Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

iexplore.exe

Register Members New Posts Donate Unanswered Posts Site Spy Search


Reply
1 2 >
 
Thread Tools
  #1  
Old 15-01-2008, 05:50 PM
rsteenoven's Avatar
CJ Member
 
rsteenoven is offline
 
Join Date: Sep 2007
Last Online: 09-07-2008 08:14 PM
Posts: 49
iTrader: (0)
rsteenoven is on a distinguished road
Default iexplore.exe
I have read that this is bad, I do not have internet explorer open, but it is still running in my task manager (I dont think it is supposed to be in capitals), It is slowing down my computer. Is it a virus? spyware etc?

How do I remove it?
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #2  
Old 15-01-2008, 05:59 PM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 02:37 AM
Posts: 4,601
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default iexplore.exe
Lets take a quick look.
Download and rename HijackThis (HJT)
  • Double-click on HJTInstall.
  • Click on the Install button.
  • It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
  • Upon install, HijackThis should open for you.
    • Close HijackThis and rename it.
    • Go to C:\Program Files\Trend Micro\HijackThis.exe
    • Right click on HijackThis.exe and select Rename.
    • Type in sniper.exe and press Enter.
    • Right-click on sniper.exe and select Send To > Desktop (create shortcut)
  • From the desktop open HiackThis.
  • If using Windows Vista, be sure to Run As Administrator
  • Click on the Do a system scan and save a log file button
  • HijackThis will scan and then a log will open in notepad.
  • Copy and then paste the log in your post.
    • Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Even though we have renamed HijackThis to sniper, we will still refer to it as HijackThis or HJT.
__________________
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #3  
Old 15-01-2008, 06:08 PM
rsteenoven's Avatar
CJ Member
 
rsteenoven is offline
 
Join Date: Sep 2007
Last Online: 09-07-2008 08:14 PM
Posts: 49
iTrader: (0)
rsteenoven is on a distinguished road
Default iexplore.exe
For some reason I cant see IEXPLORE.exe here, but it is definately in the tm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:55 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.d ll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Second bat creative peak] C:\Documents and Settings\All Users\Application Data\Axis Readme Second Bat\dead lite.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [curblicense] C:\DOCUME~1\Richard\APPLIC~1\WAYBOW~1\Nurb more noun.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1197308803562
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7104 bytes
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #4  
Old 15-01-2008, 06:29 PM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 02:37 AM
Posts: 4,601
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default iexplore.exe
Yes you have some bad infections.

Step 1

Please download NoLop.exe to the Desktop:
  • Close any programs you have running since a reboot is required
  • Double click NoLop.exe to run it
  • Next, click the button labeled: Search and Destroy
    <<your computer will now be scanned for infected files>>
  • When the scan finishes, if infected, you are prompted to reboot
  • Click OK
  • Now click: REBOOT
  • A Message should popup from NoLop. If not, double click the program again and it will finish.
  • Post the contents of C:\NoLop.log in the next reply.
Note: If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.

---------------

Step 2
Download SUPERAntispyware Free Edition (SAS)
  • Double-click the icon on your desktop to run the installer.
  • When asked to Update the program definitions, click Yes
  • Next click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure only the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
  • Click the Close button to leave the control center screen.
  • On the main screen click Scan your computer
  • On the left check C:\Fixed Drive
  • On the right choose Perform Complete Scan
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK
  • Make sure everything in the white box has a check next to it, then click Next
  • It will quarantine what it found and if it asks if you want to reboot, click Yes
  • To retrieve the removal information please do the following:
    • After reboot, double-click the SUPERAntiSpyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Save the notepad file to your desktop by clicking (in notepad) "File" "Save As"
  • Save the log somewhere you can easily find it. (normally the desktop)
  • Click close and close again to exit the program.
  • Please copy and then paste the log in your post.
----------

Step 3

Run a new Hijackthis scan and post the log

----------

Next post please add.
The contents of C:\NoLop.log
SuperAntispyware log
New Hijackthis log

