Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Wtih Trojans, Spyware/adware, Pop Ups


  • This topic is locked This topic is locked
18 replies to this topic

#1 squeeks01

squeeks01

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 21 July 2006 - 10:01 AM

Hi,

Im not experienced at all with the works of hijackers, worms, viruses etc..
I can comprehend if given clear instructions.

I just recently got my computer reformatted and wasn't given any software because they had deleted it and I no longer had the software (anti-virus, adware, etc.)
My bf got me some programs and I've installed them (Adaware, NOD32 antivirus system, SpyBot search&destroy) and when I do scans particularly with Spybot, I receive multiple results of tracking cookies.

But none of these programs have stopped with me having a NUMEROUS amount of pop ups. I have many including adult sites, poker/bingo as well as alot of which tell me that my system is critical, and that it is infected ...and these links lead me to antivirus/spyware downloads.

I currently use FIREFOX. The response of my computer has decreased alot, and is running very slowly even though I have Cable internet.

Here is my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 10:54:38 AM, on 21/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\D-Link AirPlus G\AirPlus.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: userinit.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


thank you for your time

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:45 PM

Posted 22 July 2006 - 09:09 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download Ewido Anti-spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido scan report along with a new hijackthis log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 squeeks01

squeeks01
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 22 July 2006 - 10:34 AM

Okay I did that

here is my new HJT log

Logfile of HijackThis v1.99.1
Scan saved at 11:30:06 AM, on 22/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\D-Link AirPlus G\AirPlus.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: userinit.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



and Ewido report:

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:24:05 AM 22/07/2006

+ Scan result:



:mozilla.26:C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\xr8pvxzl.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.7:C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\xr8pvxzl.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Rachel\Cookies\rachel@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.31:C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\xr8pvxzl.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.32:C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\xr8pvxzl.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.33:C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\xr8pvxzl.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.36:C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\xr8pvxzl.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
C:\WINDOWS\system32\jxwgbvqi.exe -> Trojan.Agent.ny : No action taken.
C:\WINDOWS\system32\nfmouqyb.exe -> Trojan.Agent.ny : No action taken.


::Report end

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:45 PM

Posted 22 July 2006 - 09:21 PM

You must disable Spybot's Teatimer function before proceeding with this fix. Otherwise it will intefere with hijackthis.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
==============


Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O20 - AppInit_DLLs: userinit.dll
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)



==============


Delete this file, if present.

C:\WINDOWS\System32\userinit.dll


Delete this folder, if present.

C:\Program Files\ipwins


==============


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Also post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 squeeks01

squeeks01
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 24 July 2006 - 08:52 AM

I did the first part but when trying to do the Kaspersky Online Scanner nothing happens.
Nothing is responding and I'm not prompted to install an ActiveX component.
Is there another webscanner for this step that I may use?

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:45 PM

Posted 24 July 2006 - 04:18 PM

Are you using Internet Explorer? It won't work with Firefox.

Here is another one that you can try.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 squeeks01

squeeks01
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 25 July 2006 - 07:26 PM

My ACTIVE SCAN Report


Incident Status Location

Adware:adware/securityerror Not disinfected c:\windows\system32\ot.ico
Spyware:spyware/surfsidekick Not disinfected
C:\Documents and Settings\Rachel\Local Settings\Temporary Internet Files\Ssk.log
Hacktool:rootkit/zaqt.a Not disinfected hkey_local_machine\system\currentcontrolset\services\DP1112
Spyware:Cookie/Searchportal Not disinfected
C:\Documents and Settings\Administrator\Cookies\administrator@searchportal.information[1].txt
Spyware:Cookie/YieldManager Not disinfected
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\xr8pvxzl.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\xr8pvxzl.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Casalemedia Not disinfected
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\xr8pvxzl.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\xr8pvxzl.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/WebtrendsLive Not disinfected
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\xr8pvxzl.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/AdDynamix Not disinfected
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\xr8pvxzl.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/BurstNet Not disinfected
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\xr8pvxzl.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/AdDynamix Not disinfected
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\xr8pvxzl.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\xr8pvxzl.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\xr8pvxzl.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Atwola Not disinfected
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\xr8pvxzl.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Ccbill Not disinfected
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\xr8pvxzl.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Reliablestats Not disinfected
C:\Documents and Settings\Rachel\Cookies\rachel@stats1.reliablestats[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected
C:\Documents and Settings\Rachel\Cookies\rachel@www.myaffiliateprogram[1].txt



My HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:24:22 PM, on 25/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\D-Link AirPlus G\AirPlus.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: userinit.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Now the pop ups haven't been as much but for some reason I'm getting a bunch of Adult sites as well as Online Dating pop ups and I obviously don't go on any sites in that area and don't visit much sites anyway ..especially ones that are sketchy.

Edited by squeeks01, 25 July 2006 - 07:27 PM.


#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:45 PM

Posted 25 July 2006 - 07:49 PM

Disable Teatimer before proceeding to the next step.

We also need to disable Adwatch.

To disable Ad-Watch:

1. Right click on the Ad-Watch icon in the system tray and select "Restore Ad-Watch".
2. At the bottom of the screen there will be two checkable items called "Active" and "Automatic".Active: Switches Monitoring On or Off without closing
Automatic: Switches Automatic Blocking On or Off
3. Uncheck (red X) both items.




Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O20 - AppInit_DLLs: userinit.dll
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)



============


Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 squeeks01

squeeks01
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 25 July 2006 - 08:24 PM

is this better now??

Logfile of HijackThis v1.99.1
Scan saved at 9:22:24 PM, on 25/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\D-Link AirPlus G\AirPlus.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\Program Files\HijackThis\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:45 PM

Posted 25 July 2006 - 08:27 PM

Yes, your log looks pretty good. But post a log from Combofix, especially if you are still getting popups.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 squeeks01

squeeks01
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 25 July 2006 - 08:28 PM

What is Combofix??

