Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winantivirus?


  • This topic is locked This topic is locked
16 replies to this topic

#1 Wallskm

Wallskm

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 30 November 2006 - 09:38 PM

So I've been trying to get rid of my spyware/web hijackers. At this point I'm not sure what I have on my computer anymore. I was dealing with WinAntivirus earlier today but am unsure what exactly is on my pc now. Currently, OuterInfo seems to be the issue. I have run AdAware and Spyboy S&D to remove all that I could. Any help would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 8:31:57 PM, on 11/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\UltraMon\UltraMon.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\Program Files\Common Files\{F041BA06-0C80-1033-0224-061221050001}\Update.exe
D:\Program Files\AIM6\aim6.exe
D:\WINDOWS\system32\RACLE~1\smss.exe
D:\WINDOWS\system32\?ymantec\??plorer.exe
D:\Program Files\AIM6\aolsoftware.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\explorer.exe
D:\Program Files\UltraMon\UltraMonTaskbar.exe
D:\PROGRA~1\COMMON~1\iofr\iofrm.exe
D:\PROGRA~1\COMMON~1\iofr\iofra.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R3 - URLSearchHook: (no name) - {8498BFE2-7302-5486-7636-5ED7390166B5} - D:\WINDOWS\system32\iceousrs.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UltraMon] "D:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe D:\WINDOWS\system32\drvvac.dll,startup
O4 - HKLM\..\Run: [buwiycm.dll] D:\WINDOWS\system32\rundll32.exe D:\WINDOWS\system32\buwiycm.dll,yuuwps
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Pctr] "D:\WINDOWS\system32\RACLE~1\smss.exe" -vt yazr
O4 - HKCU\..\Run: [Fyj] D:\WINDOWS\system32\?ymantec\??plorer.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [iofr] D:\PROGRA~1\COMMON~1\iofr\iofrm.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164275862453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164590493921
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

Edited by Wallskm, 30 November 2006 - 10:14 PM.


BC AdBot (Login to Remove)

 


#2 Wallskm

Wallskm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 01 December 2006 - 11:31 AM

Continuing to try and free myself of spyware I ran Vundofix and SmitFraudFix with the following logs:


VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 9:43:02 AM 12/1/2006

Listing files found while scanning....

D:\WINDOWS\system32\buwiycm.dll
D:\WINDOWS\system32\winemx32.dll
D:\WINDOWS\system32\geeby.dll
D:\WINDOWS\system32\ybeeg.ini
D:\WINDOWS\system32\ybeeg.bak1

Beginning removal...

Attempting to delete D:\WINDOWS\system32\buwiycm.dll
D:\WINDOWS\system32\buwiycm.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\winemx32.dll
D:\WINDOWS\system32\winemx32.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\geeby.dll
D:\WINDOWS\system32\geeby.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\ybeeg.ini
D:\WINDOWS\system32\ybeeg.ini Has been deleted!

Attempting to delete D:\WINDOWS\system32\ybeeg.bak1
D:\WINDOWS\system32\ybeeg.bak1 Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 10:08:29 AM 12/1/2006

Listing files found while scanning....

D:\WINDOWS\system32\mljji.dll
D:\WINDOWS\system32\ijjlm.ini
D:\WINDOWS\system32\ijjlm.bak1

Beginning removal...

Attempting to delete D:\WINDOWS\system32\mljji.dll
D:\WINDOWS\system32\mljji.dll Could not be deleted.

Attempting to delete D:\WINDOWS\system32\ijjlm.ini
D:\WINDOWS\system32\ijjlm.ini Has been deleted!

Attempting to delete D:\WINDOWS\system32\ijjlm.bak1
D:\WINDOWS\system32\ijjlm.bak1 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete D:\WINDOWS\system32\mljji.dll
D:\WINDOWS\system32\mljji.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\ijjlm.ini
D:\WINDOWS\system32\ijjlm.ini Has been deleted!

Performing Repairs to the registry.
Done!


and:

SmitFraudFix v2.126

Scan done at 10:06:30.29, Fri 12/01/2006
Run from D:\Documents and Settings\Kevin\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

#3 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 01 December 2006 - 01:11 PM

Hey Wallskm

Please avoid using any tools like the ones you used unless asked to do so by a Hijackthis Helper :thumbsup:

Rename Hijackthis:

1. Locate the program Hijackthis.
2. Select the file, right-click and select Rename.
3. Please change the name to: jamielaw
4. Then please could you post a new Hijackthis log.
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#4 Wallskm

Wallskm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 01 December 2006 - 06:04 PM

Sorry bout that. Here's the new log:

Logfile of HijackThis v1.99.1
Scan saved at 4:58:54 PM, on 12/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\UltraMon\UltraMon.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\Program Files\Common Files\{F041BA06-0C85-1033-0224-061221050001}\Update.exe
D:\Program Files\AIM6\aim6.exe
D:\WINDOWS\system32\RACLE~1\smss.exe
D:\Program Files\UltraMon\UltraMonTaskbar.exe
D:\WINDOWS\system32\?ymantec\??plorer.exe
D:\Program Files\AIM6\aolsoftware.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\ipwins\ipwins.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Program Files\HijackThis\jamielaw.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R3 - URLSearchHook: (no name) - {8498BFE2-7302-5486-7636-5ED7390166B5} - D:\WINDOWS\system32\iceousrs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1AD4EF1C-FDF4-BB6D-AB3F-02B77CCE714D} - D:\WINDOWS\system32\njiqmim.dll
O2 - BHO: (no name) - {1CFE217E-9698-4A26-8C20-9EE0DB7431C8} - D:\WINDOWS\system32\geeby.dll (file missing)
O2 - BHO: (no name) - {32B9E480-B96C-A128-7D32-0BE9D81C8579} - D:\WINDOWS\system32\djmzarh.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - D:\WINDOWS\system32\ephyptva.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - D:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {8498BFE2-7302-5486-7636-5ED7390166B5} - D:\WINDOWS\system32\iceousrs.dll
O2 - BHO: (no name) - {8DB193AD-06F7-42CB-90CE-F4CC337E28A7} - D:\WINDOWS\system32\mljji.dll (file missing)
O2 - BHO: (no name) - {C521EBB6-CC94-4688-B1E2-E19E00571CB3} - (no file)
O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UltraMon] "D:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [buwiycm.dll] D:\WINDOWS\system32\rundll32.exe D:\WINDOWS\system32\buwiycm.dll,yuuwps
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Pctr] "D:\WINDOWS\system32\RACLE~1\smss.exe" -vt yazr
O4 - HKCU\..\Run: [Fyj] D:\WINDOWS\system32\?ymantec\??plorer.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [iofr] D:\PROGRA~1\COMMON~1\iofr\iofrm.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164275862453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164590493921
O20 - Winlogon Notify: geeby - D:\WINDOWS\
O20 - Winlogon Notify: tuvwxxu - D:\WINDOWS\
O20 - Winlogon Notify: winemx32 - D:\WINDOWS\
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

#5 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 02 December 2006 - 07:11 AM

Hey Wallskm

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. Whilst completing the fix please use the Internet as little as posssible. Do not install any programs whilst we fix your computer - even the smallest of programs can wreak havoc.

Firewall:

Please download one of these free firewalls and install it, either ZoneAlarm or OutPost

Antivirus:

Please download one of these free antiviruses and install it, either AVG or Avast

Update Java:

Your version of Java is now outdated. Java vulnerabilites are commonly exploited by viruses so I strongly recommend you update. Click here to download the latest version of java ( Java Runtime Environment (JRE) 5.0 Update 10 ). Please install it and then reboot your computer.

Remove the older versions of Java:
  • Click Start, Control Panel, Add/Remove Programs.
  • Delete all Java updates except J2SE Runtime Environment 5.0 Update 10
VirusTotal:

1. Go to this website: www.virustotal.com
2. Upload this file by copy/pasting it in to the file box: D:\WINDOWS\system32\RACLE~1\smss.exe
3. Submit the file and copy/paste the results back into this thread.

ComboFix:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running! That may cause it to stall.


