - Windows Security

#3 mtnbay

mtnbay
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 08 January 2009 - 10:33 AM

Thanks for your help. Here is the contents of the files.txt file:


+++++++++++++++++++++++++++++++++
+ File Lister Version 1.0.5
+
+ By bamajim / bamajim.com
+++++++++++++++++++++++++++++++++

Report ran on --->>> 1/8/2009 7:30:06 AM


====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Rhapsody\rhaphlpr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WScript.exe

====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

BHO: (NO NAME) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -

BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: (NO NAME) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO: (NO NAME) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

BHO: (NO NAME) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

BHO: Symantec Intrusion Prevention - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

BHO: (NO NAME) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

BHO: (NO NAME) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

BHO: (NO NAME) - {F92E9705-546D-4BD2-A451-9EE8B6B1B679} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

====== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"ccApp"="\"C:\\Program Files\\Common\" Files\\Symantec Shared\\ccApp.exe"
"MSConfig"="\"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe\" /auto"
"SBAMTray"="\"C:\\Program Files\\Sunbelt Software\\CounterSpy\\SBAMTray.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Adobe Photoshop Lightroom 1.4\\apdproxy.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


====== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
@=""


====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

11/28/2008 2:16:51 PM 0 C:\Config.Msi
1/8/2009 7:30:06 AM 4310 2080 C:\Files.txt
1/5/2009 1:39:51 PM 594 2080 C:\updatedatfix.log
12/31/2008 3:01:28 AM 11442667 C:\WINDOWS\$NtUninstallKB936782_WMP11$
12/31/2008 3:01:28 AM 597900 C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst
12/31/2008 3:03:10 AM 913622 C:\WINDOWS\$NtUninstallKB939683$
12/31/2008 3:03:10 AM 597718 C:\WINDOWS\$NtUninstallKB939683$\spuninst
12/31/2008 3:01:47 AM 922695 C:\WINDOWS\$NtUninstallKB954154_WM11$
12/31/2008 3:01:47 AM 626759 C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst
12/31/2008 3:03:36 AM 2473636 C:\WINDOWS\$NtUninstallKB954211$
12/31/2008 3:03:36 AM 628388 C:\WINDOWS\$NtUninstallKB954211$\spuninst
12/31/2008 3:02:14 AM 12833803 C:\WINDOWS\$NtUninstallKB956390$
12/31/2008 3:02:14 AM 638987 C:\WINDOWS\$NtUninstallKB956390$\spuninst
12/31/2008 3:04:01 AM 1552407 C:\WINDOWS\$NtUninstallKB956391$
12/31/2008 3:04:01 AM 626711 C:\WINDOWS\$NtUninstallKB956391$\spuninst
12/31/2008 3:04:07 AM 766888 C:\WINDOWS\$NtUninstallKB956803$
12/31/2008 3:04:07 AM 628520 C:\WINDOWS\$NtUninstallKB956803$\spuninst
12/31/2008 3:03:18 AM 13173510 C:\WINDOWS\$NtUninstallKB956841$
12/31/2008 3:03:18 AM 631942 C:\WINDOWS\$NtUninstallKB956841$\spuninst
12/31/2008 3:03:55 AM 961358 C:\WINDOWS\$NtUninstallKB957095$
12/31/2008 3:03:55 AM 628430 C:\WINDOWS\$NtUninstallKB957095$\spuninst
11/28/2008 2:17:10 PM 65877 C:\WINDOWS\braveheart
12/21/2008 4:13:28 PM 179707 32 C:\WINDOWS\hpwins14.dat
11/28/2008 1:40:46 PM 179084 0 C:\WINDOWS\hpwins14.dat.temp
12/21/2008 4:13:28 PM 1108 32 C:\WINDOWS\hpwmdl14.dat
11/28/2008 1:40:46 PM 1108 0 C:\WINDOWS\hpwmdl14.dat.temp
11/28/2008 2:17:11 PM 12858 32 C:\WINDOWS\hpwscr14.dat
12/31/2008 3:03:35 AM 13887 32 C:\WINDOWS\KB954211.log
12/31/2008 3:04:00 AM 12401 32 C:\WINDOWS\KB956391.log
12/31/2008 3:04:06 AM 13979 32 C:\WINDOWS\KB956803.log
12/31/2008 3:03:15 AM 15198 32 C:\WINDOWS\KB956841.log
12/31/2008 3:03:53 AM 13980 32 C:\WINDOWS\KB957095.log
11/28/2008 2:15:58 PM 3317 32 C:\WINDOWS\MSI30-KB884016.log
1/7/2009 8:37:00 PM 116182 32 C:\WINDOWS\setupapi.log
11/25/2008 8:16:29 PM 0 32 C:\WINDOWS\setuperr.log
12/30/2008 12:18:56 PM 77 32 C:\WINDOWS\wininit.ini
1/7/2009 8:54:49 PM 4958588 32 C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-20061102}.BAK
1/7/2009 8:49:56 PM 4958588 32 C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-20061102}.CDF
12/21/2008 4:14:10 PM 309760 32 C:\WINDOWS\system32\difxapi.dll
12/21/2008 4:14:10 PM 294912 32 C:\WINDOWS\system32\hpovst11.dll
12/21/2008 4:14:10 PM 364544 32 C:\WINDOWS\system32\hppldcoi.dll
12/21/2008 4:14:09 PM 970752 32 C:\WINDOWS\system32\hpwtiop3.dll
12/21/2008 4:14:10 PM 729088 32 C:\WINDOWS\system32\hpwwiax3.dll
11/28/2008 2:21:12 PM 118272 32 C:\WINDOWS\system32\hpz3l5jy.dll
12/21/2008 4:14:17 PM 271704 32 C:\WINDOWS\system32\hpzids01.dll
12/21/2008 2:24:55 PM 18240 32 C:\WINDOWS\system32\RECV.log
12/21/2008 2:24:55 PM 6639 32 C:\WINDOWS\system32\SENT.log
12/21/2008 2:24:31 PM 105719 32 C:\WINDOWS\system32\TEST.log
1/7/2009 8:49:18 PM 566296 32 C:\WINDOWS\system32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTSBLFX.SYS