It may take more than one post to get all of the logs posted. This is fine if needed.
__________________
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #5  
Old 15-01-2008, 07:41 PM
rsteenoven's Avatar
CJ Member
 
rsteenoven is offline
 
Join Date: Sep 2007
Last Online: 09-07-2008 08:14 PM
Posts: 49
iTrader: (0)
rsteenoven is on a distinguished road
Default iexplore.exe
Nolop log:

NoLop! Log by Skate_Punk_21

Fix running from: C:\Program Files\Mozilla Firefox
[1/15/2008]
[7:34:10 PM]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\ADB7C425918477B9.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Axis Readme Second Bat
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Messenger Plus! -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft Help
C:\Documents and Settings\All Users\Application Data\Nvidia -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Sony
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Wlinstaller
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Xfire -- EMPTY Directory
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Xfire -- EMPTY Directory
C:\Documents and Settings\Richard\Application Data\Adobe
C:\Documents and Settings\Richard\Application Data\Apple Computer
C:\Documents and Settings\Richard\Application Data\Avg7
C:\Documents and Settings\Richard\Application Data\Bittorrent
C:\Documents and Settings\Richard\Application Data\Divx
C:\Documents and Settings\Richard\Application Data\Dna
C:\Documents and Settings\Richard\Application Data\Dvdcss
C:\Documents and Settings\Richard\Application Data\Fotowire
C:\Documents and Settings\Richard\Application Data\Gtk-2.0
C:\Documents and Settings\Richard\Application Data\Identities
C:\Documents and Settings\Richard\Application Data\Installshield
C:\Documents and Settings\Richard\Application Data\Macromedia
C:\Documents and Settings\Richard\Application Data\Microsoft
C:\Documents and Settings\Richard\Application Data\Monkeyjam
C:\Documents and Settings\Richard\Application Data\Mozilla
C:\Documents and Settings\Richard\Application Data\Publish Providers -- EMPTY Directory
C:\Documents and Settings\Richard\Application Data\Real
C:\Documents and Settings\Richard\Application Data\Smartftp
C:\Documents and Settings\Richard\Application Data\Sony
C:\Documents and Settings\Richard\Application Data\Sony Setup
C:\Documents and Settings\Richard\Application Data\Sun
C:\Documents and Settings\Richard\Application Data\Systemrequirementslab
C:\Documents and Settings\Richard\Application Data\Vlc
C:\Documents and Settings\Richard\Application Data\Waybowsreal
C:\Documents and Settings\Richard\Application Data\Xfire


Super anti spyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/15/2008 at 08:32 PM

Application Version : 3.9.1008

Core Rules Database Version : 3380
Trace Rules Database Version: 1374

Scan type : Complete Scan
Total Scan Time : 00:46:41

Memory items scanned : 385
Memory threats detected : 0
Registry items scanned : 5574
Registry threats detected : 0
File items scanned : 40825
File threats detected : 66