Please can you include the following logs in your next reply - they may need separate posts to stop them getting cut off:

ComboFix log
VirusTotal results
A new Hijackthis log

My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#6 Wallskm

Wallskm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 02 December 2006 - 02:53 PM

Thanks for the reply.
Combofix log:

Kevin - 06-12-02 13:44:44.48 Service Pack 2
ComboFix 06.11.27W - Running from: "D:\Documents and Settings\Kevin\My Documents\Downloads"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\Program Files\Common Files\Yazzle1122OinAdmin.exe
D:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
D:\Program Files\Inetget2
D:\Program Files\Ipwins
D:\WINDOWS\system32\components
D:\Program Files\Common Files\{3041BA06-0C80-1033-0224-061221050001}
D:\Program Files\Common Files\{F041BA06-0C80-1033-0224-061221050001}
D:\Program Files\Common Files\{F041BA06-0C85-1033-0224-061221050001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

D:\QooBox\Purity\Program Files\RACLE~1
D:\QooBox\Purity\WINDOWS\system32\RACLE~1
D:\QooBox\Purity\WINDOWS\system32\YMANTE~1
D:\QooBox\Purity\WINDOWS\system32\RACLE~1\RACLE~1
D:\QooBox\Purity\WINDOWS\system32\RACLE~1\smss.exe
D:\QooBox\Purity\WINDOWS\system32\YMANTE~1\??plorer.exe


((((((((((((((((((((((((((((((( Files Created from 2006-11-02 to 2006-12-02 ))))))))))))))))))))))))))))))))))