====== Files under "\Administrator\Startup" Last 60 Days======


====== Files under "\All Users\Startup" Last 60 Days======


====== Folders under "\Program Files" Last 60 Days======

12/4/2008 6:49:31 PM 27194 C:\Program Files\Daniusoft
12/4/2008 6:49:31 PM 27194 C:\Program Files\Daniusoft\Video to Creative Zen Converter
12/4/2008 6:49:31 PM 27194 C:\Program Files\Daniusoft\Video to Creative Zen Converter\Log
12/30/2008 11:30:51 AM 949072 C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
12/21/2008 9:20:27 PM 5879653 C:\Program Files\FLV Player
12/21/2008 9:20:37 PM 10726660 C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
12/17/2008 12:48:00 PM 21116562 C:\Program Files\fotoQuote
12/17/2008 12:48:00 PM 21116562 C:\Program Files\fotoQuote\My Product Name
12/17/2008 12:48:00 PM 21116562 C:\Program Files\fotoQuote\My Product Name\FotoQuote Pro
12/17/2008 12:48:04 PM 1682090 C:\Program Files\fotoQuote\My Product Name\FotoQuote Pro\System
11/28/2008 2:16:57 PM 228392770 C:\Program Files\HP
11/28/2008 2:43:23 PM 1997680 C:\Program Files\HP\Common
11/28/2008 2:16:57 PM 215550801 C:\Program Files\HP\Digital Imaging
11/28/2008 2:18:03 PM 65402860 C:\Program Files\HP\Digital Imaging\bin
11/28/2008 2:39:56 PM 348160 C:\Program Files\HP\Digital Imaging\bin\crm
12/21/2008 4:15:33 PM 3114 C:\Program Files\HP\Digital Imaging\bin\hpqprefloc
12/21/2008 4:15:32 PM 223696 C:\Program Files\HP\Digital Imaging\bin\hpqscimg
12/21/2008 4:15:33 PM 29986 C:\Program Files\HP\Digital Imaging\bin\hpqscloc
11/28/2008 2:52:01 PM 215679 C:\Program Files\HP\Digital Imaging\Crm
11/28/2008 2:27:41 PM 2501559 C:\Program Files\HP\Digital Imaging\data
11/28/2008 2:27:47 PM 1385406 C:\Program Files\HP\Digital Imaging\data\bmp
11/28/2008 2:27:54 PM 7729 C:\Program Files\HP\Digital Imaging\data\CUEStatus
11/28/2008 2:27:41 PM 456373 C:\Program Files\HP\Digital Imaging\data\DefaultScanSettings
12/21/2008 4:14:43 PM 3267 C:\Program Files\HP\Digital Imaging\data\DeviceDiscovery
11/28/2008 2:51:25 PM 104185 C:\Program Files\HP\Digital Imaging\data\phototemplates
11/28/2008 2:34:46 PM 6518 C:\Program Files\HP\Digital Imaging\data\printsubsystemplugins
11/28/2008 2:51:42 PM 11552 C:\Program Files\HP\Digital Imaging\data\PrintUIData
11/28/2008 2:51:42 PM 269605 C:\Program Files\HP\Digital Imaging\data\projects
11/28/2008 2:51:42 PM 16866 C:\Program Files\HP\Digital Imaging\data\projects\configuration
11/28/2008 2:52:00 PM 252739 C:\Program Files\HP\Digital Imaging\data\projects\ContentPackages
12/21/2008 4:15:11 PM 7510 C:\Program Files\HP\Digital Imaging\data\Toolbox
11/28/2008 2:42:58 PM 3365439 C:\Program Files\HP\Digital Imaging\devicemanagement
11/28/2008 2:53:14 PM 176128 C:\Program Files\HP\Digital Imaging\DigitalImaging
11/28/2008 2:53:13 PM 76120243 C:\Program Files\HP\Digital Imaging\DocProc
11/28/2008 2:53:14 PM 7856396 C:\Program Files\HP\Digital Imaging\DocProc\Binary
12/21/2008 4:15:44 PM 3351932 C:\Program Files\HP\Digital Imaging\esupport
12/21/2008 4:15:54 PM 3351427 C:\Program Files\HP\Digital Imaging\extcapuninstall
11/28/2008 2:51:27 PM 2366699 C:\Program Files\HP\Digital Imaging\graphics
11/28/2008 2:51:44 PM 219923 C:\Program Files\HP\Digital Imaging\graphics\en
11/28/2008 2:51:27 PM 115188 C:\Program Files\HP\Digital Imaging\graphics\Fonts
11/28/2008 2:51:42 PM 183128 C:\Program Files\HP\Digital Imaging\graphics\Photobook
11/28/2008 2:28:19 PM 12647547 C:\Program Files\HP\Digital Imaging\Help
11/28/2008 2:33:38 PM 6856935 C:\Program Files\HP\Digital Imaging\Help\flash
11/28/2008 2:33:39 PM 1438683 C:\Program Files\HP\Digital Imaging\Help\player
12/21/2008 4:14:52 PM 451462 C:\Program Files\HP\Digital Imaging\Help\player\fscommand
12/21/2008 4:15:33 PM 16827 C:\Program Files\HP\Digital Imaging\Help\pstour
11/28/2008 2:33:39 PM 31366 C:\Program Files\HP\Digital Imaging\Help\xmlmenu
12/21/2008 4:15:11 PM 159722 C:\Program Files\HP\Digital Imaging\HP Officejet J6400 Series
12/21/2008 4:15:11 PM 147304 C:\Program Files\HP\Digital Imaging\HP Officejet J6400 Series\data
12/21/2008 4:15:11 PM 12418 C:\Program Files\HP\Digital Imaging\HP Officejet J6400 Series\help
11/28/2008 2:51:39 PM 6764 C:\Program Files\HP\Digital Imaging\HPPSE
11/28/2008 2:52:00 PM 3276 C:\Program Files\HP\Digital Imaging\HPPSE\Data
11/28/2008 2:51:39 PM 3488 C:\Program Files\HP\Digital Imaging\HPPSE\Plugins
12/21/2008 4:16:02 PM 3350678 C:\Program Files\HP\Digital Imaging\hpssupply
12/21/2008 4:15:59 PM 118155 C:\Program Files\HP\Digital Imaging\img
11/28/2008 2:54:12 PM 3352216 C:\Program Files\HP\Digital Imaging\ocr
11/28/2008 2:52:26 PM 3353666 C:\Program Files\HP\Digital Imaging\photosmartessential
11/28/2008 2:51:23 PM 54425 C:\Program Files\HP\Digital Imaging\plugins
12/21/2008 4:15:20 PM 2541384 C:\Program Files\HP\Digital Imaging\Product Assistant
12/21/2008 4:15:20 PM 2541384 C:\Program Files\HP\Digital Imaging\Product Assistant\bin
12/21/2008 4:15:59 PM 32382 C:\Program Files\HP\Digital Imaging\res
12/21/2008 4:15:32 PM 927249 C:\Program Files\HP\Digital Imaging\Search
12/21/2008 4:15:32 PM 1697 C:\Program Files\HP\Digital Imaging\Search\Images
12/21/2008 4:15:32 PM 139120 C:\Program Files\HP\Digital Imaging\Search\Resources
11/28/2008 2:34:03 PM 770600 C:\Program Files\HP\Digital Imaging\skins
11/28/2008 2:34:03 PM 770600 C:\Program Files\HP\Digital Imaging\skins\oov1
11/28/2008 2:39:58 PM 42480 C:\Program Files\HP\Digital Imaging\skins\oov1\st
11/28/2008 2:34:03 PM 728120 C:\Program Files\HP\Digital Imaging\skins\oov1\tj
11/28/2008 2:50:46 PM 8943116 C:\Program Files\HP\Digital Imaging\Smart Web Printing
11/28/2008 2:50:47 PM 726967 C:\Program Files\HP\Digital Imaging\Smart Web Printing\Help
11/28/2008 2:50:47 PM 10377 C:\Program Files\HP\Digital Imaging\Smart Web Printing\Help\graphics
12/21/2008 4:14:00 PM 21575880 C:\Program Files\HP\Digital Imaging\{15262012-213A-4f65-9019-C8A409EC0156}
12/21/2008 4:14:52 PM 42238 C:\Program Files\HP\Digital Imaging\{15262012-213A-4f65-9019-C8A409EC0156}\help
12/21/2008 4:14:07 PM 5027826 C:\Program Files\HP\Digital Imaging\{15262012-213A-4f65-9019-C8A409EC0156}\images
12/21/2008 4:14:30 PM 2256283 C:\Program Files\HP\Digital Imaging\{15262012-213A-4f65-9019-C8A409EC0156}\Product
12/21/2008 4:14:00 PM 10349602 C:\Program Files\HP\Digital Imaging\{15262012-213A-4f65-9019-C8A409EC0156}\setup
11/28/2008 2:43:24 PM 1989361 C:\Program Files\HP\HP Software Update
11/28/2008 2:16:57 PM 8854928 C:\Program Files\HP\Temp
12/21/2008 4:14:00 PM 8854928 C:\Program Files\HP\Temp\{15262012-213A-4f65-9019-C8A409EC0156}
12/21/2008 4:14:00 PM 8168078 C:\Program Files\HP\Temp\{15262012-213A-4f65-9019-C8A409EC0156}\setup
1/2/2009 2:29:37 AM 4075070 C:\Program Files\Malwarebytes' Anti-Malware
1/2/2009 2:29:38 AM 349316 C:\Program Files\Malwarebytes' Anti-Malware\Languages
12/30/2008 11:30:51 AM 962896 C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
12/9/2008 10:06:24 AM 110592 C:\Program Files\NCH Software
12/9/2008 10:06:24 AM 110592 C:\Program Files\NCH Software\Components
12/9/2008 10:06:24 AM 110592 C:\Program Files\NCH Software\Components\mp3el
12/9/2008 10:03:52 AM 1479570 C:\Program Files\NCH Swift Sound
12/9/2008 10:04:05 AM 110592 C:\Program Files\NCH Swift Sound\Components
12/9/2008 10:04:05 AM 110592 C:\Program Files\NCH Swift Sound\Components\mp3el
12/9/2008 10:03:52 AM 1368978 C:\Program Files\NCH Swift Sound\Switch
12/9/2008 10:03:57 AM 50058 C:\Program Files\NCH Swift Sound\Switch\Help
1/5/2009 11:44:40 PM 6401217 C:\Program Files\PowerDataRecovery
1/5/2009 11:44:41 PM 9940 C:\Program Files\PowerDataRecovery\Help
1/5/2009 11:44:41 PM 9940 C:\Program Files\PowerDataRecovery\Help\English
1/5/2009 11:45:03 PM 1035819 C:\Program Files\PowerDataRecovery\ResumeRecovery
12/30/2008 11:30:50 AM 3125920 C:\Program Files\SDHelper (Spybot - Search & Destroy)
1/6/2009 2:25:07 AM 21216710 C:\Program Files\SmartFTP Client
1/6/2009 2:24:48 AM 9028972 C:\Program Files\SmartFTP Client 3.0 Setup Files
1/6/2009 4:29:28 PM 93359750 C:\Program Files\Sunbelt Software
1/6/2009 4:29:28 PM 93359750 C:\Program Files\Sunbelt Software\CounterSpy
1/6/2009 4:29:29 PM 78050300 C:\Program Files\Sunbelt Software\CounterSpy\Definitions
1/6/2009 4:29:46 PM 248879 C:\Program Files\Sunbelt Software\CounterSpy\Drivers
1/6/2009 4:29:46 PM 62000 C:\Program Files\Sunbelt Software\CounterSpy\Drivers\amd64
1/6/2009 4:29:47 PM 159888 C:\Program Files\Sunbelt Software\CounterSpy\Drivers\i386
12/30/2008 11:30:50 AM 3666592 C:\Program Files\TeaTimer (Spybot - Search & Destroy)
12/4/2008 7:39:45 PM 25331867 C:\Program Files\Vuze
12/4/2008 7:40:35 PM 3441063 C:\Program Files\Vuze\.install4j
12/4/2008 7:40:23 PM 672 C:\Program Files\Vuze\custom
12/4/2008 7:40:24 PM 6527918 C:\Program Files\Vuze\plugins
12/4/2008 7:40:24 PM 6028705 C:\Program Files\Vuze\plugins\azemp
12/4/2008 7:40:28 PM 305689 C:\Program Files\Vuze\plugins\azplugins
12/4/2008 7:40:29 PM 37781 C:\Program Files\Vuze\plugins\azrating
12/4/2008 7:40:30 PM 25659 C:\Program Files\Vuze\plugins\azupdater
12/4/2008 7:40:30 PM 130084 C:\Program Files\Vuze\plugins\azupnpav