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:45 PM

Posted 25 July 2006 - 08:32 PM

You must have missed that part in my last post. :thumbsup:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 squeeks01

squeeks01
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 25 July 2006 - 08:44 PM

I did miss that :thumbsup: hah thanks


here it is:

Start Time= 25/07/2006 21:37:30.08
Running from: C:\Program Files\Mozilla Firefox

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-24 23:17:14 ( .D... ) "C:\Program Files\Common Files\Stardock"
2006-07-24 23:17:08 ( .D... ) "C:\Program Files\Stardock"
2006-07-24 17:38:14 65556 ( A.... ) "C:\WINDOWS\system32\dwyfsjlt.exe"
2006-07-21 11:05:52 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-21 10:52:28 ( .D... ) "C:\Program Files\HijackThis"
2006-07-20 01:14:24 ( .D... ) "C:\Program Files\Windows Live Safety Center"
2006-07-19 10:40:38 ( .D... ) "C:\Program Files\Zone Labs"
2006-07-12 11:55:22 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-07-12 05:51:20 569396 ( ..SH. ) "C:\WINDOWS\system32\iiffe.dll"
2006-07-12 00:24:38 270336 ( A.... ) "C:\WINDOWS\system32\imon.dll"
2006-07-12 00:24:30 ( .D... ) "C:\Program Files\ESET"
2006-07-11 23:36:42 ( .D... ) "C:\Documents and Settings\Rachel\Application Data\Lavasoft"
2006-07-11 23:35:10 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-11 23:30:42 ( .D... ) "C:\Program Files\WinRAR"
2006-07-11 22:55:24 ( .D... ) "C:\Program Files\MSXML 4.0"
2006-07-11 15:42:12 ( .D... ) "C:\Documents and Settings\Rachel\Application Data\MSN6"
2006-07-11 15:23:58 2 ( A.... ) "C:\WINDOWS\system32\wnstssv.exe"
2006-07-11 15:23:54 ( .D... ) "C:\Program Files\Common Files\?dobe"
2006-07-11 15:14:34 0 ( A..H. ) "C:\Program Files\Toolbar888"
2006-07-11 15:14:04 ( .D... ) "C:\Program Files\Common Files\{BC864442-0253-1033-0224-001005990002}"
2006-07-11 15:07:44 ( .D... ) "C:\Program Files\Common Files\Adobe Systems Shared"
2006-07-06 18:11:40 ( .D... ) "C:\Documents and Settings\Rachel\Application Data\Macromedia"
2006-07-06 17:55:04 ( .D... ) "C:\Program Files\Common Files\Logitech"
2006-07-06 17:54:26 81920 ( ....R ) "C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe"
2006-07-06 17:54:22 ( .D... ) "C:\Program Files\Logitech"
2006-07-06 16:35:52 ( .D... ) "C:\Program Files\Messenger Plus! Live"
2006-07-06 15:57:56 ( .D... ) "C:\Program Files\MSN Messenger"
2006-07-06 15:33:18 ( .D... ) "C:\Documents and Settings\Rachel\Application Data\Mozilla"
2006-07-06 15:33:16 ( .D... ) "C:\Program Files\Mozilla Firefox"
2006-07-06 15:31:06 ( .D... ) "C:\Documents and Settings\Rachel\Application Data\Help"
2006-07-06 15:21:44 ( .D... ) "C:\Program Files\Common Files\Adobe"
2006-07-06 15:21:44 ( .D... ) "C:\Program Files\Adobe"
2006-07-06 15:21:44 ( .D... ) "C:\Documents and Settings\Rachel\Application Data\InterTrust"
2006-07-06 15:21:44 ( .D... ) "C:\Documents and Settings\Rachel\Application Data\Adobe"
2006-07-06 15:17:12 ( .D... ) "C:\Program Files\D-Link AirPlus G"
2006-07-06 15:13:14 ( .D... ) "C:\Documents and Settings\Rachel\Application Data\Identities"
2006-07-06 15:12:56 ( .DS.. ) "C:\Documents and Settings\Rachel\Application Data\Microsoft"
2006-07-06 11:14:12 ( .D... ) "C:\Program Files\Common Files\Ahead"
2006-07-06 11:14:06 ( .D... ) "C:\Program Files\Ahead"
2006-07-06 10:31:58 ( .D... ) "C:\Program Files\Common Files\L&H"
2006-07-06 10:31:40 ( .D... ) "C:\Program Files\Microsoft.NET"
2006-07-06 10:31:22 ( .D... ) "C:\Program Files\Microsoft ActiveSync"
2006-07-06 10:30:26 ( .D... ) "C:\Program Files\Common Files\DESIGNER"
2006-07-06 10:30:20 ( .D... ) "C:\Program Files\Microsoft Works"
2006-07-06 10:30:04 ( .D... ) "C:\Program Files\Microsoft Visual Studio"
2006-07-06 10:29:24 ( .D... ) "C:\Program Files\Microsoft Office"
2006-07-06 10:09:22 ( .D... ) "C:\Program Files\Google"
2006-07-05 23:24:28 ( .D... ) "C:\Program Files\CyberLink"
2006-07-05 23:09:34 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2006-07-05 23:09:02 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2006-07-05 23:02:42 502272 ( A.... ) "C:\WINDOWS\system32\winlogon.exe"
2006-07-05 22:44:00 47564 ( A.SHR ) "C:\NTDETECT.COM"
2006-07-05 17:28:56 ( .D.H. ) "C:\Program Files\Uninstall Information"
2006-07-05 17:21:12 ( .D... ) "C:\Program Files\xerox"
2006-07-05 17:21:12 ( .D... ) "C:\Program Files\microsoft frontpage"
2006-07-05 17:20:30 0 ( A.... ) "C:\AUTOEXEC.BAT"
2006-07-05 17:17:30 ( .D... ) "C:\Program Files\Movie Maker"
2006-07-05 17:16:56 ( .D... ) "C:\Program Files\Windows Media Player"
2006-07-05 17:16:52 ( .D... ) "C:\Program Files\NetMeeting"
2006-07-05 17:16:50 ( .D... ) "C:\Program Files\Common Files\Services"
2006-07-05 17:16:44 ( .D... ) "C:\Program Files\Outlook Express"
2006-07-05 17:16:40 ( .D... ) "C:\Program Files\Common Files\MSSoap"
2006-07-05 17:16:36 ( .D... ) "C:\Program Files\Common Files\System"
2006-07-05 17:16:34 ( .D... ) "C:\Program Files\Internet Explorer"