2006-12-02 13:37 <DIR> dr-h----- D:\$VAULT$.AVG
2006-12-02 13:14 <DIR> d-------- D:\WINDOWS\system32\appmgmt
2006-12-02 13:06 <DIR> d-------- D:\Documents and Settings\Kevin\Application Data\AVG7
2006-12-02 13:04 816,672 --a------ D:\WINDOWS\system32\drivers\avg7core.sys
2006-12-02 13:04 4,960 --a------ D:\WINDOWS\system32\drivers\avgtdi.sys
2006-12-02 13:04 4,224 --a------ D:\WINDOWS\system32\drivers\avg7rsw.sys
2006-12-02 13:04 3,968 --a------ D:\WINDOWS\system32\drivers\avgclean.sys
2006-12-02 13:04 28,416 --a------ D:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-12-02 13:04 18,240 --a------ D:\WINDOWS\system32\drivers\avgmfx86.sys
2006-12-02 13:04 <DIR> d-------- D:\Program Files\Grisoft
2006-12-02 13:04 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2006-12-02 13:04 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2006-12-02 13:01 <DIR> d-------- D:\WINDOWS\system32\ZoneLabs
2006-12-02 13:01 <DIR> d-------- D:\Program Files\Zone Labs
2006-12-02 13:00 <DIR> d-------- D:\WINDOWS\Internet Logs
2006-12-01 09:54 88,340 --a------ D:\WINDOWS\system32\oulvofsw.exe
2006-12-01 09:43 <DIR> d-------- D:\VundoFix Backups
2006-11-30 22:21 <DIR> d--hs---- D:\WINDOWS\V2FsbHM
2006-11-30 20:29 <DIR> d-------- D:\Program Files\HijackThis
2006-11-30 20:09 <DIR> d-------- D:\Program Files\Common Files\iofr
2006-11-30 19:56 <DIR> d-------- D:\Documents and Settings\Kevin\.housecall6.6
2006-11-30 19:55 <DIR> d-------- D:\Documents and Settings\Kevin\Application Data\Sun
2006-11-30 19:50 71,680 --a------ D:\WINDOWS\system32\njiqmim.dll
2006-11-30 19:49 72,704 --a------ D:\WINDOWS\system32\drvvac.dll
2006-11-30 19:49 40,973 ---hs---- D:\WINDOWS\system32\tuvwxxu.dll
2006-11-30 17:48 88,340 --a------ D:\WINDOWS\system32\priuqcds.exe
2006-11-30 17:48 42,516 --a------ D:\WINDOWS\system32\ephyptva.dll
2006-11-30 17:48 <DIR> d-------- D:\Program Files\VSAdd-in
2006-11-30 17:43 93,696 --a------ D:\WINDOWS\system32\dvgtnbm.dll
2006-11-30 17:43 72,704 --a------ D:\WINDOWS\system32\drvsad.dll
2006-11-30 17:43 71,680 --a------ D:\WINDOWS\system32\djmzarh.dll
2006-11-30 17:43 40,973 ---hs---- D:\WINDOWS\system32\ddccbbc.dll
2006-11-29 20:15 58,880 --a------ D:\WINDOWS\system32\iceousrs.dll
2006-11-29 20:15 <DIR> d-------- D:\WINDOWS\system32\çasks
2006-11-28 19:24 <DIR> d-------- D:\Program Files\Spybot - Search & Destroy
2006-11-28 19:24 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2006-11-28 19:19 <DIR> d-------- D:\Documents and Settings\Kevin\Application Data\Help
2006-11-28 19:17 <DIR> d-------- D:\Program Files\UnHackMe
2006-11-28 17:51 86,016 --a------ D:\WINDOWS\system32\OpenAL32.dll
2006-11-28 17:51 5,632 --a------ D:\WINDOWS\system32\drivers\Entech64.sys
2006-11-28 17:51 3,972 --a------ D:\WINDOWS\system32\drivers\PciBus.sys
2006-11-28 17:51 262,144 --a------ D:\WINDOWS\system32\wrap_oal.dll
2006-11-28 17:51 21,664 --a------ D:\WINDOWS\system32\drivers\Entech.sys
2006-11-28 12:44 <DIR> d-------- D:\Documents and Settings\Kevin\Application Data\Lavasoft
2006-11-28 12:43 <DIR> d-------- D:\Program Files\Lavasoft
2006-11-27 07:00 127,208 --a------ D:\WINDOWS\system32\mucltui.dll
2006-11-23 11:53 <DIR> d-------- D:\Program Files\EphPod
2006-11-23 11:47 26,496 --a------ D:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-11-23 11:29 69 --a-s---- D:\WINDOWS\test.bat
2006-11-23 11:29 2 --a------ D:\WINDOWS\system32\wintcc.exe
2006-11-23 11:13 <DIR> d-------- D:\Documents and Settings\Kevin\Application Data\Apple Computer
2006-11-23 11:11 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2006-11-23 04:25 <DIR> d-------- D:\Documents and Settings\Kevin\Application Data\acccore
2006-11-23 04:24 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2006-11-23 04:24 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2006-11-23 04:23 <DIR> d-------- D:\Program Files\AIM6
2006-11-23 04:21 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads
2006-11-23 04:02 22,752 --a------ D:\WINDOWS\system32\spupdsvc.exe
2006-11-23 03:58 <DIR> d-------- D:\WINDOWS\system32\SoftwareDistribution
2006-11-23 03:57 <DIR> d---s---- D:\Documents and Settings\Kevin\UserData
2006-11-23 03:51 996,872 --a------ D:\WINDOWS\system\CP3240MT.DLL
2006-11-23 03:51 458,752 --a------ D:\WINDOWS\system\COMCTL32.DLL
2006-11-23 03:51 29,952 --a------ D:\WINDOWS\system\BORLNDMM.DLL
2006-11-23 03:50 82,944 --a------ D:\WINDOWS\system32\drivers\wdmaud.sys
2006-11-23 03:50 7,552 --a------ D:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-11-23 03:50 60,800 --a------ D:\WINDOWS\system32\drivers\sysaudio.sys
2006-11-23 03:50 60,288 --a------ D:\WINDOWS\system32\drivers\drmk.sys
2006-11-23 03:50 6,400 --a------ D:\WINDOWS\system32\drivers\splitter.sys
2006-11-23 03:50 6,272 --a------ D:\WINDOWS\system32\drivers\ASLM75.SYS
2006-11-23 03:50 54,272 --a------ D:\WINDOWS\system32\drivers\swmidi.sys
2006-11-23 03:50 52,864 --a------ D:\WINDOWS\system32\drivers\DMusic.sys
2006-11-23 03:50 5,376 --a------ D:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-11-23 03:50 4,992 --a------ D:\WINDOWS\system32\drivers\MSPQM.sys
2006-11-23 03:50 4,096 --a------ D:\WINDOWS\system32\ksuser.dll
2006-11-23 03:50 30,208 --a------ D:\WINDOWS\system32\wdmioctl.dll
2006-11-23 03:50 299,008 --a------ D:\WINDOWS\uninst.exe
2006-11-23 03:50 2,944 --a------ D:\WINDOWS\system32\drivers\drmkaud.sys
2006-11-23 03:50 172,416 --a------ D:\WINDOWS\system32\drivers\kmixer.sys
2006-11-23 03:50 145,792 --a------ D:\WINDOWS\system32\drivers\portcls.sys
2006-11-23 03:50 142,464 --a------ D:\WINDOWS\system32\drivers\aec.sys
2006-11-23 03:50 <DIR> d-------- D:\Documents and Settings\Kevin\WINDOWS
2006-11-23 03:49 991,232 --a------ D:\WINDOWS\system32\virtear.dll
2006-11-23 03:49 978,944 --a------ D:\WINDOWS\SynthCoreA.Dll
2006-11-23 03:49 765,952 --a------ D:\WINDOWS\system\crlds3d.dll
2006-11-23 03:49 720,896 --a------ D:\WINDOWS\system32\Audio3d.dll
2006-11-23 03:49 5,824 --a------ D:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2006-11-23 03:49 49,152 --a------ D:\WINDOWS\system32\S11thk32.dll
2006-11-23 03:49 49,152 --a------ D:\WINDOWS\system32\DSndUp.exe
2006-11-23 03:49 45,056 --a------ D:\WINDOWS\system32\SynthCore11Resources.dll
2006-11-23 03:49 45,056 --a------ D:\WINDOWS\system32\CleanUp.exe
2006-11-23 03:49 44 --a------ D:\WINDOWS\system32\msssc.dll
2006-11-23 03:49 40,820 --a------ D:\WINDOWS\system32\Syncor11.dll
2006-11-23 03:49 380,928 --a------ D:\WINDOWS\SynCor.exe
2006-11-23 03:49 1,285,632 --a------ D:\WINDOWS\system32\SMMedia.dll
2006-11-23 03:43 68,888 --a------ D:\WINDOWS\system32\xinput1_3.dll
2006-11-23 03:43 62,744 --a------ D:\WINDOWS\system32\xinput1_2.dll
2006-11-23 03:43 237,848 --a------ D:\WINDOWS\system32\xactengine2_4.dll
2006-11-23 03:43 236,824 --a------ D:\WINDOWS\system32\xactengine2_3.dll
2006-11-23 03:43 2,414,360 --a------ D:\WINDOWS\system32\d3dx9_31.dll
2006-11-23 03:43 2,297,552 --a------ D:\WINDOWS\system32\d3dx9_26.dll
2006-11-23 03:43 15,128 --a------ D:\WINDOWS\system32\x3daudio1_1.dll
2006-11-23 03:42 <DIR> d-------- D:\Documents and Settings\Kevin\Application Data\Macromedia
2006-11-23 03:42 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
2006-11-23 03:30 <DIR> d-------- D:\Documents and Settings\Kevin\Application Data\Realtime Soft
2006-11-23 03:30 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Realtime Soft
2006-11-23 03:30 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2006-11-23 03:27 <DIR> d-------- D:\Documents and Settings\Kevin\Application Data\Talkback
2006-11-23 03:26 <DIR> d-------- D:\Documents and Settings\Kevin\Application Data\Mozilla
2006-11-23 03:23 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\nView_Profiles
2006-11-23 03:16 151,552 --a------ D:\WINDOWS\system32\DVZAddin.dll
2006-11-23 03:16 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\DataViz
2006-11-23 03:15 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\HotSync
2006-11-23 03:14 <DIR> d-------- D:\Documents and Settings\Kevin\Application Data\HotSync
2006-11-23 03:13 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2006-11-23 03:11 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2006-11-23 03:10 1,994,752 --------- D:\WINDOWS\UNNMP.exe
2006-11-23 03:08 155,648 --a------ D:\WINDOWS\system32\NeroCheck.exe
2006-11-23 03:07 569,344 --a------ D:\WINDOWS\system32\imagr5.dll