====== Files under "\System32\Drivers" Last 60 Days======

12/21/2008 4:14:20 PM 49920 32 C:\WINDOWS\system32\drivers\HPZid412.sys
12/21/2008 4:14:20 PM 16496 32 C:\WINDOWS\system32\drivers\HPZipr12.sys
1/2/2009 2:29:41 AM 15504 32 C:\WINDOWS\system32\drivers\mbam.sys
1/2/2009 2:29:38 AM 38496 32 C:\WINDOWS\system32\drivers\mbamswissarmy.sys

====== Files Deleted under "%Temp%" ======

C:\DOCUME~1\dj\LOCALS~1\Temp\cdr4.inf
C:\DOCUME~1\dj\LOCALS~1\Temp\cdr4x64.cat
C:\DOCUME~1\dj\LOCALS~1\Temp\cdr4x86.cat
C:\DOCUME~1\dj\LOCALS~1\Temp\cdr4_2k.sys
C:\DOCUME~1\dj\LOCALS~1\Temp\cdr4_xp.64
C:\DOCUME~1\dj\LOCALS~1\Temp\cdr4_xp.sys
C:\DOCUME~1\dj\LOCALS~1\Temp\cdral.inf
C:\DOCUME~1\dj\LOCALS~1\Temp\cdralw2k.64
C:\DOCUME~1\dj\LOCALS~1\Temp\cdralw2k.sys
C:\DOCUME~1\dj\LOCALS~1\Temp\cdralx64.cat
C:\DOCUME~1\dj\LOCALS~1\Temp\cdralx86.cat
C:\DOCUME~1\dj\LOCALS~1\Temp\CTZapLog.txt
C:\DOCUME~1\dj\LOCALS~1\Temp\e4ae.rra
C:\DOCUME~1\dj\LOCALS~1\Temp\IUJ41696Swap.tmp
C:\DOCUME~1\dj\LOCALS~1\Temp\IUJ41703Swap.tmp
C:\DOCUME~1\dj\LOCALS~1\Temp\IUJ41708Swap.tmp
C:\DOCUME~1\dj\LOCALS~1\Temp\IUJ41713Swap.tmp
C:\DOCUME~1\dj\LOCALS~1\Temp\IUJ41718Swap.tmp
C:\DOCUME~1\dj\LOCALS~1\Temp\IUJ41728Swap.tmp
C:\DOCUME~1\dj\LOCALS~1\Temp\IUJ41733Swap.tmp
C:\DOCUME~1\dj\LOCALS~1\Temp\IUJ41738Swap.tmp
C:\DOCUME~1\dj\LOCALS~1\Temp\IUJ41743Swap.tmp
C:\DOCUME~1\dj\LOCALS~1\Temp\IUJ41749Swap.tmp
C:\DOCUME~1\dj\LOCALS~1\Temp\java_install_reg.log
C:\DOCUME~1\dj\LOCALS~1\Temp\pconfig.dcf
C:\DOCUME~1\dj\LOCALS~1\Temp\primosdk.DLL
C:\DOCUME~1\dj\LOCALS~1\Temp\px.dll
C:\DOCUME~1\dj\LOCALS~1\Temp\pxafs.dll
C:\DOCUME~1\dj\LOCALS~1\Temp\PxCpyA64.exe
C:\DOCUME~1\dj\LOCALS~1\Temp\PxCpyI64.exe
C:\DOCUME~1\dj\LOCALS~1\Temp\pxdrv.dll
C:\DOCUME~1\dj\LOCALS~1\Temp\pxhelp.inf
C:\DOCUME~1\dj\LOCALS~1\Temp\pxhelp20.inf
C:\DOCUME~1\dj\LOCALS~1\Temp\pxhelp20.sys
C:\DOCUME~1\dj\LOCALS~1\Temp\PxHelp64.sys
C:\DOCUME~1\dj\LOCALS~1\Temp\pxhelper.inf
C:\DOCUME~1\dj\LOCALS~1\Temp\pxhelper.sys
C:\DOCUME~1\dj\LOCALS~1\Temp\pxhelper.vxd
C:\DOCUME~1\dj\LOCALS~1\Temp\pxhlpa64.cat
C:\DOCUME~1\dj\LOCALS~1\Temp\PxHlpa64.sys
C:\DOCUME~1\dj\LOCALS~1\Temp\pxhlpx86.cat
C:\DOCUME~1\dj\LOCALS~1\Temp\pxhpinst.exe
C:\DOCUME~1\dj\LOCALS~1\Temp\PxInsA64.exe
C:\DOCUME~1\dj\LOCALS~1\Temp\PxInsI64.exe
C:\DOCUME~1\dj\LOCALS~1\Temp\pxmas.dll
C:\DOCUME~1\dj\LOCALS~1\Temp\pxsetup.exe
C:\DOCUME~1\dj\LOCALS~1\Temp\pxsfs.dll
C:\DOCUME~1\dj\LOCALS~1\Temp\pxwave.dll
C:\DOCUME~1\dj\LOCALS~1\Temp\set9C.tmp
C:\DOCUME~1\dj\LOCALS~1\Temp\SET9F.tmp
C:\DOCUME~1\dj\LOCALS~1\Temp\TWAIN.LOG
C:\DOCUME~1\dj\LOCALS~1\Temp\Twain001.Mtx
C:\DOCUME~1\dj\LOCALS~1\Temp\VerChk.txt
C:\DOCUME~1\dj\LOCALS~1\Temp\vxblock.dll