Adware.Tracking Cookie
C:\Documents and Settings\Richard\Cookies\richard@cassava[1].txt
C:\Documents and Settings\Richard\Cookies\richard@fastclick[1].txt
C:\Documents and Settings\Richard\Cookies\richard@server.lon.livepe rson[1].txt
C:\Documents and Settings\Richard\Cookies\richard@casalemedia[2].txt
C:\Documents and Settings\Richard\Cookies\richard@www.ppctracking[1].txt
C:\Documents and Settings\Richard\Cookies\richard@adopt.euroclick[2].txt
C:\Documents and Settings\Richard\Cookies\richard@serving-sys[1].txt
C:\Documents and Settings\Richard\Cookies\richard@www.adserver5[2].txt
C:\Documents and Settings\Richard\Cookies\richard@carphonewarehouse .112.2o7[1].txt
C:\Documents and Settings\Richard\Cookies\richard@m1.webstats.motig o[1].txt
C:\Documents and Settings\Richard\Cookies\richard@msnportal.112.2o7[1].txt
C:\Documents and Settings\Richard\Cookies\richard@ads.vlaze[2].txt
C:\Documents and Settings\Richard\Cookies\richard@reduxads.valuead[2].txt
C:\Documents and Settings\Richard\Cookies\richard@rotator.adjuggler[1].txt
C:\Documents and Settings\Richard\Cookies\richard@888[2].txt
C:\Documents and Settings\Richard\Cookies\richard@uk[1].txt
C:\Documents and Settings\Richard\Cookies\richard@247realmedia[1].txt
C:\Documents and Settings\Richard\Cookies\richard@adfarm1.adition[1].txt
C:\Documents and Settings\Richard\Cookies\richard@login.tracking101[2].txt
C:\Documents and Settings\Richard\Cookies\richard@stats.channel4[1].txt
C:\Documents and Settings\Richard\Cookies\richard@azjmp[1].txt
C:\Documents and Settings\Richard\Cookies\richard@partygaming.122.2 o7[1].txt
C:\Documents and Settings\Richard\Cookies\richard@doubleclick[2].txt
C:\Documents and Settings\Richard\Cookies\richard@advertising[1].txt
C:\Documents and Settings\Richard\Cookies\richard@bs.serving-sys[2].txt
C:\Documents and Settings\Richard\Cookies\richard@bluestreak[1].txt
C:\Documents and Settings\Richard\Cookies\richard@anad.tacoda[2].txt
C:\Documents and Settings\Richard\Cookies\richard@ehg-youtube.hitbox[1].txt
C:\Documents and Settings\Richard\Cookies\richard@banner.carnavalca sino[2].txt
C:\Documents and Settings\Richard\Cookies\richard@60915153[1].txt
C:\Documents and Settings\Richard\Cookies\richard@tracking.foxnews[2].txt
C:\Documents and Settings\Richard\Cookies\richard@ad.yieldmanager[2].txt
C:\Documents and Settings\Richard\Cookies\richard@ads.veoh[1].txt
C:\Documents and Settings\Richard\Cookies\richard@www.clash-media[2].txt
C:\Documents and Settings\Richard\Cookies\richard@a.websponsors[1].txt
C:\Documents and Settings\Richard\Cookies\richard@banner.casino.bla ckpoolclub.co[2].txt
C:\Documents and Settings\Richard\Cookies\richard@prospect.adbureau[1].txt
C:\Documents and Settings\Richard\Cookies\richard@adrevolver[3].txt
C:\Documents and Settings\Richard\Cookies\richard@banner.bingo.blac kpoolclub.co[2].txt
C:\Documents and Settings\Richard\Cookies\richard@media.adrevolver[1].txt
C:\Documents and Settings\Richard\Cookies\richard@cgi-bin[2].txt
C:\Documents and Settings\Richard\Cookies\richard@p[1].txt
C:\Documents and Settings\Richard\Cookies\richard@lycos-de[1].txt
C:\Documents and Settings\Richard\Cookies\richard@tribalfusion[1].txt
C:\Documents and Settings\Richard\Cookies\richard@eas.apm.emediate[2].txt
C:\Documents and Settings\Richard\Cookies\richard@anat.tacoda[1].txt
C:\Documents and Settings\Richard\Cookies\richard@ad.zanox[1].txt
C:\Documents and Settings\Richard\Cookies\richard@net-revenue[2].txt
C:\Documents and Settings\Richard\Cookies\richard@hitbox[2].txt
C:\Documents and Settings\Richard\Cookies\richard@revsci[2].txt
C:\Documents and Settings\Richard\Cookies\richard@statse.webtrendsl ive[2].txt
C:\Documents and Settings\Richard\Cookies\richard@questionmarket[1].txt
C:\Documents and Settings\Richard\Cookies\richard@ads.addynamix[2].txt
C:\Documents and Settings\Richard\Cookies\richard@2o7[2].txt
C:\Documents and Settings\Richard\Cookies\richard@pacificpoker[2].txt
C:\Documents and Settings\Richard\Cookies\richard@mediaplex[2].txt
C:\Documents and Settings\Richard\Cookies\richard@media.xfire[2].txt
C:\Documents and Settings\Richard\Cookies\richard@atdmt[2].txt
C:\Documents and Settings\Richard\Cookies\richard@apmebf[2].txt
C:\Documents and Settings\Richard\Cookies\richard@partypoker[1].txt
C:\Documents and Settings\Richard\Cookies\richard@zedo[1].txt
C:\Documents and Settings\Richard\Cookies\richard@adrevolver[1].txt
C:\Documents and Settings\Richard\Cookies\richard@tradedoubler[2].txt
C:\Documents and Settings\Richard\Cookies\richard@adserver.filefron t[1].txt
C:\Documents and Settings\Richard\Cookies\richard@a[1].txt