2006-07-05 17:15:28 ( .D... ) "C:\Program Files\ComPlus Applications"
2006-07-05 17:15:14 ( .D.H. ) "C:\Program Files\WindowsUpdate"
2006-07-05 17:15:14 ( .D... ) "C:\Program Files\Online Services"
2006-07-05 17:15:00 ( .D... ) "C:\Program Files\Messenger"
2006-07-05 17:14:52 ( .D... ) "C:\Program Files\MSN"
2006-07-05 17:14:48 ( .D... ) "C:\Program Files\MSN Gaming Zone"
2006-07-05 17:14:34 ( .D... ) "C:\Program Files\Windows NT"
2006-07-05 12:59:26 ( .D... ) "C:\Program Files\Common Files\ODBC"
2006-07-05 12:59:22 ( .D... ) "C:\Program Files\Common Files\SpeechEngines"
2006-07-05 12:59:22 ( .D... ) "C:\Program Files\Common Files\Microsoft Shared"
2006-07-05 12:59:22 ( .D... ) "C:\Program Files\Common Files"
2006-07-05 12:58:52 62 ( A.SH. ) "C:\Documents and Settings\Rachel\Application Data\desktop.ini"
2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-18 17:54:58 394872 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-06-18 17:54:58 394872 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-06-18 17:54:26 83960 ( A.... ) "C:\WINDOWS\system32\zlcomm.dll"
2006-06-18 17:54:26 71672 ( A.... ) "C:\WINDOWS\system32\zlcommdb.dll"
2006-06-18 17:54:24 100344 ( A.... ) "C:\WINDOWS\system32\vsxml.dll"
2006-06-18 17:54:24 59384 ( A.... ) "C:\WINDOWS\system32\vswmi.dll"
2006-06-18 17:54:22 440312 ( A.... ) "C:\WINDOWS\system32\vsutil.dll"
2006-06-18 17:54:22 71672 ( A.... ) "C:\WINDOWS\system32\vsregexp.dll"
2006-06-18 17:54:20 268280 ( A.... ) "C:\WINDOWS\system32\vspubapi.dll"
2006-06-18 17:54:20 157688 ( A.... ) "C:\WINDOWS\system32\vsinit.dll"
2006-06-18 17:54:20 104440 ( A.... ) "C:\WINDOWS\system32\vsmonapi.dll"
2006-06-18 17:54:18 83960 ( A.... ) "C:\WINDOWS\system32\vsdata.dll"
2006-06-18 17:54:08 796584 ( A.... ) "C:\WINDOWS\system32\libeay32_0.9.6l.dll"
2006-06-16 14:34:44 48936 ( A.... ) "C:\WINDOWS\system32\sirenacm.dll"
2006-05-19 08:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 08:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 08:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2006-05-09 22:36:46 6656 ( ..... ) "C:\WINDOWS\system32\WdfMgr.exe"
2006-05-09 22:36:46 6656 ( ..... ) "C:\WINDOWS\system32\uWDF.exe"
2006-05-09 22:26:34 7706112 ( A.... ) "C:\WINDOWS\system32\wmploc.dll"
2006-05-09 22:26:34 1641472 ( ..... ) "C:\WINDOWS\system32\wmpencen.dll"
2006-05-09 22:26:34 1280000 ( ..... ) "C:\WINDOWS\system32\WMSPDMOE.dll"
2006-05-09 22:26:34 1063424 ( A.... ) "C:\WINDOWS\system32\WMADMOE.dll"
2006-05-09 22:26:34 992256 ( A.... ) "C:\WINDOWS\system32\WMNetMgr.dll"
2006-05-09 22:26:34 705024 ( A.... ) "C:\WINDOWS\system32\WMADMOD.dll"
2006-05-09 22:26:34 564736 ( ..... ) "C:\WINDOWS\system32\WMSPDMOD.dll"
2006-05-09 22:26:34 433152 ( ..... ) "C:\WINDOWS\system32\wmpeffects.dll"
2006-05-09 22:26:34 417280 ( ..... ) "C:\WINDOWS\system32\wmdrmdev.dll"
2006-05-09 22:26:34 337408 ( ..... ) "C:\WINDOWS\system32\wmdrmnet.dll"
2006-05-09 22:26:34 306688 ( A.... ) "C:\WINDOWS\system32\MSWMDM.dll"
2006-05-09 22:26:34 301056 ( ..... ) "C:\WINDOWS\system32\wmpdxm.dll"
2006-05-09 22:26:34 267776 ( ..... ) "C:\WINDOWS\system32\Audiodev.dll"
2006-05-09 22:26:34 237056 ( ..... ) "C:\WINDOWS\system32\wmpasf.dll"
2006-05-09 22:26:34 221696 ( A.... ) "C:\WINDOWS\system32\WMASF.dll"
2006-05-09 22:26:34 219648 ( A.... ) "C:\WINDOWS\system32\CEWMDM.dll"
2006-05-09 22:26:34 212480 ( A.... ) "C:\WINDOWS\system32\msnetobj.dll"
2006-05-09 22:26:34 203776 ( ..... ) "C:\WINDOWS\system32\wmpsrcwp.dll"
2006-05-09 22:26:34 201728 ( A.... ) "C:\WINDOWS\system32\qasf.dll"
2006-05-09 22:26:34 165376 ( A.... ) "C:\WINDOWS\system32\MsPMSP.dll"
2006-05-09 22:26:34 155136 ( ..... ) "C:\WINDOWS\system32\wmidx.dll"
2006-05-09 22:26:34 135680 ( ..... ) "C:\WINDOWS\system32\wmpps.dll"
2006-05-09 22:26:34 97792 ( A.... ) "C:\WINDOWS\system32\wmpshell.dll"
2006-05-09 22:26:34 36864 ( A.... ) "C:\WINDOWS\system32\WMDMPS.dll"
2006-05-09 22:26:34 31744 ( A.... ) "C:\WINDOWS\system32\WMDMLOG.dll"
2006-05-09 22:26:34 26112 ( ..... ) "C:\WINDOWS\system32\MsPMSNSv.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmvdmod.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmsdmod.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\MPG4DMOD.dll"
2006-05-09 22:26:34 4096 ( ..... ) "C:\WINDOWS\system32\wmvdmoe2.dll"
2006-05-09 22:26:34 4096 ( ..... ) "C:\WINDOWS\system32\WMVADVE.DLL"
2006-05-09 22:26:34 4096 ( ..... ) "C:\WINDOWS\system32\WMVADVD.dll"
2006-05-09 22:26:34 4096 ( ..... ) "C:\WINDOWS\system32\wmsdmoe2.dll"
2006-05-09 22:26:34 4096 ( ..... ) "C:\WINDOWS\system32\wdfApi.dll"
2006-05-09 22:26:34 4096 ( ..... ) "C:\WINDOWS\system32\MP4SDMOD.dll"
2006-05-09 22:26:34 4096 ( ..... ) "C:\WINDOWS\system32\MP43DMOD.dll"
2006-05-09 22:26:32 218112 ( ..... ) "C:\WINDOWS\system32\wmerror.dll"
2006-05-09 22:26:32 9728 ( A.... ) "C:\WINDOWS\system32\LAPRXY.dll"
2006-05-09 22:26:32 7168 ( A.... ) "C:\WINDOWS\system32\asferror.dll"