54 Files deleted

====== Files and Folders under "All Users\Application Data" Last 60 Days======


====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======


====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

====== Services ( Services that are Whitelisted are not shown) ======

Apple Mobile Device (Apple Mobile Device) "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" - Auto
Automatic LiveUpdate Scheduler (Automatic LiveUpdate Scheduler) "C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe" - Auto
Symantec Lic NetConnect service (CLTNetCnService) "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon - Auto
COM Host (comHost) "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe" - Manual
FLEXnet Licensing Service (FLEXnet Licensing Service) "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" - Manual
hpqcxs08 (hpqcxs08) C:\WINDOWS\system32\svchost.exe -k hpdevmgmt - Manual
HP CUE DeviceDiscovery Service (hpqddsvc) C:\WINDOWS\system32\svchost.exe -k hpdevmgmt - Auto
LiveUpdate Notice (LiveUpdate Notice) "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon - Auto
Net Driver HPZ12 (Net Driver HPZ12) C:\WINDOWS\System32\svchost.exe -k HPZ12 - Auto
NMIndexingService (NMIndexingService) "C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe" - Manual
Pml Driver HPH11 (Pml Driver HPH11) C:\WINDOWS\system32\HPHipm11.exe - Manual
Cyberlink RichVideo Service(CRVS) (RichVideo) "C:\Program Files\CyberLink\Shared files\RichVideo.exe" - Auto
Sunbelt VIPRE Antivirus Service (SBAMSvc) "C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe" - Auto
ScsiAccess (ScsiAccess) C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe - Auto

====== Uninstall List From Registry ======

AC3Filter (remove only)
Adobe Acrobat 8.1.2 Professional
Adobe Flash Player ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player
Adobe ExtendScript Toolkit 2
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Color Common Settings
ATI - Software Uninstall Utility
ATI Display Driver
AudibleManager
Creative Audio Console
Capture NX
Linksys EasyLink Advisor 1.5 (1010)
EPSON Scan
Flickr Uploadr 3.0.2
Free FLV Player V0.05
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1120
HijackThis 2.0.2
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Customer Participation Program 10.0
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
OCR Software by I.R.I.S. 10.0
EPSON Attach To Email
EasyRecovery Professional
Intel® 537EP V9x DF PCI Modem
Jewel Quest (remove only)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890859
Windows Media Format SDK Hotfix - KB891122
Windows XP Hotfix - KB891781
Windows Genuine Advantage Validation Tool (KB892130)
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Update for Windows XP (KB904942)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Update for Windows XP (KB908531)
Microsoft Base Smart Card Cryptographic Service Provider Package
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Hotfix for Windows XP (KB914440)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925902)
Hotfix for Windows XP (KB926239)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for CAPICOM (KB931906)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB933360)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Update for Windows XP (KB936357)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Update for Windows XP (KB946627)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
LiveUpdate 3.1 (Symantec Corporation)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
MagicDisc 2.5.74
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Mozilla Firefox (3.0.5)
Microsoft Compression Client Pack 1.0 for Windows XP
Nero BurnRights
Pantheon (remove only)
Photodex Presenter
Photomatix Pro version 3.0.3RC2
Pokémon Masters Arena
Pop-Up Stopper Free Edition
Power Data Recovery 4.1.1
Intel® PRO Network Connections Drivers
ProShow Gold
LiveUpdate (Symantec Corporation)
RealPlayer
Rhapsody
Shop for HP Supplies
EPSON Perf 3490 3590 Guide
SmartFTP Client 3.0 Setup Files (remove only)
Snapshot Viewer
Snood 4
Snood Towers for Windows version 1.02
Spybot - Search & Destroy 1.4
Switch Sound File Converter
Norton 360 (Symantec Corporation)
Creative System Information
Typer Shark Deluxe 1.02
Virtual Moon Altas Image Libraries
Virtual Moon Atlas
Vuze
Windows Genuine Advantage Validation Tool (KB892130)
Winamp
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 2
WinRAR archiver
WinZip
Windows Media Format 11 runtime
Windows Media Player 11
Word Slinger
Microsoft User-Mode Driver Framework Feature Pack 1.0
Yahoo! Toolbar
Yahoo! Toolbar
ZENcast Organizer
Zenerchi (remove only)
Adobe Photoshop CS3
Adobe XMP DVA Panels CS3
Adobe Soundbooth CS3 Codecs
Macromedia Dreamweaver 8
Adobe Bridge Start Meeting
BPD_Scan
MSXML 6.0 Parser (KB933579)
Norton 360 HTMLHelp
ATI Control Panel
Security Update for CAPICOM (KB931906)
Toolbox
BPDSoftware_Ini
HP Officejet J6400 Series
Microsoft Works 6-9 Converter
ProductContext
Adobe WinSoft Linguistics Plugin
GPBaseService
Status
L7700
AutoUpdate
Adobe After Effects CS3 Presets
Creative ZEN
Adobe Version Cue CS3 Server {ko_KR}
Google Earth
GearDrvs
EPSON Attach To Email
Norton 360
HPPhotoSmartExpress
Adobe ExtendScript Toolkit 2
Backup
Zenerchi
EasyRecovery Professional
ProductContext
Adobe Stock Photos CS3
EPSON Scan Assistant
Norton 360
Rhapsody Player Engine
Adobe Flash Video Encoder
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 5
PSSWCORE
WebFldrs XP
PanoStandAlone
HPProductAssistant
BPDSoftware_Ini
VCRedistSetup
Macromedia Flash MX
6400_Help
Adobe Photoshop Lightroom 2.1
Adobe Setup
Symantec Technical Support Controls
Adobe Premiere Pro CS3 Third Party Content
EPSON Event Manager
BPDSoftware
Macromedia Fireworks 8
Macromedia FreeHand 10
Adobe Premiere Pro CS3 Functional Content
SmartWebPrintingOC
Adobe Color EU Extra Settings
DeviceDiscovery
Adobe Linguistics CS3
Adobe Encore CS3
Macromedia Extension Manager
Norton Confidential Core
neroxml
Adobe Premiere Pro CS3
TrayApp
bpd_scan
J6400
Nero 8
PixiePack Codec Pack
Adobe Setup
eSupportQFolder
DocProc
EPSON Copy Utility 3
BufferChm
Toolbox
Apple Software Update
Adobe Fonts All
Adobe Flash CS3
Adobe MotionPicture Color Files
AHV content for Acrobat and Flash
CounterSpy
Adobe Color Common Settings
BPD_HPSU
SmartFTP Client
CustomerResearchQFolder
Adobe Asset Services CS3
MSXML 4.0 SP2 Parser and SDK
Microsoft Visual C++ 2005 Redistributable
SPBBC 32bit
Adobe Help Viewer CS3
DivX Codec
Adobe Dreamweaver CS3
Snood Deluxe
Adobe Fireworks CS3
Scan
Adobe Video Profiles
BPDSoftware
Adobe Creative Suite 3 Master Collection
Picture Control Utility
Microsoft Virtual PC 2007
UnloadSupport
DivX Player
Macromedia Dreamweaver MX
7500_7600_7700_Help
Unload
SymNet
Adobe Device Central CS3
QuickTime
Adobe Type Support
Adobe Anchor Service CS3
Microsoft Publisher 2002
Microsoft Office Standard Edition 2003
Macromedia Fireworks MX
Adobe Color NA Recommended Settings
Apple Mobile Device Support
Adobe Bridge CS3
Adobe CMaps
Adobe Color - Photoshop Specific
SolutionCenter
Adobe Soundbooth CS3
Fax
PDF Settings
Adobe Acrobat 8 Professional
Adobe Reader 7.0
DivX Converter
ccCommon
Adobe Camera Raw 4.0
Adobe Setup
Spybot - Search & Destroy
Spy Sweeper
Microsoft .NET Framework 2.0 Service Pack 1
Adobe SING CS3
DivX Web Player
Adobe BridgeTalk Plugin CS3
Adobe Encore CS3 Codecs
HPSSupply
Adobe Default Language CS3
HP Photosmart Essential 2.5
Adobe Extension Manager CS3
MSXML 4.0 SP2 (KB936181)
Symantec Technical Support Web Controls
Adobe WAS CS3
Microsoft .NET Framework 1.1
Adobe InDesign CS3
WebReg
DivX Content Uploader
Adobe Version Cue CS3 Client
Adobe PDF Library Files
MarketResearch
Nikon Message Center
Lightroom
MPM
Adobe XMP Panels CS3
Microsoft XML Parser
Symantec Real Time Storage Protection Component
Dell ResourceCD
Destination Component
LiveUpdate Notice (Symantec Corporation)
Adobe Color JA Extra Settings
iTunes
Ad-Aware
VideoToolkit01
Adobe Update Manager CS3
LiveUpdate (Symantec Corporation)
EPSON File Manager
Adobe InDesign CS3 Icon Handler
Adobe After Effects CS3
AppCore
ViewNX
Adobe Illustrator CS3
InstantShareDevicesMFC
32 Bit HP CIO Components Installer
fotoQuote Pro 5
Adobe Contribute CS3
HP Update