Adware.180solutions/ZangoSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{39B7D61A-C471-441E-B6D4-5930E1D582CD}\RP37\A0003673.EXE

Hi jack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:58 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.d ll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Second bat creative peak] C:\Documents and Settings\All Users\Application Data\Axis Readme Second Bat\dead lite.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [curblicense] C:\DOCUME~1\Richard\APPLIC~1\WAYBOW~1\Nurb more noun.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1197308803562
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7041 bytes


I hope this is sufficient
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #6  
Old 15-01-2008, 07:57 PM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 02:37 AM
Posts: 4,601
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default iexplore.exe
Open HijackThis and select Do a system scan only then place a check mark next to:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


Close all windows except for HijackThis and click Fix checked

Exit Hijackthis.

----------

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)IMPORTANT - Combofix.exe MUST be saved to your your Desktop.
  • Close any open Web browsers. (Firefox, Internet Explorer, etc)
  • Close/disable all anti virus and anti malware programs so they do not interfere with Combofix. <-- IMPORTANT
    • Click on this link to see a list of programs that should be disabled. If yours is not listed and you don't know how to disable it, please ask.
  • Double click combofix.exe & follow the prompts.
    • From the keyboard select 1 and press Enter
  • When finished, it will produce a log for you.
  • Post that log in your next reply.
Do not mouseclick combofix's window while it's running.
The scan will temporarily disable your desktop.
If interrupted it may leave your computer frozen.
If this occurs, please reboot to restore the desktop.


----------

Next post
Combofix log
__________________
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #7  
Old 15-01-2008, 08:06 PM
rsteenoven's Avatar
CJ Member
 
rsteenoven is offline
 
Join Date: Sep 2007
Last Online: 09-07-2008 08:14 PM
Posts: 49
iTrader: (0)
rsteenoven is on a distinguished road
Default iexplore.exe
ComboFix 08-01-15.4 - Richard 2008-01-15 21:03:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.587 [GMT 0:00]
Running from: C:\Documents and Settings\Richard\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.