2006-05-09 22:22:32 2463744 ( A.... ) "C:\WINDOWS\system32\wmvcore.dll"
2006-05-09 21:02:02 84480 ( A.... ) "C:\WINDOWS\system32\logagent.exe"
2006-05-09 21:01:06 1463808 ( ..... ) "C:\WINDOWS\system32\WMVDECOD.dll"
2006-05-09 21:01:06 1359360 ( ..... ) "C:\WINDOWS\system32\WMVSDECD.dll"
2006-05-09 21:00:58 1455616 ( ..... ) "C:\WINDOWS\system32\WMVENCOD.dll"
2006-05-09 21:00:58 770560 ( ..... ) "C:\WINDOWS\system32\WMVSENCD.dll"
2006-05-09 21:00:58 299520 ( ..... ) "C:\WINDOWS\system32\MP4SDECD.dll"
2006-05-09 21:00:58 241152 ( ..... ) "C:\WINDOWS\system32\MPG4DECD.dll"
2006-05-09 21:00:56 636928 ( ..... ) "C:\WINDOWS\system32\WMVXENCD.dll"
2006-05-09 21:00:56 241152 ( ..... ) "C:\WINDOWS\system32\MP43DECD.dll"
2006-05-09 21:00:22 546816 ( ..... ) "C:\WINDOWS\system32\wmpmde.dll"
2006-05-09 21:00:08 382976 ( ..... ) "C:\WINDOWS\system32\MFPLAT.dll"
2006-05-09 21:00:02 1350656 ( A.... ) "C:\WINDOWS\system32\drmv2clt.dll"
2006-05-09 20:59:34 513536 ( ..... ) "C:\WINDOWS\system32\wmdrmsdk.dll"
2006-05-09 20:59:20 417280 ( A.... ) "C:\WINDOWS\system32\MSSCP.dll"
2006-05-09 20:59:18 229376 ( ..... ) "C:\WINDOWS\system32\drmupgds.exe"
2006-05-09 20:59:14 585216 ( A.... ) "C:\WINDOWS\system32\blackbox.dll"
2006-05-09 20:58:54 3745280 ( ..... ) "C:\WINDOWS\system32\WpdShext.dll"
2006-05-09 20:58:54 52224 ( ..... ) "C:\WINDOWS\system32\WPDShServiceObj.dll"
2006-05-09 20:58:54 13824 ( ..... ) "C:\WINDOWS\system32\wpdshextautoplay.exe"
2006-05-09 20:58:50 670208 ( ..... ) "C:\WINDOWS\system32\wpd_ci.dll"
2006-05-09 20:58:50 103424 ( ..... ) "C:\WINDOWS\system32\PortableDeviceWiaCompat.dll"
2006-05-09 20:58:48 345600 ( ..... ) "C:\WINDOWS\system32\PortableDeviceApi.dll"
2006-05-09 20:58:48 188928 ( ..... ) "C:\WINDOWS\system32\PortableDeviceWMDRM.dll"
2006-05-09 20:58:48 101376 ( ..... ) "C:\WINDOWS\system32\PortableDeviceClassExtension.dll"
2006-05-09 20:58:46 343552 ( ..... ) "C:\WINDOWS\system32\WPDSp.dll"
2006-05-09 20:58:40 144896 ( ..... ) "C:\WINDOWS\system32\wpdmtp.dll"
2006-05-09 20:58:40 55808 ( ..... ) "C:\WINDOWS\system32\wpdmtpus.dll"
2006-05-09 20:58:40 35840 ( ..... ) "C:\WINDOWS\system32\wpdconns.dll"
2006-05-09 20:58:38 168960 ( ..... ) "C:\WINDOWS\system32\PortableDeviceTypes.dll"
2006-05-09 20:58:38 13312 ( ..... ) "C:\WINDOWS\system32\wpdtrace.dll"
2006-05-09 20:57:06 11264 ( ..... ) "C:\WINDOWS\system32\ehETW.dll"
2006-05-09 20:45:20 304640 ( ..... ) "C:\WINDOWS\system32\MSDelta.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-25 19:58 73,728 C:\WINDOWS\system32\asuninst.exe
2006-07-24 17:37 65,556 C:\WINDOWS\system32\dwyfsjlt.exe
2006-07-22 11:25 402,124,800 C:\hiberfil.sys
2006-07-19 10:41 83,960 C:\WINDOWS\system32\zlcomm.dll
2006-07-19 10:41 796,584 C:\WINDOWS\system32\libeay32_0.9.6l.dll
2006-07-19 10:41 71,672 C:\WINDOWS\system32\zlcommdb.dll
2006-07-19 10:41 71,672 C:\WINDOWS\system32\vsregexp.dll
2006-07-19 10:40 59,384 C:\WINDOWS\system32\vswmi.dll
2006-07-19 10:40 394,872 C:\WINDOWS\system32\vsdatant.sys
2006-07-19 10:40 268,280 C:\WINDOWS\system32\vspubapi.dll
2006-07-19 10:40 104,440 C:\WINDOWS\system32\vsmonapi.dll
2006-07-19 10:40 100,344 C:\WINDOWS\system32\vsxml.dll
2006-07-19 10:39 83,960 C:\WINDOWS\system32\vsdata.dll
2006-07-19 10:39 440,312 C:\WINDOWS\system32\vsutil.dll
2006-07-19 10:39 157,688 C:\WINDOWS\system32\vsinit.dll
2006-07-12 05:51 569,396 C:\WINDOWS\system32\iiffe.dll
2006-07-12 00:25 270,336 C:\WINDOWS\system32\imon.dll
2006-07-11 15:14 2 C:\WINDOWS\system32\wnstssv.exe
2006-07-06 17:59 53,760 C:\WINDOWS\system32\vfwwdm32.dll
2006-07-06 17:55 53,248 C:\WINDOWS\system32\InstMed.exe
2006-07-06 17:55 372,736 C:\WINDOWS\system32\LVUI2RC.dll
2006-07-06 17:55 208,896 C:\WINDOWS\system32\lvcodec2.dll
2006-07-06 17:55 204,800 C:\WINDOWS\system32\LVUI2.dll
2006-07-06 17:55 110,592 C:\WINDOWS\system32\lvcoinst.dll
2006-07-06 17:54 81,920 C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
2006-07-06 15:21 306,688 C:\WINDOWS\IsUninst.exe
2006-07-06 11:14 569,344 C:\WINDOWS\system32\imagr5.dll
2006-07-06 11:14 544,768 C:\WINDOWS\system32\imagx5.dll
2006-07-06 11:14 38,912 C:\WINDOWS\system32\picn20.dll
2006-07-06 11:14 283,920 C:\WINDOWS\system32\ImagXpr5.dll
2006-07-06 11:14 155,648 C:\WINDOWS\system32\NeroCheck.exe
2006-07-06 11:14 106,496 C:\WINDOWS\system32\TwnLib20.dll
2006-07-06 10:34 17,920 C:\WINDOWS\system32\mdimon.dll
2006-07-05 22:50 937,984 C:\WINDOWS\system32\winbrand.dll
2006-07-05 22:50 9,728 C:\WINDOWS\system32\comsdupd.exe
2006-07-05 22:50 88,064 C:\WINDOWS\system32\p2pnetsh.dll
2006-07-05 22:50 870,784 C:\WINDOWS\system32\ati3d1ag.dll
2006-07-05 22:50 86,016 C:\WINDOWS\system32\p2pgasvc.dll
2006-07-05 22:50 86,016 C:\WINDOWS\system32\mdmxsdk.dll
2006-07-05 22:50 81,920 C:\WINDOWS\system32\ieencode.dll
2006-07-05 22:50 81,408 C:\WINDOWS\system32\wscsvc.dll
2006-07-05 22:50 8,192 C:\WINDOWS\system32\smbinst.exe
2006-07-05 22:50 8,192 C:\WINDOWS\system32\bitsprx2.dll