2006-11-23 03:07 544,768 --a------ D:\WINDOWS\system32\imagx5.dll
2006-11-23 03:07 38,912 --a------ D:\WINDOWS\system32\picn20.dll
2006-11-23 03:07 24,064 --a------ D:\WINDOWS\system32\msxml3a.dll
2006-11-23 03:07 106,496 --a------ D:\WINDOWS\system32\TwnLib20.dll
2006-11-23 03:07 1,994,752 --------- D:\WINDOWS\UNNeroVision.exe
2006-11-23 03:07 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
2006-11-23 03:06 283,920 --a------ D:\WINDOWS\system32\ImagXpr5.dll
2006-11-23 02:55 208,896 --a------ D:\WINDOWS\system32\NVUNINST.EXE
2006-11-23 02:55 208,896 --a------ D:\WINDOWS\system32\nvudisp.exe
2006-11-23 02:48 <DIR> dr-h----- D:\Documents and Settings\Kevin\SendTo
2006-11-23 02:48 <DIR> dr-h----- D:\Documents and Settings\Kevin\Recent
2006-11-23 02:48 <DIR> dr-h----- D:\Documents and Settings\Kevin\Application Data\.
2006-11-23 02:48 <DIR> dr-h----- D:\Documents and Settings\Kevin\Application Data
2006-11-23 02:48 <DIR> dr------- D:\Documents and Settings\Kevin\Start Menu
2006-11-23 02:48 <DIR> dr------- D:\Documents and Settings\Kevin\My Documents
2006-11-23 02:48 <DIR> dr------- D:\Documents and Settings\Kevin\Favorites
2006-11-23 02:48 <DIR> d--h----- D:\Documents and Settings\Kevin\Templates
2006-11-23 02:48 <DIR> d--h----- D:\Documents and Settings\Kevin\PrintHood
2006-11-23 02:48 <DIR> d--h----- D:\Documents and Settings\Kevin\NetHood
2006-11-23 02:48 <DIR> d--h----- D:\Documents and Settings\Kevin\Local Settings
2006-11-23 02:48 <DIR> d---s---- D:\Documents and Settings\Kevin\Cookies
2006-11-23 02:48 <DIR> d---s---- D:\Documents and Settings\Kevin\Application Data\Microsoft
2006-11-23 02:48 <DIR> d-------- D:\Documents and Settings\Kevin\Desktop
2006-11-23 02:48 <DIR> d-------- D:\Documents and Settings\Kevin\Application Data\Identities
2006-11-23 02:48 <DIR> d-------- D:\Documents and Settings\Kevin\Application Data\..
2006-11-23 02:48 <DIR> d-------- D:\Documents and Settings\Kevin\..
2006-11-23 02:48 <DIR> d-------- D:\Documents and Settings\Kevin\.
2006-11-23 02:42 112,128 --a------ D:\WINDOWS\system32\mapi32.dll
2006-11-23 02:41 <DIR> d--hs---- D:\Documents and Settings\All Users.WINDOWS\DRM
2006-11-23 02:40 81,920 --a------ D:\WINDOWS\system32\isign32.dll
2006-11-23 02:40 81,920 --a------ D:\WINDOWS\system32\ils.dll
2006-11-23 02:40 8,192 --a------ D:\WINDOWS\system32\bitsprx2.dll
2006-11-23 02:40 73,728 --a------ D:\WINDOWS\system32\icwdial.dll
2006-11-23 02:40 73,472 --a------ D:\WINDOWS\system32\drivers\sr.sys
2006-11-23 02:40 7,168 --a------ D:\WINDOWS\system32\bitsprx3.dll
2006-11-23 02:40 69,632 --a------ D:\WINDOWS\system32\msconf.dll
2006-11-23 02:40 679,424 --a------ D:\WINDOWS\system32\inetcomm.dll
2006-11-23 02:40 67,584 --a------ D:\WINDOWS\system32\srclient.dll
2006-11-23 02:40 65,536 --a------ D:\WINDOWS\system32\icwphbk.dll
2006-11-23 02:40 64,512 --a------ D:\WINDOWS\system32\acctres.dll
2006-11-23 02:40 6,656 --a------ D:\WINDOWS\system32\wuauserv.dll
2006-11-23 02:40 48,128 --a------ D:\WINDOWS\system32\inetres.dll
2006-11-23 02:40 465,176 --a------ D:\WINDOWS\system32\wuapi.dll
2006-11-23 02:40 45,568 --a------ D:\WINDOWS\system32\safrslv.dll
2006-11-23 02:40 43,520 --a------ D:\WINDOWS\system32\safrcdlg.dll
2006-11-23 02:40 43,520 --a------ D:\WINDOWS\system32\racpldlg.dll
2006-11-23 02:40 41,240 --a------ D:\WINDOWS\system32\wups.dll
2006-11-23 02:40 382,464 --a------ D:\WINDOWS\system32\qmgr.dll
2006-11-23 02:40 34,560 --a------ D:\WINDOWS\system32\mnmdd.dll
2006-11-23 02:40 32,768 --a------ D:\WINDOWS\system32\mnmsrvc.exe
2006-11-23 02:40 32,768 --a------ D:\WINDOWS\system32\isrdbg32.dll
2006-11-23 02:40 29,696 --a------ D:\WINDOWS\system32\safrdm.dll
2006-11-23 02:40 28,672 --a------ D:\WINDOWS\system32\nmmkcert.dll
2006-11-23 02:40 274,944 --a------ D:\WINDOWS\system32\mstask.dll
2006-11-23 02:40 274,432 --a------ D:\WINDOWS\system32\inetcfg.dll
2006-11-23 02:40 252,928 --a------ D:\WINDOWS\system32\msoeacct.dll
2006-11-23 02:40 239,104 --a------ D:\WINDOWS\system32\srrstr.dll
2006-11-23 02:40 23,040 --a------ D:\WINDOWS\system32\fltmc.exe
2006-11-23 02:40 194,328 --a------ D:\WINDOWS\system32\wuaueng1.dll
2006-11-23 02:40 190,976 --a------ D:\WINDOWS\system32\schedsvc.dll
2006-11-23 02:40 18,944 --a------ D:\WINDOWS\system32\qmgrprxy.dll
2006-11-23 02:40 173,536 --a------ D:\WINDOWS\system32\wuweb.dll
2006-11-23 02:40 172,312 --a------ D:\WINDOWS\system32\wuauclt1.exe
2006-11-23 02:40 170,496 --a------ D:\WINDOWS\system32\srsvc.dll
2006-11-23 02:40 16,896 --a------ D:\WINDOWS\system32\fltlib.dll
2006-11-23 02:40 16,384 --a------ D:\WINDOWS\system32\icfgnt5.dll
2006-11-23 02:40 128,896 --a------ D:\WINDOWS\system32\drivers\fltmgr.sys
2006-11-23 02:40 127,256 --a------ D:\WINDOWS\system32\wucltui.dll
2006-11-23 02:40 124,184 --a------ D:\WINDOWS\system32\wuauclt.exe
2006-11-23 02:40 12,288 --a------ D:\WINDOWS\system32\nmevtmsg.dll
2006-11-23 02:40 12,288 --a------ D:\WINDOWS\system32\mstinit.exe
2006-11-23 02:40 11,264 --a------ D:\WINDOWS\system32\atrace.dll
2006-11-23 02:40 105,984 --a------ D:\WINDOWS\system32\msoert2.dll
2006-11-23 02:40 1,343,768 --a------ D:\WINDOWS\system32\wuaueng.dll
2006-11-23 02:38 97,792 --a------ D:\WINDOWS\system32\comrepl.dll
2006-11-23 02:38 956,416 --a------ D:\WINDOWS\system32\msdtctm.dll
2006-11-23 02:38 93,696 --a------ D:\WINDOWS\system32\tscfgwmi.dll
2006-11-23 02:38 91,136 --a------ D:\WINDOWS\system32\mtxoci.dll
2006-11-23 02:38 9,728 --a------ D:\WINDOWS\system32\reset.exe
2006-11-23 02:38 87,176 --a------ D:\WINDOWS\system32\rdpwsx.dll
2006-11-23 02:38 85,504 --a------ D:\WINDOWS\system32\catsrvps.dll
2006-11-23 02:38 80,384 --a------ D:\WINDOWS\system32\charmap.exe
2006-11-23 02:38 73,216 --a------ D:\WINDOWS\system32\avwav.dll
2006-11-23 02:38 67,072 --a------ D:\WINDOWS\system32\rdshost.exe
2006-11-23 02:38 655,360 --a------ D:\WINDOWS\system32\mstscax.dll
2006-11-23 02:38 625,152 --a------ D:\WINDOWS\system32\catsrvut.dll
2006-11-23 02:38 62,464 --a------ D:\WINDOWS\system32\rdpclip.exe
2006-11-23 02:38 605,696 --a------ D:\WINDOWS\system32\getuname.dll
2006-11-23 02:38 60,416 --a------ D:\WINDOWS\system32\remotepg.dll
2006-11-23 02:38 60,416 --a------ D:\WINDOWS\system32\colbact.dll
2006-11-23 02:38 6,144 --a------ D:\WINDOWS\system32\msdtc.exe
2006-11-23 02:38 58,880 --a------ D:\WINDOWS\system32\msdtclog.dll
2006-11-23 02:38 58,880 --a------ D:\WINDOWS\system32\licwmi.dll
2006-11-23 02:38 56,832 --a------ D:\WINDOWS\system32\sol.exe
2006-11-23 02:38 56,320 --a------ D:\WINDOWS\system32\servdeps.dll
2006-11-23 02:38 55,296 --a------ D:\WINDOWS\system32\freecell.exe
2006-11-23 02:38 540,160 --a------ D:\WINDOWS\system32\comuid.dll
2006-11-23 02:38 54,272 --a------ D:\WINDOWS\system32\stclient.dll
2006-11-23 02:38 538,624 --a------ D:\WINDOWS\system32\spider.exe
2006-11-23 02:38 5,632 --a------ D:\WINDOWS\system32\write.exe
2006-11-23 02:38 5,120 --a------ D:\WINDOWS\system32\dcomcnfg.exe
2006-11-23 02:38 498,688 --a------ D:\WINDOWS\system32\clbcatq.dll
2006-11-23 02:38 44,544 --a------ D:\WINDOWS\system32\tscupgrd.exe
2006-11-23 02:38 44,544 --a------ D:\WINDOWS\system32\hticons.dll
2006-11-23 02:38 426,496 --a------ D:\WINDOWS\system32\msdtcprx.dll
2006-11-23 02:38 407,552 --a------ D:\WINDOWS\system32\mstsc.exe
2006-11-23 02:38 40,840 --a------ D:\WINDOWS\system32\drivers\termdd.sys
2006-11-23 02:38 4,096 --a------ D:\WINDOWS\system32\rdpcfgex.dll
2006-11-23 02:38 4,096 --a------ D:\WINDOWS\system32\mtxex.dll
2006-11-23 02:38 38,912 --a------ D:\WINDOWS\system32\cfgbkend.dll
2006-11-23 02:38 35,328 --a------ D:\WINDOWS\system32\winchat.exe
2006-11-23 02:38 347,136 --a------ D:\WINDOWS\system32\hypertrm.dll
2006-11-23 02:38 343,040 --a------ D:\WINDOWS\system32\mspaint.exe
2006-11-23 02:38 33,792 --a------ D:\WINDOWS\system32\regini.exe
2006-11-23 02:38 295,424 --a------ D:\WINDOWS\system32\termsrv.dll
2006-11-23 02:38 25,600 --a------ D:\WINDOWS\system32\comaddin.dll
2006-11-23 02:38 25,088 --a------ D:\WINDOWS\system32\mtxlegih.dll
2006-11-23 02:38 227,840 --a------ D:\WINDOWS\system32\avtapi.dll
2006-11-23 02:38 225,792 --a------ D:\WINDOWS\system32\catsrv.dll
2006-11-23 02:38 22,016 --a------ D:\WINDOWS\system32\qwinsta.exe
2006-11-23 02:38 21,896 --a------ D:\WINDOWS\system32\drivers\tdtcp.sys
2006-11-23 02:38 20,992 --a------ D:\WINDOWS\system32\msg.exe
2006-11-23 02:38 20,480 --a------ D:\WINDOWS\system32\qprocess.exe