2008-01-15 21:03 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 19:41 . 2008-01-15 20:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-15 19:41 . 2008-01-15 19:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-15 19:41 . 2008-01-15 19:41 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\SUPERAntiSpyware.com
2008-01-15 19:41 . 2008-01-15 19:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-15 19:34 . 2008-01-15 19:36 <DIR> d-------- C:\NoLopBackups
2008-01-15 19:01 . 2008-01-15 19:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-15 16:32 . 2008-01-15 16:32 <DIR> d-------- C:\Program Files\WayBowsReal
2008-01-11 10:27 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-01-11 10:26 . 2008-01-11 10:26 22,328 --a------ C:\Documents and Settings\Richard\Application Data\PnkBstrK.sys
2008-01-11 10:25 . 2008-01-11 10:25 319 --a------ C:\WINDOWS\game.ini
2008-01-11 10:15 . 2008-01-11 10:15 <DIR> d-------- C:\Program Files\Activision
2008-01-11 10:14 . 2008-01-11 10:14 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-01-11 00:29 . 2008-01-11 00:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-05 21:00 . 2008-01-05 21:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-03 18:41 . 2008-01-03 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-03 18:00 . 2008-01-03 18:00 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-01-03 18:00 . 2008-01-15 19:36 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\WayBowsReal
2008-01-03 18:00 . 2008-01-15 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Axis Readme Second Bat
2007-12-30 16:54 . 2007-12-30 16:54 <DIR> d-------- C:\Program Files\Whisper Technology
2007-12-30 16:36 . 2007-12-30 16:36 <DIR> d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
2007-12-30 16:36 . 2007-12-30 16:36 <DIR> d-------- C:\Program Files\SmartFTP Client
2007-12-30 16:36 . 2007-12-30 16:36 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\SmartFTP
2007-12-30 07:48 . 2007-12-30 07:48 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\Sony
2007-12-30 07:48 . 2007-12-30 07:48 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\Publish Providers
2007-12-30 07:45 . 2007-12-30 07:45 <DIR> d-------- C:\Program Files\Vstplugins
2007-12-30 07:45 . 2007-12-30 07:45 <DIR> d-------- C:\Program Files\Sony
2007-12-30 07:45 . 2007-12-30 07:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2007-12-30 07:39 . 2007-12-30 07:39 <DIR> d-------- C:\Program Files\Sony Setup
2007-12-30 07:39 . 2007-12-30 07:39 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\Sony Setup
2007-12-29 23:30 . 2008-01-15 17:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-29 23:30 . 2007-12-29 23:30 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-29 15:45 . 2007-12-29 15:45 <DIR> d-------- C:\Program Files\FPS
2007-12-29 15:45 . 2007-12-29 15:45 286,720 --------- C:\WINDOWS\Setup1.exe
2007-12-29 15:45 . 2007-12-29 15:45 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-12-29 12:08 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-12-29 12:08 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2007-12-29 12:08 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-12-29 12:08 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2007-12-29 12:04 . 2007-12-29 12:04 <DIR> d-------- C:\SXS
2007-12-29 12:04 . 2007-12-29 12:04 <DIR> d-------- C:\Program Files\Logitech
2007-12-29 12:04 . 2007-12-29 12:04 <DIR> d-------- C:\Program Files\Common Files\FotoWire
2007-12-29 12:04 . 2007-12-29 12:04 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\FotoWire
2007-12-29 12:03 . 2007-12-29 12:03 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-12-28 19:09 . 2007-12-28 19:46 <DIR> d-------- C:\Program Files\eMule
2007-12-28 17:29 . 2007-12-28 17:29 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\DivX
2007-12-27 00:05 . 2007-12-27 00:05 <DIR> d-------- C:\Fraps
2007-12-27 00:05 . 2007-12-27 00:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-24 17:11 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-24 17:11 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-24 17:11 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-23 21:01 . 2008-01-03 20:48 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\gtk-2.0
2007-12-23 21:01 . 2007-12-23 21:01 <DIR> d-------- C:\Documents and Settings\Richard\.thumbnails
2007-12-23 21:00 . 2007-12-23 21:00 <DIR> d-------- C:\Program Files\GIMP-2.0
2007-12-23 21:00 . 2008-01-03 20:54 <DIR> d-------- C:\Documents and Settings\Richard\.gimp-2.4
2007-12-22 15:39 . 2007-12-22 15:39 <DIR> d-------- C:\Program Files\DNA
2007-12-22 15:39 . 2008-01-15 20:56 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\DNA
2007-12-22 15:39 . 2007-12-28 19:40 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\BitTorrent
2007-12-22 15:22 . 2007-12-22 15:22 <DIR> d-------- C:\Program Files\Audacity
2007-12-22 15:21 . 2007-12-22 15:21 <DIR> d-------- C:\Program Files\MonkeyJam
2007-12-22 15:21 . 2007-12-22 15:21 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\MonkeyJam
2007-12-22 15:21 . 2005-02-27 17:11 424,960 --a------ C:\WINDOWS\system32\wavdest.ax
2007-12-21 15:27 . 2007-12-21 15:27 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-21 15:27 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-12-21 15:26 . 2007-12-21 15:26 <DIR> d-------- C:\Program Files\MSBuild