2006-07-05 22:50 75,776 C:\WINDOWS\system32\strmfilt.dll
2006-07-05 22:50 73,832 C:\WINDOWS\system32\slcoinst.dll
2006-07-05 22:50 73,796 C:\WINDOWS\system32\slserv.exe
2006-07-05 22:50 71,680 C:\WINDOWS\system32\blastcln.exe
2006-07-05 22:50 7,680 C:\WINDOWS\system32\kbdsmsno.dll
2006-07-05 22:50 7,680 C:\WINDOWS\system32\kbdsmsfi.dll
2006-07-05 22:50 7,168 C:\WINDOWS\system32\kbdukx.dll
2006-07-05 22:50 7,168 C:\WINDOWS\system32\kbdno1.dll
2006-07-05 22:50 7,168 C:\WINDOWS\system32\kbdfi1.dll
2006-07-05 22:50 7,168 C:\WINDOWS\system32\hccoin.dll
2006-07-05 22:50 7,168 C:\WINDOWS\system32\bitsprx3.dll
2006-07-05 22:50 60,416 C:\WINDOWS\system32\fwcfg.dll
2006-07-05 22:50 6,656 C:\WINDOWS\system32\kbdinmal.dll
2006-07-05 22:50 6,656 C:\WINDOWS\system32\kbdinben.dll
2006-07-05 22:50 6,144 C:\WINDOWS\system32\kbdmlt48.dll
2006-07-05 22:50 6,144 C:\WINDOWS\system32\kbdmlt47.dll
2006-07-05 22:50 6,144 C:\WINDOWS\system32\kbdinbe1.dll
2006-07-05 22:50 564,736 C:\WINDOWS\system32\WMSPDMOD.dll
2006-07-05 22:50 537,088 C:\WINDOWS\system32\msftedit.dll
2006-07-05 22:50 526,848 C:\WINDOWS\system32\p2psvc.dll
2006-07-05 22:50 516,768 C:\WINDOWS\system32\ativvaxx.dll
2006-07-05 22:50 50,688 C:\WINDOWS\system32\btpanui.dll
2006-07-05 22:50 50,176 C:\WINDOWS\system32\xmlprovi.dll
2006-07-05 22:50 5,632 C:\WINDOWS\system32\kbdmaori.dll
2006-07-05 22:50 49,152 C:\WINDOWS\system32\powercfg.exe
2006-07-05 22:50 48,640 C:\WINDOWS\system32\pnrpnsp.dll
2006-07-05 22:50 465,176 C:\WINDOWS\system32\wuapi.dll
2006-07-05 22:50 44,032 C:\WINDOWS\system32\twext.dll
2006-07-05 22:50 438,784 C:\WINDOWS\system32\xpob2res.dll
2006-07-05 22:50 41,240 C:\WINDOWS\system32\wups.dll
2006-07-05 22:50 4,274,816 C:\WINDOWS\system32\nv4_disp.dll
2006-07-05 22:50 4,096 C:\WINDOWS\system32\wmvdmoe2.dll
2006-07-05 22:50 4,096 C:\WINDOWS\system32\wmsdmoe2.dll
2006-07-05 22:50 4,096 C:\WINDOWS\system32\MP4SDMOD.dll
2006-07-05 22:50 4,096 C:\WINDOWS\system32\MP43DMOD.dll
2006-07-05 22:50 4,096 C:\WINDOWS\system32\dsprpres.dll
2006-07-05 22:50 397,056 C:\WINDOWS\system32\s3gnb.dll
2006-07-05 22:50 377,984 C:\WINDOWS\system32\ati2dvaa.dll
2006-07-05 22:50 351,232 C:\WINDOWS\system32\winhttp.dll
2006-07-05 22:50 32,866 C:\WINDOWS\system32\slrundll.exe
2006-07-05 22:50 32,866 C:\WINDOWS\slrundll.exe
2006-07-05 22:50 32,768 C:\WINDOWS\system32\ativtmxx.dll
2006-07-05 22:50 32,768 C:\WINDOWS\system32\asr_pfu.exe
2006-07-05 22:50 32,285 C:\WINDOWS\system32\hsfcisp2.dll
2006-07-05 22:50 312,320 C:\WINDOWS\system32\p2pgraph.dll
2006-07-05 22:50 301,056 C:\WINDOWS\system32\wmpdxm.dll
2006-07-05 22:50 30,208 C:\WINDOWS\system32\bthserv.dll
2006-07-05 22:50 29,184 C:\WINDOWS\system32\sdhcinst.dll
2006-07-05 22:50 286,792 C:\WINDOWS\system32\slextspk.dll
2006-07-05 22:50 270,848 C:\WINDOWS\system32\sbe.dll
2006-07-05 22:50 26,112 C:\WINDOWS\system32\MsPMSNSv.dll
2006-07-05 22:50 24,576 C:\WINDOWS\system32\httpapi.dll
2006-07-05 22:50 237,056 C:\WINDOWS\system32\wmpasf.dll
2006-07-05 22:50 23,040 C:\WINDOWS\system32\fltmc.exe
2006-07-05 22:50 229,376 C:\WINDOWS\system32\ati2cqag.dll
2006-07-05 22:50 218,112 C:\WINDOWS\system32\wmerror.dll
2006-07-05 22:50 201,728 C:\WINDOWS\system32\ati2dvag.dll
2006-07-05 22:50 20,992 C:\WINDOWS\system32\bthci.dll
2006-07-05 22:50 20,480 C:\WINDOWS\system32\encapi.dll
2006-07-05 22:50 2,113,536 C:\WINDOWS\system32\dxdiagn.dll
2006-07-05 22:50 194,328 C:\WINDOWS\system32\wuaueng1.dll
2006-07-05 22:50 193,024 C:\WINDOWS\system32\fsquirt.exe
2006-07-05 22:50 188,508 C:\WINDOWS\system32\slgen.dll
2006-07-05 22:50 187,392 C:\WINDOWS\system32\xpsp1res.dll
2006-07-05 22:50 186,368 C:\WINDOWS\system32\encdec.dll
2006-07-05 22:50 173,536 C:\WINDOWS\system32\wuweb.dll
2006-07-05 22:50 172,312 C:\WINDOWS\system32\wuauclt1.exe
2006-07-05 22:50 17,408 C:\WINDOWS\system32\winshfhc.dll
2006-07-05 22:50 16,896 C:\WINDOWS\system32\fltlib.dll
2006-07-05 22:50 159,232 C:\WINDOWS\system32\sbeio.dll
2006-07-05 22:50 155,136 C:\WINDOWS\system32\wmidx.dll
2006-07-05 22:50 15,872 C:\WINDOWS\system32\w3ssl.dll
2006-07-05 22:50 14,336 C:\WINDOWS\system32\auditusr.exe
2006-07-05 22:50 134,656 C:\WINDOWS\system32\mssap.dll
2006-07-05 22:50 13,824 C:\WINDOWS\system32\wscntfy.exe
2006-07-05 22:50 13,824 C:\WINDOWS\system32\cmsetacl.dll
2006-07-05 22:50 129,536 C:\WINDOWS\system32\xmlprov.dll
2006-07-05 22:50 127,256 C:\WINDOWS\system32\wucltui.dll
2006-07-05 22:50 12,800 C:\WINDOWS\system32\spiisupd.exe
2006-07-05 22:50 118,784 C:\WINDOWS\system32\msdadiag.dll
2006-07-05 22:50 116,224 C:\WINDOWS\system32\p2p.dll
2006-07-05 22:50 108,032 C:\WINDOWS\system32\wshbth.dll
2006-07-05 22:50 1,888,992 C:\WINDOWS\system32\ati3duag.dll
2006-07-05 22:50 1,737,856 C:\WINDOWS\system32\mtxparhd.dll
2006-07-05 22:50 1,689,088 C:\WINDOWS\system32\d3d9.dll
2006-07-05 22:50 1,280,000 C:\WINDOWS\system32\WMSPDMOE.dll
2006-07-05 22:44 2,897,920 C:\WINDOWS\system32\xpsp2res.dll
2006-07-05 22:41 22,752 C:\WINDOWS\system32\spupdsvc.exe