======== Other Info ========

TOTAL PHYSICAL RAM: 1072 MB

#4 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 08 January 2009 - 11:09 AM

mtnbay

1. Please download HostsXpert 4.0 - Hosts File Manager
  • And Save it to your Desktop
  • Rt Click Hoster.zip->>Extract all->>Extract it to your Desktop (or your C:\ drive)
  • Open The Hoster folder->>Double Click HostsXpert.exe
  • When the program Opens Click The "Restore MS Hosts File" button in the left pane.
  • Then select "Restore Original Hosts" when prompted.
  • Close the Hoster program when complete
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
2. Please perform an Ewido Online Malware Scan
  • When a dialog box appears asking you if you would like to download and install the ewido anti-spyware online scanner please click Yes to allow the download.
  • Click on Start Scan.
  • after the scan completes it will produce a log for you, copy and paste the results of that scan as a reply to this thread
  • If any infections are found, (After you save the logfile), Click on Remove Infections.

Posted Image
Microsoft MVP - Windows Security

#5 mtnbay

mtnbay
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 08 January 2009 - 03:03 PM

After I ran the scan another browser hijack occurred (just an FYI). Here is my ewido.txt log:

_________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\dj\Cookies\dj@atdmt[2].txt
Risk: Medium

Name: TrackingCookie.Msn
Path: C:\Documents and Settings\dj\Cookies\dj@auto.search.msn[2].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\dj\Cookies\dj@doubleclick[1].txt
Risk: Medium

Name: TrackingCookie.Aavalue
Path: C:\Documents and Settings\dj\Cookies\dj@freemusicconnection.aavalue[1].txt
Risk: Medium

Name: TrackingCookie.Info
Path: C:\Documents and Settings\dj\Cookies\dj@info[1].txt
Risk: Medium

Name: TrackingCookie.Webtrends
Path: C:\Documents and Settings\dj\Cookies\dj@m.webtrends[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\dj\Cookies\dj@microsoftwindows.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Real
Path: C:\Documents and Settings\dj\Cookies\dj@real[2].txt
Risk: Medium

Name: TrackingCookie.Msn
Path: C:\Documents and Settings\Madeline\Cookies\madeline@auto.search.msn[1].txt
Risk: Medium

Name: TrackingCookie.Msn
Path: C:\Documents and Settings\Madeline\Cookies\madeline@search.msn[2].txt
Risk: Medium

Name: Not-A-Virus.Adware.EShoper
Path: C:\Program Files\FLV Player\flv2video_converter-trial.exe
Risk: Low

Name: Not-A-Virus.Adware.AdWeb
Path: C:\Program Files\Photodex Presenter\pxplay.ocx
Risk: Low

Thanks again!

#6 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 09 January 2009 - 09:30 AM

mtnbay

1. Rerun Hijackthis (scan only) and place checks beside the following entriesR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: (no name) - {F92E9705-546D-4BD2-A451-9EE8B6B1B679} - (no file)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) -
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Plug-in 1.5.0_08) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} -
O20 - Winlogon Notify: jkkll - C:\WINDOWS\system32\jkkll.dll (file missing)

Close all other open windows except Hijackthis and Select "Fix checked"

Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log

And in your reply give me an update on how your PC is running now
Posted Image
Microsoft MVP - Windows Security

#7 mtnbay

mtnbay
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 09 January 2009 - 11:07 AM

Thanks again for all your help. Even after rebooting, on the initial startup of Firefox and Internet Explorer my browsers are still being redirected to 3rd party sites when I do a search through Google or Yahoo. Here is my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:02 AM, on 1/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {F92E9705-546D-4BD2-A451-9EE8B6B1B679} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common" Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-746137067-920026266-839522115-1006\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" (User 'Madeline')
O4 - HKUS\S-1-5-21-746137067-920026266-839522115-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Madeline')
O4 - HKUS\S-1-5-21-746137067-920026266-839522115-1006\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Madeline')
O4 - HKUS\S-1-5-21-746137067-920026266-839522115-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Madeline')
O4 - HKUS\S-1-5-21-746137067-920026266-839522115-1006\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User 'Madeline')
O4 - HKUS\S-1-5-21-746137067-920026266-839522115-1006\..\Run: [DDC] C:\WINDOWS\system32\qvasgaed.exe (User 'Madeline')
O4 - HKUS\S-1-5-21-746137067-920026266-839522115-1006\..\Run: [c451b494] "rundll32.exe" "C:\WINDOWS\system32\wsiorwhh.dll",b (User 'Madeline')
O4 - HKUS\S-1-5-21-746137067-920026266-839522115-1006\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User 'Madeline')
O4 - HKUS\S-1-5-21-746137067-920026266-839522115-500\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User 'Administrator')
O4 - HKUS\S-1-5-21-746137067-920026266-839522115-500\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'Administrator')
O4 - HKUS\S-1-5-21-746137067-920026266-839522115-501\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User 'Guest')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12370 bytes

#8 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 09 January 2009 - 02:25 PM

mtnbay

Looks like we have some new entries in your log. Lets to this

Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Microsoft MVP - Windows Security

#9 mtnbay

mtnbay
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 09 January 2009 - 10:55 PM

I keep getting a warning saying that my post is too long when I try to paste my combofix log so I have attached it in a text file. Thanks again.

Attached Files



#10 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 12 January 2009 - 09:49 AM

mtnbay

Rerun Hijackthis and post a fresh Hijackthis log.

And in your reply give me an update on how your PC is running at this point
Posted Image
Microsoft MVP - Windows Security

#11 mtnbay

mtnbay
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 12 January 2009 - 07:44 PM

bamajim,

I am not quite sure what happened, but after running ComboFix the browser hijacks have stopped, as well as the annoying pop ups. Thank you so much for your help. If they return is it okay to post a future reply to this thread? Take care.

#12 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 12 January 2009 - 07:58 PM

mtnbay

That's good news. I was hoping that you would post the results of the Combofix log so I could make sure there's nothing left that needs to go. But the choice is yours
Posted Image
Microsoft MVP - Windows Security

#13 mtnbay

mtnbay
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 13 January 2009 - 02:28 AM

Here is my most recent Combofix log:

ComboFix 09-01-09.02 - dj 2009-01-12 23:01:15.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.446 [GMT -8:00]
Running from: c:\documents and settings\dj\Desktop\ComboFix2.exe
.

((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
.