2007-12-21 15:23 . 2007-12-21 15:26 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-12-21 15:22 . 2007-12-21 15:22 <DIR> dr-h----- C:\MSOCache
2007-12-21 15:22 . 2007-12-21 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-19 19:56 . 2007-12-28 13:01 <DIR> d-------- C:\Program Files\DivX
2007-12-15 23:51 . 2007-12-15 23:51 <DIR> d-------- C:\Program Files\VideoLAN
2007-12-15 23:51 . 2007-12-15 23:51 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\vlc
2007-12-15 23:51 . 2007-12-15 23:51 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\dvdcss
2007-12-15 23:36 . 2007-12-22 15:29 <DIR> d-------- C:\Program Files\Real
2007-12-15 23:36 . 2007-12-15 23:36 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-15 23:36 . 2007-12-15 23:36 <DIR> d-------- C:\Program Files\Common Files\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-15 19:36 --------- d-----w C:\Program Files\Xfire
2008-01-15 17:54 --------- d-----w C:\Documents and Settings\Richard\Application Data\AVG7
2008-01-15 17:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-01-15 17:46 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-15 17:46 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-15 17:45 --------- d-----w C:\Documents and Settings\Richard\Application Data\Xfire
2008-01-11 23:18 --------- d-----w C:\Program Files\SpeedFan
2008-01-11 22:26 5,615 ----a-w C:\Program Files\install.log
2008-01-11 19:06 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-01-11 10:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 15:26 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-21 18:56 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-12-12 21:45 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-12 21:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-12-12 21:31 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-12 20:38 --------- d-----w C:\Documents and Settings\Richard\Application Data\Apple Computer
2007-12-12 20:32 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-12 20:04 --------- d-----w C:\Program Files\QuickTime
2007-12-12 20:03 --------- d-----w C:\Program Files\Apple Software Update
2007-12-12 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-12 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-10 22:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2007-12-10 22:01 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-12-10 18:58 --------- d-----w C:\Program Files\CCleaner
2007-12-10 18:02 --------- d-----w C:\Program Files\Java
2007-12-10 18:02 --------- d-----w C:\Documents and Settings\Richard\Application Data\SystemRequirementsLab
2007-12-10 18:00 --------- d-----w C:\Program Files\Common Files\Java
2007-12-10 17:54 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-10 17:54 --------- d-----w C:\Program Files\Windows Live
2007-12-10 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-10 17:39 --------- d-----w C:\Program Files\RivaTuner v2.06
2007-12-08 22:50 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-12-07 18:43 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-12-07 18:43 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-12-07 18:43 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-07 18:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-07 18:24 --------- d-----w C:\Program Files\AquaMark3
2007-12-07 17:45 --------- d-----w C:\Program Files\Realtek
2007-12-07 17:45 --------- d-----w C:\Documents and Settings\Richard\Application Data\InstallShield
2007-12-07 17:44 4,716 ----a-w C:\WINDOWS\gdrv.sys
2007-12-07 17:43 --------- d-----w C:\Program Files\Intel
2007-12-07 17:42 --------- d-----w C:\Program Files\Yahoo!
2007-12-07 17:37 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-10-18 11:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2007-12-22 15:39 290112]
"curblicense"="C:\DOCUME~1\Richard\APPLIC~1\WAYBOW ~1\Nurb more noun.exe" [2008-01-15 16:32 443904]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 09:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 10:04 2879488 C:\WINDOWS\SkyTel.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 16:29 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2007-09-17 01:07 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-15 23:36 185896]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 16:15 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-25 17:15 454656]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-25 17:06 212992]
"Second bat creative peak"="C:\Documents and Settings\All Users\Application Data\Axis Readme Second Bat\dead lite.exe" [2008-01-15 20:37 1348608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-07 18:42 219136]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-12-07 17:44]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL2 1.sys [2004-02-14 04:09]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-12 20:03:45 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 21:04:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-01-15 21:05:11
.
2008-01-05 21:00:15 --- E O F ---
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #8  
Old 15-01-2008, 08:58 PM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 02:37 AM
Posts: 4,601
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default iexplore.exe
Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
  • Click Start , then Run
  • Type notepad.exe in the Run Box.
2. Copy the bold text below by highlighting all the text and pressing Ctrl+C


