|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
have several problems
This computer has several problems rying to take off a design that was made in freeweblayouts.net that my son put on this computer, also he did something to the active desk top and now I can not get into it even as the administrator. I have tried adding new admin but it still tells me that admin has locked control. Which brings me to my second problem, I can not upgrade windows service pack 3 it starts dowloading then stops half way through instalation. Also this compter takes 15 minutes unil the desk top comes up. Here is my hijack info, please help me.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:33:56 PM, on 8/23/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\AVG\AVG8\aAvgApi.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0 R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {2445EE97-4F94-4B37-88C4-F6B029AF8277} - C:\WINDOWS\system32\urqRIyyw.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {73984FE0-9702-4C55-9C7B-9BA3C5861F25} - C:\WINDOWS\system32\nnnnOeBS.dll (file missing) O2 - BHO: {944dea59-f2d2-82d8-da04-1d6a0085a0e9} - {9e0a5800-a6d1-40ad-8d28-2d2f95aed449} - C:\WINDOWS\system32\gfxhnj.dll (file missing) O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: QXK Olive - {AF4EBF01-2871-49E4-BF25-8F0564359C31} - C:\WINDOWS\wbxdpgfevkl.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: sqvgnrpx - {9437C997-89E6-4B84-A745-BEFD3A910FF5} - C:\WINDOWS\sqvgnrpx.dll (file missing) O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe O4 - HKLM\..\Run: [94ca55ac] "rundll32.exe" "C:\WINDOWS\system32\heypolba.dll",b O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZKxdm021MWUS O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: gfxhnj.dll,avgrsstx.dll O20 - Winlogon Notify: nnnnOeBS - nnnnOeBS.dll (file missing) O21 - SSODL: RunMicro - {6e0b501e-2086-4fa8-8551-ddc3e93a63f6} - C:\WINDOWS\Resources\RunMicro.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 10493 bytes Hopefully some one can help me, thanks Seer1 |
#2
|
||||
|
||||
Your operating system is infected seer1 but I want to see another type of log before we start cleaning up.
Download OldTimer's OTViewIt from here to your desktop,and doubleclick on OTViewIt.exe to start the scan. When the display opens place a check next to: Scan All Users Then click the Run Scan button to start the scan. Once that completes a textbox will open. Copy and paste the contents here for review please. The log can also be found on your desktop as OTViewIt.Txt. It will be a reasonably large log so you may have to divide the log into sections and make several posts to post it. Note - do not press any other buttons or make any other changes when running the scan. |
#3
|
|||
|
|||
Did what you said but....
AnnMarie,
I did what you said and ran the program it seemed to be scanning for a few minutes then came a box with the following message (List Index Out of Bounds (19). It then would not go any further I did notice that it was scanning the HOSTS file when this happeded. Now what |
#4
|
|||
|
|||
AnnMarie I did what you said and it seemed to run for a few then a box came up in the middle of the scan and said List Index out of bounds (19) it then froze there I did notice that it was scanning HOSTS files when this came up. Let me know what to do next.
Thanks seer1 |
#5
|
||||
|
||||
We will try another utility. Please download SDFix from here and save it to your desktop.