2006-11-23 02:38 20,480 --a------ D:\WINDOWS\system32\mtxdm.dll
2006-11-23 02:38 196,864 --a------ D:\WINDOWS\system32\drivers\rdpdr.sys
2006-11-23 02:38 19,968 --a------ D:\WINDOWS\system32\rdpsnd.dll
2006-11-23 02:38 185,344 --a------ D:\WINDOWS\system32\cmprops.dll
2006-11-23 02:38 183,808 --a------ D:\WINDOWS\system32\accwiz.exe
2006-11-23 02:38 17,408 --a------ D:\WINDOWS\system32\mmfutil.dll
2006-11-23 02:38 161,280 --a------ D:\WINDOWS\system32\msdtcuiu.dll
2006-11-23 02:38 16,896 --a------ D:\WINDOWS\system32\tsshutdn.exe
2006-11-23 02:38 16,896 --a------ D:\WINDOWS\system32\qappsrv.exe
2006-11-23 02:38 16,384 --a------ D:\WINDOWS\system32\tskill.exe
2006-11-23 02:38 16,384 --a------ D:\WINDOWS\system32\avmeter.dll
2006-11-23 02:38 15,872 --a------ D:\WINDOWS\system32\rwinsta.exe
2006-11-23 02:38 15,872 --a------ D:\WINDOWS\system32\cdmodem.dll
2006-11-23 02:38 15,360 --a------ D:\WINDOWS\system32\logoff.exe
2006-11-23 02:38 147,968 --a------ D:\WINDOWS\system32\rdchost.dll
2006-11-23 02:38 147,456 --a------ D:\WINDOWS\system32\comsnap.dll
2006-11-23 02:38 140,800 --a------ D:\WINDOWS\system32\sessmgr.exe
2006-11-23 02:38 14,848 --a------ D:\WINDOWS\system32\tsdiscon.exe
2006-11-23 02:38 14,848 --a------ D:\WINDOWS\system32\tscon.exe
2006-11-23 02:38 14,848 --a------ D:\WINDOWS\system32\shadow.exe
2006-11-23 02:38 139,528 --a------ D:\WINDOWS\system32\drivers\rdpwd.sys
2006-11-23 02:38 138,752 --a------ D:\WINDOWS\system32\sndvol32.exe
2006-11-23 02:38 131,584 --a------ D:\WINDOWS\system32\sndrec32.exe
2006-11-23 02:38 13,824 --a------ D:\WINDOWS\system32\rdsaddin.exe
2006-11-23 02:38 126,976 --a------ D:\WINDOWS\system32\mshearts.exe
2006-11-23 02:38 123,392 --a------ D:\WINDOWS\system32\mplay32.exe
2006-11-23 02:38 12,040 --a------ D:\WINDOWS\system32\drivers\tdpipe.sys
2006-11-23 02:38 119,808 --a------ D:\WINDOWS\system32\winmine.exe
2006-11-23 02:38 114,688 --a------ D:\WINDOWS\system32\calc.exe
2006-11-23 02:38 110,080 --a------ D:\WINDOWS\system32\clbcatex.dll
2006-11-23 02:38 11,776 --a------ D:\WINDOWS\system32\xolehlp.dll
2006-11-23 02:38 11,264 --a------ D:\WINDOWS\system32\icaapi.dll
2006-11-23 02:38 102,912 --a------ D:\WINDOWS\system32\clipbrd.exe
2006-11-23 02:38 1,267,200 --a------ D:\WINDOWS\system32\comsvcs.dll
2006-11-23 02:38 1,161 --a------ D:\WINDOWS\system32\usrlogon.cmd
2006-11-22 20:35 57,472 --a------ D:\WINDOWS\system32\drivers\redbook.sys
2006-11-22 20:35 3,072 --a------ D:\WINDOWS\system32\drivers\audstub.sys
2006-11-22 20:35 25,856 --a------ D:\WINDOWS\system32\drivers\usbprint.sys
2006-11-22 20:34 86,016 --a------ D:\WINDOWS\system32\mdmxsdk.dll
2006-11-22 20:34 74,240 --a------ D:\WINDOWS\system32\usbui.dll
2006-11-22 20:34 685,056 --a------ D:\WINDOWS\system32\drivers\HSFCXTS2.sys
2006-11-22 20:34 44,672 --a------ D:\WINDOWS\system32\drivers\UAGP35.SYS
2006-11-22 20:34 32,768 --a------ D:\WINDOWS\system32\drivers\sisnic.sys
2006-11-22 20:34 32,285 --a------ D:\WINDOWS\system32\HSFCISP2.dll
2006-11-22 20:34 220,032 --a------ D:\WINDOWS\system32\drivers\HSFBS2S2.sys
2006-11-22 20:34 11,868 --a------ D:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-11-22 20:34 1,041,536 --a------ D:\WINDOWS\system32\drivers\HSFDPSP2.sys
2006-11-22 20:32 8,192 -ra------ D:\WINDOWS\system32\kbdhept.dll
2006-11-22 20:32 7,168 -ra------ D:\WINDOWS\system32\kbdcz.dll
2006-11-22 20:32 6,656 -ra------ D:\WINDOWS\system32\kbdycl.dll
2006-11-22 20:32 6,656 -ra------ D:\WINDOWS\system32\kbdsl1.dll
2006-11-22 20:32 6,656 -ra------ D:\WINDOWS\system32\kbdsl.dll
2006-11-22 20:32 6,656 -ra------ D:\WINDOWS\system32\kbdpl.dll
2006-11-22 20:32 6,656 -ra------ D:\WINDOWS\system32\kbdhu.dll
2006-11-22 20:32 6,656 -ra------ D:\WINDOWS\system32\kbdhela3.dll
2006-11-22 20:32 6,656 -ra------ D:\WINDOWS\system32\kbdcz2.dll
2006-11-22 20:32 6,656 -ra------ D:\WINDOWS\system32\kbdcz1.dll
2006-11-22 20:32 6,656 -ra------ D:\WINDOWS\system32\kbdcr.dll
2006-11-22 20:32 6,656 -ra------ D:\WINDOWS\system32\KBDAL.DLL
2006-11-22 20:32 6,144 -ra------ D:\WINDOWS\system32\kbdtuq.dll
2006-11-22 20:32 6,144 -ra------ D:\WINDOWS\system32\kbdtuf.dll
2006-11-22 20:32 6,144 -ra------ D:\WINDOWS\system32\kbdlv1.dll
2006-11-22 20:32 6,144 -ra------ D:\WINDOWS\system32\kbdlv.dll
2006-11-22 20:32 6,144 -ra------ D:\WINDOWS\system32\kbdhela2.dll
2006-11-22 20:32 6,144 -ra------ D:\WINDOWS\system32\kbdgkl.dll
2006-11-22 20:32 6,144 -ra------ D:\WINDOWS\system32\kbdest.dll
2006-11-22 20:32 5,632 -ra------ D:\WINDOWS\system32\kbdycc.dll
2006-11-22 20:32 5,632 -ra------ D:\WINDOWS\system32\kbduzb.dll
2006-11-22 20:32 5,632 -ra------ D:\WINDOWS\system32\kbdur.dll
2006-11-22 20:32 5,632 -ra------ D:\WINDOWS\system32\kbdtat.dll
2006-11-22 20:32 5,632 -ra------ D:\WINDOWS\system32\kbdru1.dll
2006-11-22 20:32 5,632 -ra------ D:\WINDOWS\system32\kbdru.dll
2006-11-22 20:32 5,632 -ra------ D:\WINDOWS\system32\kbdro.dll
2006-11-22 20:32 5,632 -ra------ D:\WINDOWS\system32\kbdpl1.dll
2006-11-22 20:32 5,632 -ra------ D:\WINDOWS\system32\kbdmon.dll
2006-11-22 20:32 5,632 -ra------ D:\WINDOWS\system32\kbdlt1.dll
2006-11-22 20:32 5,632 -ra------ D:\WINDOWS\system32\kbdlt.dll
2006-11-22 20:32 5,632 -ra------ D:\WINDOWS\system32\kbdkyr.dll
2006-11-22 20:32 5,632 -ra------ D:\WINDOWS\system32\kbdkaz.dll
2006-11-22 20:32 5,632 -ra------ D:\WINDOWS\system32\kbdhu1.dll
2006-11-22 20:32 5,632 -ra------ D:\WINDOWS\system32\kbdhe319.dll
2006-11-22 20:32 5,632 -ra------ D:\WINDOWS\system32\kbdhe220.dll
2006-11-22 20:32 5,632 -ra------ D:\WINDOWS\system32\kbdhe.dll
2006-11-22 20:32 5,632 -ra------ D:\WINDOWS\system32\kbdbu.dll
2006-11-22 20:32 5,632 -ra------ D:\WINDOWS\system32\kbdblr.dll
2006-11-22 20:32 5,632 -ra------ D:\WINDOWS\system32\kbdazel.dll
2006-11-22 20:32 5,632 -ra------ D:\WINDOWS\system32\kbdaze.dll
2006-11-22 20:31 9,936 --a------ D:\WINDOWS\system\LZEXPAND.DLL
2006-11-22 20:31 9,008 --a------ D:\WINDOWS\system\VER.DLL
2006-11-22 20:31 85,020 --a------ D:\WINDOWS\system32\dgsetup.dll
2006-11-22 20:31 82,944 --a------ D:\WINDOWS\system\OLECLI.DLL
2006-11-22 20:31 8,704 --a------ D:\WINDOWS\system32\batt.dll
2006-11-22 20:31 74,752 --a------ D:\WINDOWS\system32\storprop.dll
2006-11-22 20:31 69,584 --a------ D:\WINDOWS\system\AVICAP.DLL
2006-11-22 20:31 69,120 --a------ D:\WINDOWS\NOTEPAD.EXE
2006-11-22 20:31 68,768 --a------ D:\WINDOWS\system\MMSYSTEM.DLL
2006-11-22 20:31 5,120 --a------ D:\WINDOWS\system\SHELL.DLL
2006-11-22 20:31 32,816 --a------ D:\WINDOWS\system\COMMDLG.DLL
2006-11-22 20:31 24,661 --a------ D:\WINDOWS\system32\spxcoins.dll
2006-11-22 20:31 24,064 --a------ D:\WINDOWS\system\OLESVR.DLL
2006-11-22 20:31 19,200 --a------ D:\WINDOWS\system\TAPI.DLL
2006-11-22 20:31 176,157 --a------ D:\WINDOWS\system32\dgrpsetu.dll
2006-11-22 20:31 15,360 --a------ D:\WINDOWS\TASKMAN.EXE
2006-11-22 20:31 13,312 --a------ D:\WINDOWS\system32\irclass.dll
2006-11-22 20:31 126,912 --a------ D:\WINDOWS\system\MSVIDEO.DLL
2006-11-22 20:31 11,264 --a------ D:\WINDOWS\system32\drivers\irenum.sys
2006-11-22 20:31 109,456 --a------ D:\WINDOWS\system\AVIFILE.DLL
2006-11-22 20:31 103,424 --a------ D:\WINDOWS\system32\EqnClass.Dll
2006-11-22 20:31 <DIR> dr-h----- D:\Documents and Settings\All Users.WINDOWS\Application Data\.
2006-11-22 20:31 <DIR> dr-h----- D:\Documents and Settings\All Users.WINDOWS\Application Data
2006-11-22 20:31 <DIR> dr------- D:\Documents and Settings\All Users.WINDOWS\Start Menu
2006-11-22 20:31 <DIR> dr------- D:\Documents and Settings\All Users.WINDOWS\Documents
2006-11-22 20:31 <DIR> d--h----- D:\Documents and Settings\All Users.WINDOWS\Templates
2006-11-22 20:31 <DIR> d---s---- D:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2006-11-22 20:31 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Favorites
2006-11-22 20:31 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Desktop
2006-11-22 20:31 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\..
2006-11-22 20:30 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\..
2006-11-22 20:30 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\.
2006-11-22 18:29 <DIR> d--hs---- D:\$RECYCLE.BIN
2006-11-22 17:39 <DIR> d-------- D:\Unzipped
2006-11-22 17:35 <DIR> d----c--- D:\WINDOWS\system32\DRVSTORE
2006-11-14 15:29 <DIR> d--h-c--- D:\WINDOWS\ie7
2006-11-14 15:29 <DIR> d-------- D:\WINDOWS\WBEM
2006-11-14 15:29 <DIR> d-------- D:\WINDOWS\system32\en-US