File::
C:\Documents and Settings\All Users\Application Data\Axis Readme Second Bat\dead lite.exe
C:\DOCUME~1\Richard\APPLIC~1\WAYBOW~1\Nurb more noun.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"curblicense"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Second bat creative peak"=-


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

----------

Run a new Hijackthis scan and post the log.

----------

Next post
Combofix log
New Hijackthis log
__________________
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #9  
Old 15-01-2008, 09:07 PM
rsteenoven's Avatar
CJ Member
 
rsteenoven is offline
 
Join Date: Sep 2007
Last Online: 09-07-2008 08:14 PM
Posts: 49
iTrader: (0)
rsteenoven is on a distinguished road
Default iexplore.exe
ComboFix 08-01-15.4 - Richard 2008-01-15 22:03:05.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.560 [GMT 0:00]
Running from: C:\Documents and Settings\Richard\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Richard\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\DOCUME~1\Richard\APPLIC~1\WAYBOW~1\Nurb more noun.exe
C:\Documents and Settings\All Users\Application Data\Axis Readme Second Bat\dead lite.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Richard\APPLIC~1\WAYBOW~1\Nurb more noun.exe
C:\Documents and Settings\All Users\Application Data\Axis Readme Second Bat\dead lite.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.

2008-01-15 21:03 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 19:41 . 2008-01-15 20:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-15 19:41 . 2008-01-15 19:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-15 19:41 . 2008-01-15 19:41 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\SUPERAntiSpyware.com
2008-01-15 19:41 . 2008-01-15 19:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-15 19:34 . 2008-01-15 19:36 <DIR> d-------- C:\NoLopBackups
2008-01-15 19:01 . 2008-01-15 19:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-15 16:32 . 2008-01-15 16:32 <DIR> d-------- C:\Program Files\WayBowsReal
2008-01-11 10:27 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-01-11 10:26 . 2008-01-11 10:26 22,328 --a------ C:\Documents and Settings\Richard\Application Data\PnkBstrK.sys
2008-01-11 10:25 . 2008-01-11 10:25 319 --a------ C:\WINDOWS\game.ini
2008-01-11 10:15 . 2008-01-11 10:15 <DIR> d-------- C:\Program Files\Activision
2008-01-11 10:14 . 2008-01-11 10:14 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-01-11 00:29 . 2008-01-11 00:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-05 21:00 . 2008-01-05 21:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-03 18:41 . 2008-01-03 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-03 18:00 . 2008-01-03 18:00 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-01-03 18:00 . 2008-01-15 22:03 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\WayBowsReal
2008-01-03 18:00 . 2008-01-15 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Axis Readme Second Bat
2007-12-30 16:54 . 2007-12-30 16:54 <DIR> d-------- C:\Program Files\Whisper Technology
2007-12-30 16:36 . 2007-12-30 16:36 <DIR> d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
2007-12-30 16:36 . 2007-12-30 16:36 <DIR> d-------- C:\Program Files\SmartFTP Client
2007-12-30 16:36 . 2007-12-30 16:36 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\SmartFTP
2007-12-30 07:48 . 2007-12-30 07:48 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\Sony
2007-12-30 07:48 . 2007-12-30 07:48 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\Publish Providers
2007-12-30 07:45 . 2007-12-30 07:45 <DIR> d-------- C:\Program Files\Vstplugins
2007-12-30 07:45 . 2007-12-30 07:45 <DIR> d-------- C:\Program Files\Sony
2007-12-30 07:45 . 2007-12-30 07:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2007-12-30 07:39 . 2007-12-30 07:39 <DIR> d-------- C:\Program Files\Sony Setup
2007-12-30 07:39 . 2007-12-30 07:39 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\Sony Setup
2007-12-29 23:30 . 2008-01-15 17:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-29 23:30 . 2007-12-29 23:30 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-29 15:45 . 2007-12-29 15:45 <DIR> d-------- C:\Program Files\FPS
2007-12-29 15:45 . 2007-12-29 15:45 286,720 --------- C:\WINDOWS\Setup1.exe
2007-12-29 15:45 . 2007-12-29 15:45 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-12-29 12:08 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-12-29 12:08 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2007-12-29 12:08 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-12-29 12:08 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2007-12-29 12:04 . 2007-12-29 12:04 <DIR> d-------- C:\SXS