Doubleclick on SDFix.exe and click on Install. Navigate to the C:\SDFix folder and click on the RunThis.bat. From the list select option A - "Create System Report", then press Enter. When the scan completes a textbox will open - copy/paste those contents back here please. This can also be found at C:\SDFix\SystemReport.txt. !Do not select any other options unless directed! |
#6
|
|||
|
|||
Aug 23 2008 4:17:52p 396,288 A.... "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"
Aug 24 2008 12:54:40a 25,136 A.... "C:\Program Files\Webroot\Spy Sweeper\compressed.dat" Jul 27 2008 2:11:22a 280,777 A.... "C:\Program Files\Webroot\Spy Sweeper\unins000.dat" Jul 27 2008 2:09:20a 768,634 A.... "C:\Program Files\Webroot\Spy Sweeper\unins000.exe" Aug 24 2008 6:35:24p 343,144 A.... "C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0007NAV~.TMP" Aug 24 2008 6:00:18p 0 A.... "C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0415NAV~.TMP" Aug 3 2008 3:05:10p 455,960 A.... "C:\Program Files\Trend Micro\HijackThis\backups\backup-20080823-230608-215.dll" Aug 4 2008 5:59:12p 399 A.... "C:\Program Files\Avanquest\Fix-It\Updates\AntiVirus_Tables\cfg56.tmp" Aug 24 2008 6:50:26p 5,032 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chandir.dat " Aug 24 2008 6:50:26p 12,056 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chn.dat" Aug 9 2008 8:24:04p 4,032 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs.dat" Aug 9 2008 8:24:04p 2,816 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_die.dat " Aug 24 2008 2:51:46a 4,768 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_dnd.dat " Aug 9 2008 8:24:04p 3,008 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_ext.dat " Aug 23 2008 11:07:36p 7,104 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_rcv.dat " Aug 9 2008 8:24:04p 13,546 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\storydb.dat " Aug 23 2008 1:16:16p 159 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\5f3c\Stats. tmp" Aug 24 2008 5:03:46p 1,332 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\5f3c\UserPr of.dat" Files with hidden attributes: Wed 10 Oct 2007 211 A.SHR --- "C:\BOOT.BAK" Sat 3 Nov 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sat 3 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c4 06b1d7e0f5c1e6f6d44a3f6e\BIT4.tmp" Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc 8132a10b438ce6e2b49d4652\BIT2.tmp" Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111 678c52099a3b3123b12f2325\BIT6.tmp" Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5 109d0f8b0dee9fab84906813\BIT5.tmp" Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b 8fed23dd91f50d167cce60d3\BIT7.tmp" Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916b b150f8a929e7a4ffdfbc120f\BIT3.tmp" Program Folders: C:\Program Files\ 7-Zip ACW Adobe ATI Technologies Avanquest AVG Common Files Compaq Connections ComPlus Applications CONEXANT DivX Easy Internet signup FunWebProducts Hewlett-Packard HP InstallShield Installation Information InterActual Internet Explorer InterVideo Java Lexmark X1100 Series LimeWire Messenger Microsoft ActiveSync Microsoft CAPICOM 2.1.0.2 microsoft frontpage Microsoft Money 2005 Microsoft Office Microsoft Plus! Dancer LE Microsoft Plus! Digital Media Edition Microsoft Plus! Photo Story 2 LE Microsoft Visual Studio Microsoft Works Microsoft.NET Movie Maker MSN MSN Encarta Standard MSN Gaming Zone MSXML 4.0 MySpace MyWebSearch NetMeeting Norton Internet Security Online Services Outlook Express PC-Doctor 5 for Windows PC-Doctor for DOS Quicken Sonic support.com Symantec Trend Micro TryMedia Uninstall Information Webroot WildTangent Windows Media Connect 2 Windows Media Player Windows NT WindowsUpdate xerox Yahoo! Yahoo! Games C:\Program Files\Common Files\ Adobe DESIGNER HP InstallShield Java L&H Microsoft Shared MSSoap ODBC Real Services SpeechEngines SupportSoft Symantec Shared System Wise Installation Wizard Add/Remove Programs: 360Share Pro(remove only) 7-Zip 4.57 Adobe Flash Player ActiveX Adobe Shockwave Player ATI Display Driver AVG Free 8.0 Data Fax SoftModem with SmartCP HijackThis 2.0.2 Compaq Connections (remove only) Microsoft Internationalized Domain Names Mitigation APIs Windows Internet Explorer 7 PC-Doctor 5 for Windows Windows XP Hotfix - KB873339 Windows XP Hotfix - KB883667 Security Update for Windows XP (KB883939) Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 High Definition Audio Driver Package - KB888111 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888239 Windows XP Hotfix - KB888302 Security Update for Windows XP (KB890046) Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows Genuine Advantage Validation Tool (KB892130) Windows XP Hotfix - KB893066 Security Update for Windows XP (KB893756) Windows Installer 3.1 (KB893803) Update for Windows XP (KB894391) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896428) Update for Windows XP (KB898461) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Update for Windows XP (KB900485) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Update for Windows XP (KB904942) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows Media Player (KB911564) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Update for Windows XP (KB916595) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Update for Windows XP (KB920872) Security Update for Windows XP (KB921503) Update for Windows XP (KB922582) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB925902) Hotfix for Windows XP (KB926239) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Update for Windows XP (KB927891) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Hotfix for Windows Media Format 11 SDK (KB929399) Security Update for Windows XP (KB930178) Update for Windows XP (KB930916) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for CAPICOM (KB931906) Security Update for Windows XP (KB932168) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows XP (KB938127) Security Update for Windows Internet Explorer 7 (KB938127) Update for Windows XP (KB938828) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Hotfix for Windows Media Player 11 (KB939683) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB942615) Security Update for Windows Internet Explorer 7 (KB942615) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Update for Windows XP (KB946627) Security Update for Windows XP (KB946648) Hotfix for Windows Internet Explorer 7 (KB947864) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Update for Windows XP (KB951072-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Hotfix for Windows XP (KB952287) Security Update for Windows XP (KB952954) Update for Windows XP (KB953356) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows XP (KB953839) Lexmark X1100 Series LimeWire PRO 4.18.6 LiveReg (Symantec Corporation) Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 1.1 Microsoft Money 2005 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft National Language Support Downlevel APIs Adobe Flash Player 9 ActiveX Norton Internet Security 2005 (Symantec Corporation) WebVideo Support Windows Genuine Advantage Validation Tool (KB892130) Windows Media Format 11 runtime Windows Media Player 11 Windows Media Format 11 runtime Windows Media Player 11 Microsoft User-Mode Driver Framework Feature Pack 1.0 ATI Control Panel Microsoft Plus! Photo Story 2 LE Security Update for CAPICOM (KB931906) Norton Internet Security Microsoft Plus! Dancer LE SymNet J2SE Runtime Environment 5.0 InterVideo WinDVD Player HP Boot Optimizer Norton Internet Security Norton Internet Security Fix-It Utilities 8 Professional Norton Internet Security Norton AntiSpam Microsoft Plus! Digital Media Edition Installer Microsoft Visual C++ 2005 Redistributable Spy Sweeper SPBBC Microsoft Office Basic Edition 2003 InterVideo WinDVD Player Adobe® Photoshop® Album Starter Edition 3.2 Norton Internet Security Norton Internet Security PC-Doctor 5 for Windows Adobe Reader 8.1.2 MSRedist MSXML 4.0 SP2 (KB936181) Norton AntiVirus 2005 Norton Internet Security Microsoft .NET Framework 1.1 Compaq Organize ccCommon CC_ccProxyExt HpSdpAppCoreApp Norton Internet Security Norton Internet Security Norton WMI Update HP Software Update Norton WMI Update ccPxyCore Norton Internet Security HP Image Zone Express Run Values: [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run] "Lexmark X1100 Series"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\"" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\"" "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" "VirusScannerPro"="C:\\PROGRA~1\\AVANQU~1\\Fix-It\\MemCheck.exe" "94ca55ac"="\"rundll32.exe\" \"C:\\WINDOWS\\system32\\heypolba.dll\",b" "AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray. exe" "PCDrProfiler"="" "SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray" [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents] @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL] "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS] "Installed"="1" @="" [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e" Bot Check: SERVICE_NAME: wscsvc DISPLAY_NAME : Security Center START_TYPE : 2 AUTO_START SERVICE_NAME: sharedaccess DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS) START_TYPE : 2 AUTO_START SERVICE_NAME: wuauserv DISPLAY_NAME : Automatic Updates START_TYPE : 2 AUTO_START SERVICE_NAME: srservice DISPLAY_NAME : System Restore Service START_TYPE : 2 AUTO_START [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] "EnableDCOM"="Y" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa] "restrictanonymous"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update] "AUOptions"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000000 "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "WaitToKillServiceTimeout"="20000" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "SFCDisable"=dword:00000000 "Shell"="Explorer.exe" "Userinit"="C:\\WINDOWS\\system32\\userinit.ex e," [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shell extensions] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetBT\Parameters] "TransportBindName"="\\Device\\" ShellExecuteHooks: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{73984FE0-9702-4C55-9C7B-9BA3C5861F25}"="" Environment: HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager\environment ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\Sy stem32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel windir REG_EXPAND_SZ %SystemRoot% OS REG_SZ Windows_NT PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH TEMP REG_EXPAND_SZ %SystemRoot%\TEMP TMP REG_EXPAND_SZ %SystemRoot%\TEMP SAFEBOOT_OPTION REG_SZ NETWORK SecurityProviders: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Authentication Packages: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa Authentication Packages REG_MULTI_SZ msv1_0\0C:\WINDOWS\system32\urqRIyyw\0\0 Subsystem Startup: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager\SubSystems] "Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16" Midi Drivers: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midi"="wdmaud.drv" Non-Default IFEO Debugger: Non-Default Installed Components: Non-Default Safeboot Minimal: HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\webrootspysweeperservice <NO NAME> REG_SZ Service File Associations: [HKEY_CLASSES_ROOT\batfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\cmdfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\comfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\htafile\shell\open\command] @="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*" [HKEY_CLASSES_ROOT\http\shell\open\command] @="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome" [HKEY_CLASSES_ROOT\htmlfile\shell\open\command] @="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome" [HKEY_CLASSES_ROOT\regedit\shell\open\command] @="regedit.exe %1" [HKEY_CLASSES_ROOT\regfile\shell\open\command] @="regedit.exe \"%1\"" [HKEY_CLASSES_ROOT\scrfile\shell\open\command] @="\"%1\" /S" [HKEY_CLASSES_ROOT\txtfile\shell\open\command] @="%SystemRoot%\system32\NOTEPAD.EXE %1" Finished! here you go. seer1 |
#7
|
||||
|
||||
Part of that report is missing seer1 and I would really like to see it before we start cleaning up. Can you open the report again and post the missing section please.