2006-07-05 17:20 112,128 C:\WINDOWS\system32\mapi32.dll
2006-07-05 17:20 0 C:\MSDOS.SYS
2006-07-05 17:20 0 C:\IO.SYS
2006-07-05 17:20 0 C:\CONFIG.SYS
2006-07-05 17:20 0 C:\AUTOEXEC.BAT
2006-07-05 17:17 45,568 C:\WINDOWS\system32\safrslv.dll
2006-07-05 17:17 43,520 C:\WINDOWS\system32\safrcdlg.dll
2006-07-05 17:17 43,520 C:\WINDOWS\system32\racpldlg.dll
2006-07-05 17:17 382,464 C:\WINDOWS\system32\qmgr.dll
2006-07-05 17:17 29,696 C:\WINDOWS\system32\safrdm.dll
2006-07-05 17:17 18,944 C:\WINDOWS\system32\qmgrprxy.dll
2006-07-05 17:17 11,264 C:\WINDOWS\system32\atrace.dll
2006-07-05 17:16 81,920 C:\WINDOWS\system32\isign32.dll
2006-07-05 17:16 81,920 C:\WINDOWS\system32\ils.dll
2006-07-05 17:16 73,728 C:\WINDOWS\system32\icwdial.dll
2006-07-05 17:16 69,632 C:\WINDOWS\system32\msconf.dll
2006-07-05 17:16 679,424 C:\WINDOWS\system32\inetcomm.dll
2006-07-05 17:16 67,584 C:\WINDOWS\system32\srclient.dll
2006-07-05 17:16 65,536 C:\WINDOWS\system32\icwphbk.dll
2006-07-05 17:16 64,512 C:\WINDOWS\system32\acctres.dll
2006-07-05 17:16 48,128 C:\WINDOWS\system32\inetres.dll
2006-07-05 17:16 34,560 C:\WINDOWS\system32\mnmdd.dll
2006-07-05 17:16 32,768 C:\WINDOWS\system32\mnmsrvc.exe
2006-07-05 17:16 32,768 C:\WINDOWS\system32\isrdbg32.dll
2006-07-05 17:16 28,672 C:\WINDOWS\system32\nmmkcert.dll
2006-07-05 17:16 274,944 C:\WINDOWS\system32\mstask.dll
2006-07-05 17:16 274,432 C:\WINDOWS\system32\inetcfg.dll
2006-07-05 17:16 252,928 C:\WINDOWS\system32\msoeacct.dll
2006-07-05 17:16 239,104 C:\WINDOWS\system32\srrstr.dll
2006-07-05 17:16 190,976 C:\WINDOWS\system32\schedsvc.dll
2006-07-05 17:16 170,496 C:\WINDOWS\system32\srsvc.dll
2006-07-05 17:16 16,384 C:\WINDOWS\system32\icfgnt5.dll
2006-07-05 17:16 12,288 C:\WINDOWS\system32\nmevtmsg.dll
2006-07-05 17:16 12,288 C:\WINDOWS\system32\mstinit.exe
2006-07-05 17:16 105,984 C:\WINDOWS\system32\msoert2.dll
2006-07-05 17:14 97,792 C:\WINDOWS\system32\comrepl.dll
2006-07-05 17:14 956,416 C:\WINDOWS\system32\msdtctm.dll
2006-07-05 17:14 93,696 C:\WINDOWS\system32\tscfgwmi.dll
2006-07-05 17:14 91,136 C:\WINDOWS\system32\mtxoci.dll
2006-07-05 17:14 9,728 C:\WINDOWS\system32\reset.exe
2006-07-05 17:14 87,176 C:\WINDOWS\system32\rdpwsx.dll
2006-07-05 17:14 85,504 C:\WINDOWS\system32\catsrvps.dll
2006-07-05 17:14 80,384 C:\WINDOWS\system32\charmap.exe
2006-07-05 17:14 73,216 C:\WINDOWS\system32\avwav.dll
2006-07-05 17:14 67,072 C:\WINDOWS\system32\rdshost.exe
2006-07-05 17:14 655,360 C:\WINDOWS\system32\mstscax.dll
2006-07-05 17:14 625,152 C:\WINDOWS\system32\catsrvut.dll
2006-07-05 17:14 62,464 C:\WINDOWS\system32\rdpclip.exe
2006-07-05 17:14 605,696 C:\WINDOWS\system32\getuname.dll
2006-07-05 17:14 60,416 C:\WINDOWS\system32\remotepg.dll
2006-07-05 17:14 60,416 C:\WINDOWS\system32\colbact.dll
2006-07-05 17:14 6,656 C:\WINDOWS\system32\wuauserv.dll
2006-07-05 17:14 6,144 C:\WINDOWS\system32\msdtc.exe
2006-07-05 17:14 58,880 C:\WINDOWS\system32\msdtclog.dll
2006-07-05 17:14 58,880 C:\WINDOWS\system32\licwmi.dll
2006-07-05 17:14 56,832 C:\WINDOWS\system32\sol.exe
2006-07-05 17:14 56,320 C:\WINDOWS\system32\servdeps.dll
2006-07-05 17:14 55,296 C:\WINDOWS\system32\freecell.exe
2006-07-05 17:14 540,160 C:\WINDOWS\system32\comuid.dll
2006-07-05 17:14 54,272 C:\WINDOWS\system32\stclient.dll
2006-07-05 17:14 538,624 C:\WINDOWS\system32\spider.exe
2006-07-05 17:14 5,632 C:\WINDOWS\system32\write.exe
2006-07-05 17:14 5,120 C:\WINDOWS\system32\dcomcnfg.exe
2006-07-05 17:14 498,688 C:\WINDOWS\system32\clbcatq.dll
2006-07-05 17:14 44,544 C:\WINDOWS\system32\tscupgrd.exe
2006-07-05 17:14 44,544 C:\WINDOWS\system32\hticons.dll
2006-07-05 17:14 426,496 C:\WINDOWS\system32\msdtcprx.dll
2006-07-05 17:14 407,552 C:\WINDOWS\system32\mstsc.exe
2006-07-05 17:14 4,096 C:\WINDOWS\system32\rdpcfgex.dll
2006-07-05 17:14 4,096 C:\WINDOWS\system32\mtxex.dll
2006-07-05 17:14 38,912 C:\WINDOWS\system32\cfgbkend.dll
2006-07-05 17:14 35,328 C:\WINDOWS\system32\winchat.exe
2006-07-05 17:14 347,136 C:\WINDOWS\system32\hypertrm.dll
2006-07-05 17:14 343,040 C:\WINDOWS\system32\mspaint.exe
2006-07-05 17:14 33,792 C:\WINDOWS\system32\regini.exe
2006-07-05 17:14 295,424 C:\WINDOWS\system32\termsrv.dll
2006-07-05 17:14 25,600 C:\WINDOWS\system32\comaddin.dll
2006-07-05 17:14 25,088 C:\WINDOWS\system32\mtxlegih.dll
2006-07-05 17:14 227,840 C:\WINDOWS\system32\avtapi.dll
2006-07-05 17:14 225,792 C:\WINDOWS\system32\catsrv.dll
2006-07-05 17:14 22,016 C:\WINDOWS\system32\qwinsta.exe
2006-07-05 17:14 20,992 C:\WINDOWS\system32\msg.exe
2006-07-05 17:14 20,480 C:\WINDOWS\system32\qprocess.exe
2006-07-05 17:14 20,480 C:\WINDOWS\system32\mtxdm.dll
2006-07-05 17:14 19,968 C:\WINDOWS\system32\rdpsnd.dll
2006-07-05 17:14 183,808 C:\WINDOWS\system32\accwiz.exe
2006-07-05 17:14 17,408 C:\WINDOWS\system32\mmfutil.dll
2006-07-05 17:14 161,280 C:\WINDOWS\system32\msdtcuiu.dll
2006-07-05 17:14 16,896 C:\WINDOWS\system32\tsshutdn.exe