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-02 13:45 -------- d-------- D:\Program Files\Common Files
2006-12-02 13:42 -------- d-------- D:\Program Files\Mozilla Firefox
2006-12-02 13:14 -------- d-------- D:\Program Files\Java
2006-11-30 18:31 -------- d-------- D:\Program Files\Viewpoint
2006-11-30 17:40 -------- d-------- D:\Program Files\SpeedFan
2006-11-30 08:59 -------- d-------- D:\Program Files\Windows Media Player
2006-11-30 08:59 -------- d-------- D:\Program Files\Messenger
2006-11-26 19:20 -------- d-------- D:\Program Files\Internet Explorer
2006-11-26 11:19 -------- d-------- D:\Program Files\Outlook Express
2006-11-26 11:19 -------- d-------- D:\Program Files\Common Files\System
2006-11-23 11:13 -------- d-------- D:\Program Files\iTunes
2006-11-23 11:12 -------- d-------- D:\Program Files\QuickTime
2006-11-23 10:53 -------- d-------- D:\Program Files\Common Files\AOL
2006-11-23 03:32 -------- d-------- D:\Program Files\WinRAR
2006-11-23 03:17 -------- d-------- D:\Program Files\Common Files\Microsoft Shared
2006-11-23 03:16 -------- d-------- D:\Program Files\palmOne
2006-11-23 03:16 -------- d-------- D:\Program Files\Documents To Go
2006-11-23 03:16 -------- d-------- D:\Program Files\Common Files\DataViz
2006-11-23 03:06 -------- d-------- D:\Program Files\Ahead
2006-11-22 01:26 -------- d-------- D:\Program Files\Sony
2006-11-22 01:25 -------- d--h----- D:\Program Files\InstallShield Installation Information
2006-11-22 01:10 -------- d-------- D:\Program Files\World of Warcraft
2006-10-26 14:57 -------- d-------- D:\Program Files\WinEQ2
2006-10-22 12:22 888832 --a------ D:\WINDOWS\system32\nvmobls.dll
2006-10-22 12:22 86016 --a------ D:\WINDOWS\system32\nvmctray.dll
2006-10-22 12:22 81920 --a------ D:\WINDOWS\system32\nvwddi.dll
2006-10-22 12:22 794624 --a------ D:\WINDOWS\system32\nvcplui.exe
2006-10-22 12:22 7700480 --a------ D:\WINDOWS\system32\nvcpl.dll
2006-10-22 12:22 581632 --a------ D:\WINDOWS\system32\nvhwvid.dll
2006-10-22 12:22 5644288 --a------ D:\WINDOWS\system32\nvoglnt.dll
2006-10-22 12:22 5619712 --a------ D:\WINDOWS\system32\nvdisps.dll
2006-10-22 12:22 5255168 --a------ D:\WINDOWS\system32\nvdispsr.dll
2006-10-22 12:22 466944 --a------ D:\WINDOWS\system32\nvshell.dll
2006-10-22 12:22 458752 --a------ D:\WINDOWS\system32\nvmccssr.dll
2006-10-22 12:22 4527488 --a------ D:\WINDOWS\system32\nv4_disp.dll
2006-10-22 12:22 45056 --a------ D:\WINDOWS\system32\nvmccsrs.dll
2006-10-22 12:22 442368 --a------ D:\WINDOWS\system32\nvappbar.exe
2006-10-22 12:22 425984 --a------ D:\WINDOWS\system32\keystone.exe
2006-10-22 12:22 3994624 --a------ D:\WINDOWS\system32\drivers\nv4_mini.sys
2006-10-22 12:22 35840 --a------ D:\WINDOWS\system32\nvcodins.dll
2006-10-22 12:22 35840 --a------ D:\WINDOWS\system32\nvcod.dll
2006-10-22 12:22 3203072 --a------ D:\WINDOWS\system32\nvgamesr.dll
2006-10-22 12:22 311296 --a------ D:\WINDOWS\system32\nvexpbar.dll
2006-10-22 12:22 3047424 --a------ D:\WINDOWS\system32\nvgames.dll
2006-10-22 12:22 2973696 --a------ D:\WINDOWS\system32\nvvitvsr.dll
2006-10-22 12:22 2924544 --a------ D:\WINDOWS\system32\nvvitvs.dll
2006-10-22 12:22 286720 --a------ D:\WINDOWS\system32\nvnt4cpl.dll
2006-10-22 12:22 2859008 --a------ D:\WINDOWS\system32\nvmoblsr.dll
2006-10-22 12:22 229376 --a------ D:\WINDOWS\system32\nvmccs.dll
2006-10-22 12:22 212992 --a------ D:\WINDOWS\system32\nvapi.dll
2006-10-22 12:22 188416 --a------ D:\WINDOWS\system32\nvmccss.dll
2006-10-22 12:22 1732608 --a------ D:\WINDOWS\system32\nvwssr.dll
2006-10-22 12:22 1662976 --a------ D:\WINDOWS\system32\nvwdmcpl.dll
2006-10-22 12:22 1622016 --a------ D:\WINDOWS\system32\nwiz.exe
2006-10-22 12:22 159810 --a------ D:\WINDOWS\system32\nvsvc32.exe
2006-10-22 12:22 147456 --a------ D:\WINDOWS\system32\nvcolor.exe
2006-10-22 12:22 1470464 --a------ D:\WINDOWS\system32\nview.dll
2006-10-22 12:22 1339392 --a------ D:\WINDOWS\system32\nvdspsch.exe
2006-10-22 12:22 1236992 --a------ D:\WINDOWS\system32\nvwss.dll
2006-10-22 12:22 1019904 --a------ D:\WINDOWS\system32\nvwimg.dll
2006-10-22 12:22 1011712 --a------ D:\WINDOWS\system32\nvcpluir.dll
2006-10-20 14:40 -------- d-------- D:\Program Files\Real
2006-10-20 14:40 -------- d-------- D:\Program Files\Common Files\xing shared
2006-10-20 14:40 -------- d-------- D:\Program Files\Common Files\Real
2006-10-13 06:35 65536 --a------ D:\WINDOWS\system32\nwwks.dll
2006-10-13 06:35 64000 --a------ D:\WINDOWS\system32\nwapi32.dll
2006-10-13 06:35 142336 --a------ D:\WINDOWS\system32\nwprovau.dll
2006-10-13 04:23 163584 --a------ D:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-03 19:55 -------- d-------- D:\Program Files\iPod
2006-09-24 07:28 5248 --a------ D:\WINDOWS\system32\speedfan.sys
2006-09-19 15:43 109360 --a------ D:\WINDOWS\system32\GEARAspi.dll
2006-09-12 23:01 1084416 --a------ D:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Aim6"="\"D:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"Pctr"="\"D:\\WINDOWS\\system32\\RACLE~1\\smss.exe\" -vt yazr"
"Fyj"="D:\\WINDOWS\\system32\\?ymantec\\??plorer.exe"
"iofr"="D:\\PROGRA~1\\COMMON~1\\iofr\\iofrm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE D:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE D:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"UltraMon"="\"D:\\Program Files\\UltraMon\\UltraMon.exe\" /auto"
"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"buwiycm.dll"="D:\\WINDOWS\\system32\\rundll32.exe D:\\WINDOWS\\system32\\buwiycm.dll,yuuwps"
"CTDrive"="rundll32.exe D:\\WINDOWS\\system32\\drvvac.dll,startup"
"Zone Labs Client"="\"D:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SunJavaUpdateSched"="\"D:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HotSync Manager.lnk]
"path"="D:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\HotSync Manager.lnk"
"backup"="D:\\WINDOWS\\pss\\HotSync Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="D:\\PROGRA~1\\palmOne\\Hotsync.exe -logon"
"item"="HotSync Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="D:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SoundMAX Agent Service (default)"=dword:00000002