2009-01-10 03:01 . 2009-01-10 03:01 <DIR> d-------- c:\program files\MSXML 4.0
2009-01-09 21:32 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-01-09 18:14 . 2009-01-09 07:01 <DIR> d----c--- C:\ComboFix
2009-01-09 13:13 . 2009-01-09 13:16 <DIR> d-------- c:\documents and settings\dj\Application Data\Move Networks
2009-01-09 07:14 . 2009-01-12 23:02 6,736 --a------ c:\windows\system32\drivers\PROCEXP90.SYS
2009-01-08 18:30 . 2009-01-10 03:28 32,448 --a------ c:\windows\system32\BMXCtrlState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx
2009-01-08 18:30 . 2009-01-10 03:28 32,448 --a------ c:\windows\system32\BMXBkpCtrlState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx
2009-01-08 18:30 . 2009-01-10 03:28 11,564 --a------ c:\windows\system32\DVCState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx
2009-01-07 20:54 . 2009-01-07 20:54 4,958,588 --------- c:\windows\{00000003-00000000-00000003-00001102-00000004-20061102}.BAK
2009-01-07 20:49 . 2009-01-09 07:41 4,958,588 --a------ c:\windows\{00000003-00000000-00000003-00001102-00000004-20061102}.CDF
2009-01-07 20:49 . 2008-06-27 19:21 566,296 --a------ c:\windows\system32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTSBLFX.SYS
2009-01-06 16:31 . 2009-01-06 16:31 <DIR> d-------- c:\documents and settings\dj\Application Data\Sunbelt
2009-01-06 16:30 . 2009-01-06 16:30 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Sunbelt
2009-01-06 16:29 . 2009-01-06 16:29 <DIR> d-------- c:\program files\Sunbelt Software
2009-01-06 02:25 . 2009-01-06 02:25 <DIR> d-------- c:\program files\SmartFTP Client
2009-01-06 02:25 . 2009-01-06 02:25 <DIR> d-------- c:\documents and settings\dj\Application Data\SmartFTP
2009-01-06 02:24 . 2009-01-06 02:24 <DIR> d-------- c:\program files\SmartFTP Client 3.0 Setup Files
2009-01-05 23:44 . 2009-01-05 23:45 <DIR> d-------- c:\program files\PowerDataRecovery
2009-01-04 23:52 . 2009-01-04 23:52 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-02 02:29 . 2009-01-02 02:29 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-02 02:29 . 2009-01-02 02:29 <DIR> d-------- c:\documents and settings\dj\Application Data\Malwarebytes
2009-01-02 02:29 . 2009-01-02 02:29 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-01-02 02:29 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-02 02:29 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-01 18:46 . 2009-01-04 23:52 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2008-12-30 21:20 . 2008-12-30 21:42 <DIR> d-------- c:\documents and settings\Guest\Application Data\HPAppData
2008-12-30 21:18 . 2008-12-30 21:18 <DIR> d-------- c:\documents and settings\Guest\Application Data\EPSON
2008-12-30 12:18 . 2008-12-30 12:18 77 --a------ c:\windows\wininit.ini
2008-12-30 11:30 . 2008-12-30 11:30 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-30 11:30 . 2008-12-30 11:30 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-30 11:30 . 2008-12-30 11:30 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-30 11:30 . 2008-12-30 11:30 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-21 21:20 . 2008-12-21 21:20 <DIR> d-------- c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-12-21 21:20 . 2009-01-08 11:57 <DIR> d-------- c:\program files\FLV Player
2008-12-21 16:15 . 2008-12-21 16:15 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\HP Product Assistant
2008-12-21 16:14 . 2007-10-30 20:19 970,752 --a------ c:\windows\system32\hpwtiop3.dll
2008-12-21 16:14 . 2007-10-30 20:19 729,088 --a------ c:\windows\system32\hpwwiax3.dll
2008-12-21 16:14 . 2007-01-17 00:37 364,544 --a------ c:\windows\system32\hppldcoi.dll
2008-12-21 16:14 . 2007-01-17 00:37 309,760 --a------ c:\windows\system32\difxapi.dll
2008-12-21 16:14 . 2007-01-17 00:31 294,912 --a------ c:\windows\system32\hpovst11.dll
2008-12-21 16:14 . 2007-11-06 10:10 271,704 --a------ c:\windows\system32\hpzids01.dll
2008-12-21 16:14 . 2007-01-17 00:37 49,920 --a------ c:\windows\system32\drivers\HPZid412.sys
2008-12-21 16:14 . 2007-01-17 00:37 16,496 --a------ c:\windows\system32\drivers\HPZipr12.sys
2008-12-21 16:13 . 2008-12-21 16:47 179,707 --a------ c:\windows\hpwins14.dat
2008-12-21 16:13 . 2008-06-09 03:02 1,108 --a------ c:\windows\hpwmdl14.dat
2008-12-17 12:50 . 2008-12-17 12:50 <DIR> d-------- c:\documents and settings\dj\Application Data\FileMaker
2008-12-17 12:48 . 2008-12-17 12:48 <DIR> d-------- c:\program files\fotoQuote