2007-12-29 12:04 . 2007-12-29 12:04 <DIR> d-------- C:\Program Files\Logitech
2007-12-29 12:04 . 2007-12-29 12:04 <DIR> d-------- C:\Program Files\Common Files\FotoWire
2007-12-29 12:04 . 2007-12-29 12:04 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\FotoWire
2007-12-29 12:03 . 2007-12-29 12:03 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-12-28 19:09 . 2007-12-28 19:46 <DIR> d-------- C:\Program Files\eMule
2007-12-28 17:29 . 2007-12-28 17:29 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\DivX
2007-12-27 00:05 . 2007-12-27 00:05 <DIR> d-------- C:\Fraps
2007-12-27 00:05 . 2007-12-27 00:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-24 17:11 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-24 17:11 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-24 17:11 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-23 21:01 . 2008-01-03 20:48 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\gtk-2.0
2007-12-23 21:01 . 2007-12-23 21:01 <DIR> d-------- C:\Documents and Settings\Richard\.thumbnails
2007-12-23 21:00 . 2007-12-23 21:00 <DIR> d-------- C:\Program Files\GIMP-2.0
2007-12-23 21:00 . 2008-01-03 20:54 <DIR> d-------- C:\Documents and Settings\Richard\.gimp-2.4
2007-12-22 15:39 . 2007-12-22 15:39 <DIR> d-------- C:\Program Files\DNA
2007-12-22 15:39 . 2008-01-15 22:03 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\DNA
2007-12-22 15:39 . 2007-12-28 19:40 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\BitTorrent
2007-12-22 15:22 . 2007-12-22 15:22 <DIR> d-------- C:\Program Files\Audacity
2007-12-22 15:21 . 2007-12-22 15:21 <DIR> d-------- C:\Program Files\MonkeyJam
2007-12-22 15:21 . 2007-12-22 15:21 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\MonkeyJam
2007-12-22 15:21 . 2005-02-27 17:11 424,960 --a------ C:\WINDOWS\system32\wavdest.ax
2007-12-21 15:27 . 2007-12-21 15:27 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-21 15:27 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-12-21 15:26 . 2007-12-21 15:26 <DIR> d-------- C:\Program Files\MSBuild
2007-12-21 15:23 . 2007-12-21 15:26 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-12-21 15:22 . 2007-12-21 15:22 <DIR> dr-h----- C:\MSOCache
2007-12-21 15:22 . 2007-12-21 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-19 19:56 . 2007-12-28 13:01 <DIR> d-------- C:\Program Files\DivX
2007-12-15 23:51 . 2007-12-15 23:51 <DIR> d-------- C:\Program Files\VideoLAN
2007-12-15 23:51 . 2007-12-15 23:51 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\vlc
2007-12-15 23:51 . 2007-12-15 23:51 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\dvdcss
2007-12-15 23:36 . 2007-12-22 15:29 <DIR> d-------- C:\Program Files\Real
2007-12-15 23:36 . 2007-12-15 23:36 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-15 23:36 . 2007-12-15 23:36 <DIR> d-------- C:\Program Files\Common Files\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-15 19:36 --------- d-----w C:\Program Files\Xfire
2008-01-15 17:54 --------- d-----w C:\Documents and Settings\Richard\Application Data\AVG7
2008-01-15 17:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-01-15 17:46 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-15 17:45 --------- d-----w C:\Documents and Settings\Richard\Application Data\Xfire
2008-01-11 23:18 --------- d-----w C:\Program Files\SpeedFan
2008-01-11 22:26 5,615 ----a-w C:\Program Files\install.log
2008-01-11 10:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 15:26 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-21 18:56 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-12-12 21:45 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-12 21:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-12-12 21:31 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-12 20:38 --------- d-----w C:\Documents and Settings\Richard\Application Data\Apple Computer
2007-12-12 20:32 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-12 20:04 --------- d-----w C:\Program Files\QuickTime
2007-12-12 20:03 --------- d-----w C:\Program Files\Apple Software Update
2007-12-12 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-12 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-10 22:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2007-12-10 22:01 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-12-10 18:58 --------- d-----w C:\Program Files\CCleaner
2007-12-10 18:02 --------- d-----w C:\Program Files\Java
2007-12-10 18:02 --------- d-----w C:\Documents and Settings\Richard\Application Data\SystemRequirementsLab
2007-12-10 18:00 --------- d-----w C:\Program Files\Common Files\Java
2007-12-10 17:54 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-10 17:54 --------- d-----w C:\Prog