2006-07-05 17:14 16,896 C:\WINDOWS\system32\qappsrv.exe
2006-07-05 17:14 16,384 C:\WINDOWS\system32\tskill.exe
2006-07-05 17:14 16,384 C:\WINDOWS\system32\avmeter.dll
2006-07-05 17:14 15,872 C:\WINDOWS\system32\rwinsta.exe
2006-07-05 17:14 15,872 C:\WINDOWS\system32\cdmodem.dll
2006-07-05 17:14 15,360 C:\WINDOWS\system32\logoff.exe
2006-07-05 17:14 147,968 C:\WINDOWS\system32\rdchost.dll
2006-07-05 17:14 147,456 C:\WINDOWS\system32\comsnap.dll
2006-07-05 17:14 140,800 C:\WINDOWS\system32\sessmgr.exe
2006-07-05 17:14 14,848 C:\WINDOWS\system32\tsdiscon.exe
2006-07-05 17:14 14,848 C:\WINDOWS\system32\tscon.exe
2006-07-05 17:14 14,848 C:\WINDOWS\system32\shadow.exe
2006-07-05 17:14 138,752 C:\WINDOWS\system32\sndvol32.exe
2006-07-05 17:14 131,584 C:\WINDOWS\system32\sndrec32.exe
2006-07-05 17:14 13,824 C:\WINDOWS\system32\rdsaddin.exe
2006-07-05 17:14 126,976 C:\WINDOWS\system32\mshearts.exe
2006-07-05 17:14 124,184 C:\WINDOWS\system32\wuauclt.exe
2006-07-05 17:14 123,392 C:\WINDOWS\system32\mplay32.exe
2006-07-05 17:14 119,808 C:\WINDOWS\system32\winmine.exe
2006-07-05 17:14 114,688 C:\WINDOWS\system32\calc.exe
2006-07-05 17:14 110,080 C:\WINDOWS\system32\clbcatex.dll
2006-07-05 17:14 11,776 C:\WINDOWS\system32\xolehlp.dll
2006-07-05 17:14 11,264 C:\WINDOWS\system32\icaapi.dll
2006-07-05 17:14 102,912 C:\WINDOWS\system32\clipbrd.exe
2006-07-05 17:14 1,343,768 C:\WINDOWS\system32\wuaueng.dll
2006-07-05 17:14 1,267,200 C:\WINDOWS\system32\comsvcs.dll
2006-07-05 17:14 1,161 C:\WINDOWS\system32\usrlogon.cmd
2006-07-05 17:13 185,344 C:\WINDOWS\system32\cmprops.dll
2006-07-05 13:01 74,240 C:\WINDOWS\system32\usbui.dll
2006-07-05 13:01 4,096 C:\WINDOWS\system32\ksuser.dll
2006-07-05 13:01 198,400 C:\WINDOWS\system32\s3sav4.dll
2006-07-05 12:59 85,020 C:\WINDOWS\system32\dgsetup.dll
2006-07-05 12:59 8,704 C:\WINDOWS\system32\batt.dll
2006-07-05 12:59 8,192 C:\WINDOWS\system32\kbdhept.dll
2006-07-05 12:59 74,752 C:\WINDOWS\system32\storprop.dll
2006-07-05 12:59 7,168 C:\WINDOWS\system32\kbdcz.dll
2006-07-05 12:59 69,120 C:\WINDOWS\notepad.exe
2006-07-05 12:59 6,656 C:\WINDOWS\system32\kbdycl.dll
2006-07-05 12:59 6,656 C:\WINDOWS\system32\kbdsl1.dll
2006-07-05 12:59 6,656 C:\WINDOWS\system32\kbdsl.dll
2006-07-05 12:59 6,656 C:\WINDOWS\system32\kbdpl.dll
2006-07-05 12:59 6,656 C:\WINDOWS\system32\kbdhu.dll
2006-07-05 12:59 6,656 C:\WINDOWS\system32\kbdhela3.dll
2006-07-05 12:59 6,656 C:\WINDOWS\system32\kbdcz2.dll
2006-07-05 12:59 6,656 C:\WINDOWS\system32\kbdcz1.dll
2006-07-05 12:59 6,656 C:\WINDOWS\system32\kbdcr.dll
2006-07-05 12:59 6,656 C:\WINDOWS\system32\KBDAL.DLL
2006-07-05 12:59 6,144 C:\WINDOWS\system32\kbdtuq.dll
2006-07-05 12:59 6,144 C:\WINDOWS\system32\kbdtuf.dll
2006-07-05 12:59 6,144 C:\WINDOWS\system32\kbdlv1.dll
2006-07-05 12:59 6,144 C:\WINDOWS\system32\kbdlv.dll
2006-07-05 12:59 6,144 C:\WINDOWS\system32\kbdhela2.dll
2006-07-05 12:59 6,144 C:\WINDOWS\system32\kbdgkl.dll
2006-07-05 12:59 6,144 C:\WINDOWS\system32\kbdest.dll
2006-07-05 12:59 5,632 C:\WINDOWS\system32\kbdycc.dll
2006-07-05 12:59 5,632 C:\WINDOWS\system32\kbduzb.dll
2006-07-05 12:59 5,632 C:\WINDOWS\system32\kbdur.dll
2006-07-05 12:59 5,632 C:\WINDOWS\system32\kbdtat.dll
2006-07-05 12:59 5,632 C:\WINDOWS\system32\kbdru1.dll
2006-07-05 12:59 5,632 C:\WINDOWS\system32\kbdru.dll
2006-07-05 12:59 5,632 C:\WINDOWS\system32\kbdro.dll
2006-07-05 12:59 5,632 C:\WINDOWS\system32\kbdpl1.dll
2006-07-05 12:59 5,632 C:\WINDOWS\system32\kbdmon.dll
2006-07-05 12:59 5,632 C:\WINDOWS\system32\kbdlt1.dll
2006-07-05 12:59 5,632 C:\WINDOWS\system32\kbdlt.dll
2006-07-05 12:59 5,632 C:\WINDOWS\system32\kbdkyr.dll
2006-07-05 12:59 5,632 C:\WINDOWS\system32\kbdkaz.dll
2006-07-05 12:59 5,632 C:\WINDOWS\system32\kbdhu1.dll
2006-07-05 12:59 5,632 C:\WINDOWS\system32\kbdhe319.dll
2006-07-05 12:59 5,632 C:\WINDOWS\system32\kbdhe220.dll
2006-07-05 12:59 5,632 C:\WINDOWS\system32\kbdhe.dll
2006-07-05 12:59 5,632 C:\WINDOWS\system32\kbdbu.dll
2006-07-05 12:59 5,632 C:\WINDOWS\system32\kbdblr.dll
2006-07-05 12:59 5,632 C:\WINDOWS\system32\kbdazel.dll
2006-07-05 12:59 5,632 C:\WINDOWS\system32\kbdaze.dll
2006-07-05 12:59 24,661 C:\WINDOWS\system32\spxcoins.dll
2006-07-05 12:59 176,157 C:\WINDOWS\system32\dgrpsetu.dll
2006-07-05 12:59 15,360 C:\WINDOWS\TASKMAN.EXE
2006-07-05 12:59 13,312 C:\WINDOWS\system32\irclass.dll
2006-07-05 12:59 103,424 C:\WINDOWS\system32\EqnClass.Dll
2006-07-05 12:53 603,979,776 C:\pagefile.sys
2006-06-19 16:20 702,768 C:\WINDOWS\system32\WgaLogon.dll
2006-06-16 14:34 48,936 C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"AWMON"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ishost.exe"="ishost.exe"
"issearch.exe"="issearch.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{BC864442-0253-1033-0224-001005990002}"="\"C:\\Program Files\\Common Files\\{BC864442-0253-1033-0224-001005990002}\\Update.exe\" mc-110-12-0000272"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"