|
#8
|
|||
|
|||
sorry it would not let me put it into short reply
System Report
************* Run on Sun 08/24/2008 at 07:12 PM Microsoft Windows XP [Version 5.1.2600] Current user is an administrator Running Processes: \SystemRoot\System32\smss.exe [356] \??\C:\WINDOWS\system32\csrss.exe [424] \??\C:\WINDOWS\system32\winlogon.exe [448] C:\WINDOWS\system32\services.exe [520] C:\WINDOWS\system32\lsass.exe [532] C:\WINDOWS\system32\svchost.exe [680] C:\WINDOWS\system32\svchost.exe [732] C:\WINDOWS\system32\svchost.exe [836] C:\WINDOWS\system32\svchost.exe [880] C:\WINDOWS\system32\svchost.exe [976] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [1148] C:\WINDOWS\Explorer.EXE [1716] C:\Program Files\Internet Explorer\iexplore.exe [968] C:\WINDOWS\system32\ctfmon.exe [1012] Drivers - Running: ACPI AFD atapi bb-run Beep Cdfs Cdrom Disk Fastfat FltMgr Ftdisk ftsata2 Gpc i8042prt iaStor Imapi IntelIde IpNat IPSec isapnp Kbdclass KSecDD Mouclass MountMgr MRxSmb Msfs mssmbios Mup NDIS NdisTapi Ndisuio NdisWan NDProxy NetBIOS NetBT Npfs Ntfs Null ohci1394 PartMgr PCI PCIIde PptpMiniport PSched Ptilink RasAcd Rasl2tp RasPppoe Raspti Rdbss RDPCDD redbook RTL8023xp sbp2port sr Srv SSFS0BB9 SSHRMD SSIDRV SSKBFD swenum Tcpip TermDD Update usbehci usbhub usbohci usbstor VgaSave ViaIde VolSnap WudfPf Drivers - Stopped: Abiosdsk abp480n5 ACPIEC adpu160m aec Aha154x aic78u2 aic78xx ALCXWDM AliIde AmdK8 amsint Arp1394 asc asc3350p asc3550 AsyncMac Atdisk ati2mtag Atmarpc audstub AvgLdx86 AvgMfx86 AvgTdiX cbidf2k cd20xrnt Cdaudio Changer CmdIde Cpqarray dac960nt dmboot dmio dmload DMusic dpti2o drmkaud eeCtrl Fdc Fips Flpydisk HidUsb hpn HSFHWBS2 HSF_DP HTTP i2omgmt i2omp ini910u intelppm Ip6Fw IpFilterDriver IpInIp IRENUM kmixer lbrtfdc MailScan mdmxsdk mnmdd Modem mouhid mraid35x MRxDAV MSKSSRV MSPCLOCK MSPQM NAVENG NAVEX15 NIC1394 NwlnkFlt NwlnkFwd Parport ParVdm PCIDump Pcmcia PDCOMP PDFRAME PDRELI PDRFRAME perc2 perc2hib Processor ql1080 Ql10wnt ql12160 ql1240 ql1280 RDPWD rtl8139 SAVRT SAVRTPEL Secdrv Serial Sfloppy Simbad Sparrow SPBBCDrv splitter swmidi symc810 symc8xx SymEvent SYMREDRV SYMTDI sym_hi sym_u3 sysaudio TDPIPE TDTCP tmpreflt tmxpflt TosIde Udfs ultra USBAAPL usbprint usbscan usbuhci Vsapint Wanarp WDICA wdmaud winachsf WpdUsb WudfRd Services - Running: CryptSvc DcomLaunch Dhcp Dnscache Eventlog helpsvc