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 07:13 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-13 00:51 --------- d-----w c:\documents and settings\dj\Application Data\Azureus
2009-01-13 00:41 --------- d-----w c:\documents and settings\dj\Application Data\HPAppData
2009-01-08 19:57 --------- d-----w c:\program files\Photodex Presenter
2009-01-08 04:50 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 04:50 --------- d-----w c:\program files\Creative
2009-01-08 04:49 444,952 ----a-w c:\windows\system32\wrap_oal.dll
2009-01-08 04:49 109,080 ----a-w c:\windows\system32\OpenAL32.dll
2009-01-08 04:40 --------- d-----w c:\program files\PhotomatixPro3
2009-01-08 04:40 --------- d-----w c:\program files\Linksys EasyLink Advisor
2009-01-08 04:40 --------- d-----w c:\program files\Audible
2009-01-07 21:50 806 -c--a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-07 21:50 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-01-07 21:50 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-07 21:50 10,635 -c--a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-07 21:50 --------- d-----w c:\program files\Symantec
2009-01-06 08:23 --------- d-----w c:\program files\Ontrack
2009-01-05 07:52 --------- d-----w c:\program files\Lavasoft
2009-01-02 19:37 --------- d-----w c:\program files\QuickTime
2008-12-31 05:18 29,184 ----a-w c:\windows\system32\drivers\goprot51.sys
2008-12-30 20:26 --------- d-----w c:\program files\Bonjour
2008-12-30 20:21 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-12-30 19:35 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-22 06:11 --------- d-----w c:\program files\Vuze
2008-12-22 00:15 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\HP
2008-12-19 15:19 --------- d-----w c:\program files\Microsoft Works
2008-12-15 00:54 20 -c-h--w c:\documents and settings\All Users.WINDOWS\Application Data\PKP_DLdw.DAT
2008-12-11 15:49 --------- d-----w c:\documents and settings\Guest\Application Data\Nero
2008-12-09 18:06 --------- d-----w c:\program files\NCH Software
2008-12-09 18:04 --------- d-----w c:\program files\NCH Swift Sound
2008-12-09 18:04 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\NCH Swift Sound
2008-12-09 18:03 --------- d-----w c:\documents and settings\dj\Application Data\NCH Swift Sound
2008-12-07 05:52 --------- d-----w c:\documents and settings\dj\Application Data\Creative
2008-12-05 02:49 --------- d-----w c:\program files\Daniusoft
2008-11-28 23:41 --------- d-----w c:\program files\CyberLink
2008-11-28 23:39 --------- d-----w c:\program files\Yahoo! Games
2008-11-28 23:35 --------- d-----w c:\program files\Azureus
2008-11-28 22:43 --------- d-----w c:\program files\HP
2008-11-28 22:43 --------- d-----w c:\program files\Hewlett-Packard
2008-11-28 22:21 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Hewlett-Packard
2008-11-28 22:02 --------- d-----w c:\program files\Common Files\HP
2008-11-27 17:49 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Symantec
2008-10-29 00:28 65,320 ----a-w c:\windows\system32\sbbd.exe
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 10:20 667,648 ----a-w c:\windows\system32\wininet.dll
2008-04-28 06:02 0 -c--a-w c:\documents and settings\All Users.WINDOWS\Application Data\PKP_DLbz.DAT
2007-08-26 23:01 561 -c--a-w c:\program files\Uninstall Rhapsody.lnk
2007-08-26 23:01 535 -c--a-w c:\program files\Update Windows Components.lnk
2007-08-26 23:01 535 -c--a-w c:\program files\Delete Helix Licenses.lnk
2007-08-26 23:01 525 -c--a-w c:\program files\Update Helix Components.lnk
2007-08-26 22:18 17,883 -c--a-w c:\program files\install.001
2007-08-07 02:01 188,682 -c--a-w c:\program files\WiseUpd2.exe
2007-08-07 02:01 1,522,683 -c--a-w c:\program files\rhapsody.rsk
2007-08-06 23:51 671,744 -c--a-w c:\program files\xviews.dll
2007-08-05 20:43 201,480 -c--a-w c:\program files\language.xml
2007-06-21 23:40 86,016 -c--a-w c:\program files\wpdhelper.dll
2007-06-02 09:20 733,184 -c--a-w c:\program files\dtdr3260.dll
2007-06-02 09:19 39,424 -c--a-w c:\program files\mmcdda32.dll
2007-06-02 09:19 102,400 -c--a-w c:\program files\gdihelpr.dll
2007-06-02 09:18 372,736 -c--a-w c:\program files\dbclient.exe
2007-06-02 09:16 192,512 -c--a-w c:\program files\RhapDrmClean.exe
2007-06-02 09:13 13,824 -c--a-w c:\program files\pnrs3260.dll
2007-06-02 09:00 53,248 -c--a-w c:\program files\rnlog.dll
2007-03-27 18:28 245,760 -c--a-w c:\program files\Uninstall Ask Toolbar.dll
2007-02-21 20:58 4,636 -c--a-w c:\program files\print.htm
2007-01-31 00:32 266,240 -c--a-w c:\program files\RhapSupport.exe
2006-09-12 21:50 1,901 -c--a-w c:\program files\BackupDRMFolder.bat
2005-10-21 00:03 568 -c--a-w c:\program files\fpsectbl
2005-04-22 02:20 5,344 -c--a-w c:\program files\Unwise32.ini
2005-04-22 02:20 162,304 -c--a-w c:\program files\Unwise32.exe
2005-01-06 01:45 719,360 -c--a-w c:\program files\dbghelp.dll
2004-12-17 21:20 499,712 -c--a-w c:\program files\msvcp71.dll
2004-12-17 21:20 348,160 -c--a-w c:\program files\msvcr71.dll
2004-05-04 01:08 331,776 -c--a-w c:\program files\CDDBRealControl.dll
2002-07-27 00:02 153,088 ----a-w c:\program files\UNWISE.EXE
2002-03-15 22:55 352,256 -c--a-w c:\program files\xmencmp3.dll
2001-06-22 23:31 278,528 -c--a-w c:\program files\pncrt.dll
2008-06-30 20:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((( snapshot_2009-01-09_ 7.18.36.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:51:04 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
- 2006-05-05 09:41:45 453,120 -c----w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-01-10 11:01:48 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2009-01-01 11:02:53 12,288 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-01-10 11:20:56 12,288 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-01-01 11:02:53 135,168 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-01-10 11:20:56 135,168 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-01-01 11:02:53 11,264 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-01-10 11:20:56 11,264 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-01-01 11:02:53 27,136 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-01-10 11:20:56 27,136 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-01-01 11:02:53 4,096 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-01-10 11:20:56 4,096 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-01-01 11:02:53 794,624 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-01-10 11:20:57 794,624 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-01-01 11:02:53 249,856 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-01-10 11:20:56 249,856 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-01-01 11:02:53 23,040 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-01-10 11:20:57 23,040 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-01-01 11:02:53 286,720 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-01-10 11:20:56 286,720 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-01-01 11:02:53 409,600 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-01-10 11:20:56 409,600 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-01-09 18:05:00 22,486 ----a-r c:\windows\Installer\{CBC11EBE-CF8A-43B3-83DD-8D3A1FEB4E1A}\ARPPRODUCTICON.exe
+ 2009-01-09 18:05:00 61,440 ----a-r c:\windows\Installer\{CBC11EBE-CF8A-43B3-83DD-8D3A1FEB4E1A}\NewShortcut2_339C927BB4B547F9804FDF51F01D2D57.exe
+ 2009-01-09 18:05:00 61,440 ----a-r c:\windows\Installer\{CBC11EBE-CF8A-43B3-83DD-8D3A1FEB4E1A}\NewShortcut21_339C927BB4B547F9804FDF51F01D2D57.exe
- 2008-08-20 05:33:19 1,024,000 ----a-w c:\windows\system32\browseui.dll
+ 2008-10-16 10:20:52 1,024,000 ----a-w c:\windows\system32\browseui.dll
- 2008-08-20 05:33:17 151,040 ----a-w c:\windows\system32\cdfview.dll
+ 2008-10-16 10:20:42 151,040 ----a-w c:\windows\system32\cdfview.dll
- 2008-08-20 05:33:18 1,054,208 ----a-w c:\windows\system32\danim.dll
+ 2008-10-16 10:20:45 1,054,208 ----a-w c:\windows\system32\danim.dll
- 2008-08-20 05:33:19 1,024,000 -c----w c:\windows\system32\dllcache\browseui.dll
+ 2008-10-16 10:20:52 1,024,000 -c----w c:\windows\system32\dllcache\browseui.dll
- 2008-08-20 05:33:17 151,040 -c----w c:\windows\system32\dllcache\cdfview.dll
+ 2008-10-16 10:20:42 151,040 -c----w c:\windows\system32\dllcache\cdfview.dll
- 2008-07-19 05:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 22:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2008-08-20 05:33:18 1,054,208 -c--a-w c:\windows\system32\dllcache\danim.dll
+ 2008-10-16 10:20:45 1,054,208 -c--a-w c:\windows\system32\dllcache\danim.dll
- 2008-08-20 05:33:18 357,888 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 10:20:45 357,888 -c----w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-20 05:33:18 205,312 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 10:20:45 205,312 -c----w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-20 05:33:18 55,808 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 10:20:46 55,808 -c----w c:\windows\system32\dllcache\extmgr.dll
- 2008-02-20 06:51:05 282,624 -c----w c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-23 13:01:36 283,648 -c----w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-19 09:38:57 18,432 -c----w c:\windows\system32\dllcache\iedw.exe
+ 2008-10-15 14:18:21 18,432 -c----w c:\windows\system32\dllcache\iedw.exe
- 2008-08-20 05:33:18 251,904 -c----w c:\windows\system32\dllcache\iepeers.dll
+ 2008-10-16 10:20:46 251,904 -c----w c:\windows\system32\dllcache\iepeers.dll
- 2008-08-20 05:33:18 96,256 -c----w c:\windows\system32\dllcache\inseng.dll
+ 2008-10-16 10:20:46 96,256 -c----w c:\windows\system32\dllcache\inseng.dll
- 2008-08-20 05:33:19 16,384 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 10:20:50 16,384 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-19 04:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 09:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2006-05-05 09:41:45 453,120 -c----w c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
- 2008-08-20 05:33:20 3,067,392 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-12 17:27:54 3,067,392 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-20 05:33:19 449,024 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 10:20:50 449,024 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-20 05:33:18 146,432 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 10:20:46 146,432 -c----w c:\windows\system32\dllcache\msrating.dll
- 2008-08-20 05:33:18 532,480 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 10:20:46 532,480 -c----w c:\windows\system32\dllcache\mstime.dll
- 2007-06-26 06:08:16 1,104,896 -c--a-w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 -c--a-w c:\windows\system32\dllcache\msxml3.dll
- 2006-08-17 12:28:27 332,288 -c--a-w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:55 332,800 -c--a-w c:\windows\system32\dllcache\netapi32.dll
- 2008-08-20 05:33:18 39,424 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 10:20:46 39,424 -c----w c:\windows\system32\dllcache\pngfilt.dll
- 2008-08-20 05:33:19 1,499,136 -c----w c:\windows\system32\dllcache\shdocvw.dll
+ 2008-10-16 10:20:48 1,499,136 -c----w c:\windows\system32\dllcache\shdocvw.dll
- 2008-08-20 05:33:19 474,112 -c----w c:\windows\system32\dllcache\shlwapi.dll
+ 2008-10-16 10:20:51 474,112 -c----w c:\windows\system32\dllcache\shlwapi.dll
- 2006-08-21 16:52:08 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:15:47 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-20 05:33:19 619,008 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 10:20:53 619,008 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-20 05:33:19 667,648 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 10:20:49 667,648 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2006-10-19 05:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 13:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-19 05:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 13:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-07-19 05:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 22:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-19 05:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 22:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-19 05:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 22:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-19 05:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 22:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-07-19 05:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 22:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2008-07-19 05:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 22:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
- 2006-05-05 09:41:45 453,120 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
- 2007-11-06 18:00:58 87,848 ----a-w c:\windows\system32\drivers\SBREDrv.sys
+ 2008-10-23 12:09:24 92,464 ----a-w c:\windows\system32\drivers\SBREDrv.sys
- 2008-08-20 05:33:18 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 10:20:45 357,888 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-20 05:33:18 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 10:20:45 205,312 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-20 05:33:18 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 10:20:46 55,808 ----a-w c:\windows\system32\extmgr.dll
- 2008-08-20 05:33:18 251,904 ----a-w c:\windows\system32\iepeers.dll
+ 2008-10-16 10:20:46 251,904 ----a-w c:\windows\system32\iepeers.dll
- 2008-08-20 05:33:18 96,256 ----a-w c:\windows\system32\inseng.dll
+ 2008-10-16 10:20:46 96,256 ----a-w c:\windows\system32\inseng.dll
- 2008-08-20 05:33:19 16,384 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 10:20:50 16,384 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-19 04:03:58 100,864 -c--a-w c:\windows\system32\logagent.exe
+ 2008-06-18 09:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2008-10-07 20:19:42 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-08-20 05:33:20 3,067,392 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-12 17:27:54 3,067,392 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-20 05:33:19 449,024 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 10:20:50 449,024 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-20 05:33:18 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 10:20:46 146,432 ----a-w c:\windows\system32\msrating.dll
- 2008-08-20 05:33:18 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 10:20:46 532,480 ----a-w c:\windows\system32\mstime.dll
- 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-05-08 22:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll
+ 2008-10-01 00:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
- 2007-05-15 23:43:10 1,320,800 ----a-w c:\windows\system32\msxml6.dll
+ 2008-08-30 04:06:44 1,350,664 ----a-w c:\windows\system32\msxml6.dll
- 2006-08-17 12:28:27 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll
- 2008-08-20 05:33:18 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 10:20:46 39,424 ----a-w c:\windows\system32\pngfilt.dll
- 2008-08-20 05:33:19 1,499,136 ----a-w c:\windows\system32\shdocvw.dll
+ 2008-10-16 10:20:48 1,499,136 ----a-w c:\windows\system32\shdocvw.dll
- 2008-08-20 05:33:19 474,112 ----a-w c:\windows\system32\shlwapi.dll
+ 2008-10-16 10:20:51 474,112 ----a-w c:\windows\system32\shlwapi.dll
+ 2008-10-16 22:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 22:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-07-27 17:41:40 16,760 ------w c:\windows\system32\spmsg.dll
- 2006-08-21 16:52:08 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-07-14 11:09:18 62,976 ----a-w c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47:07 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2008-08-20 05:33:19 619,008 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 10:20:53 619,008 ----a-w c:\windows\system32\urlmon.dll
- 2006-10-19 05:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 13:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-19 05:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 13:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
- 2008-08-19 09:20:32 351,744 ----a-w c:\windows\system32\xpsp3res.dll
+ 2008-10-15 14:00:41 351,744 ----a-w c:\windows\system32\xpsp3res.dll
+ 2009-01-10 11:29:48 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_104.dat
+ 2008-10-01 00:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-10-01 00:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"SBAMTray"="c:\program files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2008-10-28 681256]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^hp instant support.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\hp instant support.lnk
backup=c:\windows\pss\hp instant support.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^dj^Start Menu^Programs^Startup^Azureus Ultra Accelerator.lnk]
path=c:\documents and settings\dj\Start Menu\Programs\Startup\Azureus Ultra Accelerator.lnk
backup=c:\windows\pss\Azureus Ultra Accelerator.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^dj^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\dj\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^dj^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\documents and settings\dj\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 18:54 623992 c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
-ra------ 2008-04-01 12:21 61440 c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2009-01-04 21:22 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 15:40 1884160 c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a--c--- 2006-02-09 21:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
--------- 2007-11-06 11:08 397312 c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2007-07-17 11:03 868352 c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2006-04-02 20:07 389120 c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
-----c--- 2005-04-08 14:09 102400 c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 18:10 1688872 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 06:03 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2004-06-16 06:03 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--ahs---- 2004-10-13 08:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 13:21 2213160 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 13:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
--------- 2005-03-17 10:10 536576 c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-08-18 18:41 1832272 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a--c--- 2007-06-21 19:38 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-03-09 00:01 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 19:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2008-06-27 17:24 19456 c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a--c--- 2006-08-11 13:56 18944 c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;c:\windows\system32\drivers\SSFS0BB8.sys [2007-07-01 20280]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-25 99376]
R3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2008-10-23 92464]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]
R4 SBAMSvc;CounterSpy Antispyware;c:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2008-10-28 886056]
S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\Drivers\Aldebaran.sys --> c:\windows\system32\Drivers\Aldebaran.sys [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*NewlyCreated* - SBAMSVC