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeby
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwxxu
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winemx32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-12-02 13:45:57.07
D:\ComboFix.txt ... 06-12-02 13:45



VirusTotal log:



STATUS: FINISHED
Complete scanning result of "smss.exe", received in VirusTotal at 12.02.2006, 20:18:35 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.46 12.02.2006 no virus found
Authentium 4.93.8 12.01.2006 no virus found
Avast 4.7.892.0 12.01.2006 Win32:Purityscan-Q
AVG 386 12.02.2006 no virus found
BitDefender 7.2 12.02.2006 no virus found
CAT-QuickHeal 8.00 12.02.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 12.01.2006 no virus found
DrWeb 4.33 12.02.2006 no virus found
eSafe 7.0.14.0 11.30.2006 Suspicious Trojan/Worm
eTrust-InoculateIT 23.73.74 12.02.2006 no virus found
eTrust-Vet 30.3.3225 12.01.2006 no virus found
Ewido 4.0 12.02.2006 no virus found
Fortinet 2.82.0.0 12.02.2006 no virus found
F-Prot 3.16f 12.01.2006 no virus found
F-Prot4 4.2.1.29 12.01.2006 no virus found
Ikarus 0.2.65.0 12.01.2006 no virus found
Kaspersky 4.0.2.24 12.02.2006 no virus found
McAfee 4909 12.01.2006 no virus found
Microsoft 1.1804 12.02.2006 no virus found
NOD32v2 1897 12.02.2006 a variant of Win32/TrojanDownloader.PurityScan
Norman 5.80.02 12.01.2006 no virus found
Panda 9.0.0.4 12.02.2006 Adware/PurityScan
Prevx1 V2 12.02.2006 Adware.Purityscan
Sophos 4.12.0 12.02.2006 ClickSpring
Sunbelt 2.2.907.0 11.30.2006 VIPRE.Suspicious
TheHacker 6.0.3.127 12.01.2006 no virus found
UNA 1.83 12.01.2006 no virus found
VBA32 3.11.1 12.01.2006 suspected of Backdoor.Rbot.2
VirusBuster 4.3.15:9 12.02.2006 no virus found


Aditional Information
File size: 70144 bytes
MD5: 674451427eebc5c595f81aa4bda8dbb1
SHA1: 31ec244f183c3eb41b499b9f05301eef1defd1ee
packers: PECompact
packers: PECOMPACT
packers: PecBundle, PECompact
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=9fc758422003
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

#7 Wallskm

Wallskm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 02 December 2006 - 02:58 PM

When I removed the older Java updates I also noticed several suspicious programs installed: IPWins, MediaTickets by OIN, and Windows Installer 3.1 (KB893803). I know I've tried to remove the first 2 before and they've returned. Waiting on your instructions before I do anything to them this time.

HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:50:50 PM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\UltraMon\UltraMon.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
D:\Program Files\AIM6\aim6.exe
D:\WINDOWS\system32\RACLE~1\smss.exe
D:\WINDOWS\system32\?ymantec\??plorer.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\AIM6\aolsoftware.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\WINDOWS\system32\drwtsn32.exe
D:\WINDOWS\system32\drwtsn32.exe
D:\WINDOWS\explorer.exe
D:\Program Files\UltraMon\UltraMonTaskbar.exe
D:\Program Files\HijackThis\jamielaw.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R3 - URLSearchHook: (no name) - {8498BFE2-7302-5486-7636-5ED7390166B5} - D:\WINDOWS\system32\iceousrs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1AD4EF1C-FDF4-BB6D-AB3F-02B77CCE714D} - D:\WINDOWS\system32\njiqmim.dll
O2 - BHO: (no name) - {1CFE217E-9698-4A26-8C20-9EE0DB7431C8} - D:\WINDOWS\system32\geeby.dll (file missing)
O2 - BHO: (no name) - {32B9E480-B96C-A128-7D32-0BE9D81C8579} - D:\WINDOWS\system32\djmzarh.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - D:\WINDOWS\system32\ephyptva.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - D:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8498BFE2-7302-5486-7636-5ED7390166B5} - D:\WINDOWS\system32\iceousrs.dll
O2 - BHO: (no name) - {8DB193AD-06F7-42CB-90CE-F4CC337E28A7} - D:\WINDOWS\system32\mljji.dll (file missing)
O2 - BHO: (no name) - {C521EBB6-CC94-4688-B1E2-E19E00571CB3} - (no file)
O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UltraMon] "D:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [buwiycm.dll] D:\WINDOWS\system32\rundll32.exe D:\WINDOWS\system32\buwiycm.dll,yuuwps
O4 - HKLM\..\Run: [CTDrive] rundll32.exe D:\WINDOWS\system32\drvvac.dll,startup
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Pctr] "D:\WINDOWS\system32\RACLE~1\smss.exe" -vt yazr
O4 - HKCU\..\Run: [Fyj] D:\WINDOWS\system32\?ymantec\??plorer.exe
O4 - HKCU\..\Run: [iofr] D:\PROGRA~1\COMMON~1\iofr\iofrm.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164275862453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164590493921
O20 - Winlogon Notify: geeby - D:\WINDOWS\
O20 - Winlogon Notify: tuvwxxu - D:\WINDOWS\
O20 - Winlogon Notify: winemx32 - D:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

#8 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 02 December 2006 - 05:42 PM

Hey Wallskm

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    D:\WINDOWS\system32\appmgmt
    D:\WINDOWS\system32\oulvofsw.exe
    D:\WINDOWS\V2FsbHM
    D:\Program Files\Common Files\iofr
    D:\WINDOWS\system32\njiqmim.dll
    D:\WINDOWS\system32\drvvac.dll
    D:\WINDOWS\system32\tuvwxxu.dll
    D:\WINDOWS\system32\priuqcds.exe
    D:\WINDOWS\system32\ephyptva.dll
    D:\WINDOWS\system32\dvgtnbm.dll
    D:\WINDOWS\system32\drvsad.dll
    D:\WINDOWS\system32\ddccbbc.dll
    D:\WINDOWS\system32\iceousrs.dll
    D:\WINDOWS\system32\wintcc.exe
    D:\WINDOWS\system\CP3240MT.DLL
    D:\WINDOWS\system32\RACLE~1\smss.exe
    D:\QooBox\Purity\Program Files\RACLE~1
    D:\QooBox\Purity\WINDOWS\system32\RACLE~1
    D:\QooBox\Purity\WINDOWS\system32\YMANTE~1
    D:\QooBox\Purity\WINDOWS\system32\RACLE~1\RACLE~1
    D:\QooBox\Purity\WINDOWS\system32\RACLE~1\smss.exe
    D:\QooBox\Purity\WINDOWS\system32\YMANTE~1\??plorer.exe
    D:\VundoFix Backups
    D:\Program Files\VSAdd-in
    D:\WINDOWS\system32\drvvac.dll
    D:\WINDOWS\system32\buwiycm.dll


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please could you locate this file using Windows Explorer, right-click it and select edit. Then post the contents in your next reply:

D:\WINDOWS\test.bat


Registry:

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.