Contents of the 'Scheduled Tasks' folder

Completion time: 25/07/2006 21:38:49.71
ComboFix ver 06.07.15 - This logfile is located at C:\ComboFix.txt

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:45 PM

Posted 25 July 2006 - 09:05 PM

Please open Notepad, and copy/paste the code in the box below into a new text file. Save it as fix.reg (set Filetype to "All Files") and save it on your Desktop.

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ishost.exe"=-
"issearch.exe"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{BC864442-0253-1033-0224-001005990002}"=-

Now Locate and DoubleClick fix.reg-> Allow it to merge into the Registry!


===============


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\WINDOWS\system32\dwyfsjlt.exe
    C:\WINDOWS\system32\iiffe.dll
    C:\WINDOWS\system32\wnstssv.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

  • After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
  • Post this log in your next reply.
==============


Now delete these folders.

C:\Program Files\Common Files\?dobe <-- the ? symbol may represent any character.
C:\Program Files\Toolbar888
C:\Program Files\Common Files\{BC864442-0253-1033-0224-001005990002}




==============


Post a new hijackthis log.
Let me know if you're still getting popups.

Edited by Buckeye_Sam, 25 July 2006 - 09:06 PM.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 squeeks01

squeeks01
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 25 July 2006 - 09:26 PM

here you go

Pocket Killbox version 2.0.0.648
Running on Windows XP as Rachel(Administrator)
was started @ Tuesday, July 25, 2006, 10:06 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\dwyfsjlt.exe


# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\iiffe.dll


# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\wnstssv.exe


PendingFileRenameOperations Registry Data has been Removed by External Process! @ 10:08:46 PM
Killbox Closed(Exit) @ 10:08:49 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Rachel(Administrator)
was started @ Tuesday, July 25, 2006, 10:14 PM



and HJT log..

Logfile of HijackThis v1.99.1
Scan saved at 10:24:57 PM, on 25/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\D-Link AirPlus G\AirPlus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: userinit.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



I deleted those folders except for C:\Program Files\Common Files\?dobe... because the only folder there is my ADOBE one for my Adobe reader and such..would that not interfere with it?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users