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{961ba138-9a33-11dc-9e1f-00123fa652d6}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e78348b7-e4b6-11dc-9e5f-00123fa652d6}]
\Shell\AutoRun\command - M:\LinksysConnectPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f421acf7-f92a-11dc-9e66-00123fa652d6}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-12 c:\windows\Tasks\wrSpySweeper_L94129405544B41ED822BA7A8AB3BE024.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-06-21 17:57]

2009-01-12 c:\windows\Tasks\wrSpySweeper_L94129405544B41ED822BA7A8AB3BE024.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-06-21 17:57]

2009-01-12 c:\windows\Tasks\wrSpySweeper_L94129405544B41ED822BA7A8AB3BE024.job
- c:\","d:\","e:\","f:\","g:\","h:\","i:\","j:\","k:\","l:\" []
.
- - - - ORPHANS REMOVED - - - -

BHO-{F92E9705-546D-4BD2-A451-9EE8B6B1B679} - (no file)
Notify-jkkll - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: *.update.microsoft.com
Trusted Zone: .update.microsoft.com
Trusted Zone: download.windowsupdate.com

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\ewidoOnlineScan.dll - O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1}
hxxp://downloads.ewido.net/ewidoOnlineScan.cab

O16 -: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
FF - ProfilePath - c:\documents and settings\dj\Application Data\Mozilla\Firefox\Profiles\7626c3kx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\documents and settings\dj\Application Data\Mozilla\Firefox\Profiles\7626c3kx.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\dj\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 23:13:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-746137067-920026266-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1180)
c:\windows\system32\WRLogonNTF.dll
.
Completion time: 2009-01-12 23:20:52
ComboFix-quarantined-files.txt 2009-01-13 07:20:32
ComboFix2.txt 2009-01-09 15:21:05
ComboFix3.txt 2007-12-04 01:21:30

Pre-Run: 1,669,582,848 bytes free
Post-Run: 1,746,632,704 bytes free

545 --- E O F --- 2009-01-10 11:21:43

#14 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 13 January 2009 - 08:28 PM

mtnbay

Thanks for posting the log for me to look at

Let's Remove Combofix

Select Start ->> Run ->> type in combofix /u (there is a space between x and /) Then O.K.

Posted Image

You may now remove/delete/uninstall the other tools we used to clean your PC

Now that your log is clean

There are some final notes:
Lets create a clean System Restore point
the instructions are here
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:Download the latest version of
Java Runtime Environment (JRE) 6.u11.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u11-windowsi586-p.exe to install the newest version.
Update your Anti Virus Software

Use and maintain a Firewall
Visit Microsoft's Windows Update Site Frequently for critical updates

Backup your Important Documents and Files on a regular basisTo a disc or a USB key, not your Hardrive
You may want to read this article"So how did I get infected in the first place" by Tony Klein

surf safe
Posted Image
Microsoft MVP - Windows Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users