Backup Registry:

First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:

regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Registry Modification/s:

1. Open Notepad and copy/paste the following code (do not make any alterations to it) :

REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Pctr"=-
"Fyj"=-
"iofr"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"buwiycm.dll"=-
"CTDrive"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeby]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwxxu]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winemx32]

2. Save the file to your desktop as: "FixME.reg" (make sure you include the quotes)
3. The file should look like this: Posted Image
4. Double-click on FixME.reg. It will ask if you want to merge it with the registry - click Yes

Uninstall List:

1. Open Hijackthis and select: Open the Misc Tools section.
2. Then choose: Open Uninstall Manager and click Save List.
3. Save the list to your computer.
4. Then copy the contents of the list back to this thread in your next reply.

Please can you include the following logs in your next reply - they may need separate posts to stop them getting cut off:

Contents of this file: D:\WINDOWS\test.bat
Uninstall List
A new Hijackthis log

My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#9 Wallskm

Wallskm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 02 December 2006 - 06:43 PM

test.bat:

:Repeat
del C:\29499714.exe
if exist C:\29499714.exe goto Repeat


uninstall_list:


3DMark06
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0
AIM 6.0
ASUS Probe V2.23.02
AVG Free Edition
Documents To Go
EphPod
HijackThis 1.99.1
IpWins
iTunes
J2SE Runtime Environment 5.0 Update 10
MediaTickets by OIN
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (2.0)
Nero Media Player
Nero OEM
NeroVision Express 2
NVIDIA Drivers
palmOne
PowerDVD
QuickTime
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB925486)
SoundMAX
SpeedFan (remove only)
Spybot - Search & Destroy 1.4
UltraMon
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
ZoneAlarm

HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 5:39:33 PM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\UltraMon\UltraMon.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
D:\Program Files\AIM6\aim6.exe
D:\Program Files\UltraMon\UltraMonTaskbar.exe
D:\Program Files\AIM6\aolsoftware.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
D:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
D:\Program Files\HijackThis\jamielaw.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R3 - URLSearchHook: (no name) - {8498BFE2-7302-5486-7636-5ED7390166B5} - D:\WINDOWS\system32\iceousrs.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1AD4EF1C-FDF4-BB6D-AB3F-02B77CCE714D} - D:\WINDOWS\system32\njiqmim.dll (file missing)
O2 - BHO: (no name) - {1CFE217E-9698-4A26-8C20-9EE0DB7431C8} - D:\WINDOWS\system32\geeby.dll (file missing)
O2 - BHO: (no name) - {32B9E480-B96C-A128-7D32-0BE9D81C8579} - D:\WINDOWS\system32\djmzarh.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - D:\WINDOWS\system32\ephyptva.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - D:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8498BFE2-7302-5486-7636-5ED7390166B5} - D:\WINDOWS\system32\iceousrs.dll (file missing)
O2 - BHO: (no name) - {8DB193AD-06F7-42CB-90CE-F4CC337E28A7} - D:\WINDOWS\system32\mljji.dll (file missing)
O2 - BHO: (no name) - {C521EBB6-CC94-4688-B1E2-E19E00571CB3} - (no file)
O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UltraMon] "D:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164275862453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164590493921
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

#10 Wallskm

Wallskm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 03 December 2006 - 12:10 AM

jamielaw,

I'll be working a 24-hour shift tomorrow and will follow your next steps when I return home Monday morning.

Wallskm

#11 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 03 December 2006 - 08:10 AM

A 24-hour shift! :thumbsup:

I'll wait don't worry - take your time.
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#12 Wallskm

Wallskm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 04 December 2006 - 09:41 AM

Ok, I'm back home now. What should I do next?

#13 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 05 December 2006 - 02:21 PM

Hey Wallskm

Uninstall Bad Programs:

1. Click Start >> Control Panel >> Add/Remove Programs
2. Select each of these programs, click Remove and follow the prompts to uninstall them:

IpWins
MediaTickets by OIN


Fix the HJT entries:
  • Open hijackthis and select the DO A SYSTEM SCAN ONLY option.
  • Place a check next to the following items:

    R3 - URLSearchHook: (no name) - {8498BFE2-7302-5486-7636-5ED7390166B5} - D:\WINDOWS\system32\iceousrs.dll (file missing)
    O2 - BHO: (no name) - {1AD4EF1C-FDF4-BB6D-AB3F-02B77CCE714D} - D:\WINDOWS\system32\njiqmim.dll (file missing)
    O2 - BHO: (no name) - {1CFE217E-9698-4A26-8C20-9EE0DB7431C8} - D:\WINDOWS\system32\geeby.dll (file missing)
    O2 - BHO: (no name) - {32B9E480-B96C-A128-7D32-0BE9D81C8579} - D:\WINDOWS\system32\djmzarh.dll
    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - D:\WINDOWS\system32\ephyptva.dll (file missing)
    O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - D:\WINDOWS\system32\ixt0.dll (file missing)
    O2 - BHO: (no name) - {8498BFE2-7302-5486-7636-5ED7390166B5} - D:\WINDOWS\system32\iceousrs.dll (file missing)
    O2 - BHO: (no name) - {8DB193AD-06F7-42CB-90CE-F4CC337E28A7} - D:\WINDOWS\system32\mljji.dll (file missing)
    O2 - BHO: (no name) - {C521EBB6-CC94-4688-B1E2-E19E00571CB3} - (no file)
    O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - (no file)
  • Close all open browsers and windows, except hijackthis. Then select fix checked . Now close HJT.
Using the instructions for KillBox from earlier please delete this file:

D:\WINDOWS\system32\djmzarh.dll

How is your computer running - any problems? Please post a fresh Hijackthis log

My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#14 Wallskm

Wallskm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 05 December 2006 - 05:51 PM

Computer seems to be working just fine!

Logfile of HijackThis v1.99.1
Scan saved at 4:46:58 PM, on 12/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\UltraMon\UltraMon.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
D:\Program Files\AIM6\aim6.exe
D:\Program Files\AIM6\aolsoftware.exe
D:\Program Files\UltraMon\UltraMonTaskbar.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\HijackThis\jamielaw.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UltraMon] "D:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164275862453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164590493921
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

#15 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 06 December 2006 - 02:50 PM

Hey Wallskm

Good! :thumbsup:

This is my normal post for when you are clear - which you now are - or seem to be. Please advise of any problems you still have :-

Please pay particular attention to Step A & G!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and re-enable system restore to make sure there are no infected files found in a restore point. Sometimes viruses can hide in there and if you ever needed to restore your system you would then re-infect your self
    You can find instructions on how to enable and re enable system restore here:Windows XP System Restore Guide

    Or simply follow these instructions:
    • Click Start, run and type SYSDM.CPL
    • Select the System Restore Tab
    • Check the box to Turn off System Restore on all drives
    • Click Apply and then OK to the confirmation window
    • Then uncheck the box, click apply and then OK.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
    Computer Safety On line - Anti-Virus
  • Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware
  • Install HostsMan - HostsMan will add a large list of restricted websites to your hosts file. This will prevent you from visiting some bad websites.
    Download Hostsman here!
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Stand up and be Counted.

NOW is the time you can start to hit back at the people who infected you.
Posted Image
Please take the time to go and complain - that forum has a topic for your infection which is ................ please post as a reply, you do not need to register to do so (but you can if you wish). It will also have a list of other places you can go to to register your complaint, depending on the country you are resident in. Please read the topics and complain, it is only with such complaints to goverment or government agances that something will get done.


Happy Surfing!

Jamie
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users