lanmanserver lanmanworkstation LmHosts Netman PlugPlay RpcSs SharedAccess srservice TermService WebrootSpySweeperService winmgmt WZCSVC Services - Stopped: Alerter ALG AppMgmt aspnet_state Ati AudioSrv avg8emc avg8wd BITS Browser ccEvtMgr ccProxy ccPwdSvc ccSetMgr CiSvc ClipSrv COMSysApp dmadmin dmserver ERSvc EventSystem FastUserSwitchingCompatibility Fax Fix-It HidServ HTTPFilter IDriverT ImapiService ISSVC LexBceS MDM Messenger mnmsrvc MSDTC MSIServer navapsvc NetDDE NetDDEdsdm Netlogon Nla NtLmSsp NtmsSvc ose PolicyAgent ProtectedStorage RasAuto RasMan RDSessMgr RemoteAccess RpcLocator RSVP SamSs SAVScan SCardSvr Schedule seclogon SENS ShellHWDetection SNDSrvc SPBBCSvc Spooler SSDPSRV stisvc SwPrv SysmonLog TapiSrv Themes TrkWks uploadmgr upnphost UPS VSS W32Time WebClient WmdmPmSN WmiApSrv WMPNetworkSvc wscsvc wuauserv WudfSvc xmlprov Files Created/Modified - 60 Days: C:\ Jul 28 2008 7:30:42p 37,158 A.... "C:\CybDefInstallInfo.log" Aug 9 2008 10:47:00p 250,032 A.SHR "C:\ntldr" Aug 24 2008 6:54:14p 352,321,536 A.SH. "C:\pagefile.sys" Jul 28 2008 7:14:24p 150 A.... "C:\YServer.txt" C:\WINDOWS\ Aug 24 2008 6:55:24p 0 A.... "C:\WINDOWS\0.log" Aug 24 2008 6:54:22p 2,048 A.S.. "C:\WINDOWS\bootstat.dat" Aug 9 2008 10:46:24p 1,129 A.... "C:\WINDOWS\cmsetacl.log" Aug 24 2008 3:10:44a 326,309 A.... "C:\WINDOWS\comsetup.log" Aug 9 2008 10:46:22p 1,132 A.... "C:\WINDOWS\DtcInstall.log" Aug 24 2008 3:10:44a 982,068 A.... "C:\WINDOWS\FaxSetup.log" Aug 24 2008 3:10:44a 152,219 A.... "C:\WINDOWS\iis6.log" Aug 24 2008 3:10:30a 1,374 A.... "C:\WINDOWS\imsins.BAK" Aug 24 2008 3:10:44a 1,374 A.... "C:\WINDOWS\imsins.log" Aug 4 2008 1:18:40a 5,279 A.... "C:\WINDOWS\KB892130.log" Aug 24 2008 3:10:30a 14,644 A.... "C:\WINDOWS\KB946648.log" Aug 4 2008 2:59:54p 28,191 A.... "C:\WINDOWS\KB950759-IE7.log" Aug 24 2008 3:10:06a 19,694 A.... "C:\WINDOWS\KB950974.log" Aug 24 2008 3:03:24a 8,438 A.... "C:\WINDOWS\KB951066.log" Aug 24 2008 3:05:14a 32,692 A.... "C:\WINDOWS\KB951072-v2.log" Aug 4 2008 2:52:14p 20,453 A.... "C:\WINDOWS\KB951748.log" Aug 24 2008 3:04:52a 14,077 A.... "C:\WINDOWS\KB952287.log" Aug 24 2008 3:10:44a 19,876 A.... "C:\WINDOWS\KB952954.log" Aug 24 2008 3:10:16a 13,064 A.... "C:\WINDOWS\KB953839.log" Aug 24 2008 3:04:34a 18,648 A.... "C:\WINDOWS\KB953838-IE7.log" Aug 24 2008 3:10:44a 48,852 A.... "C:\WINDOWS\msgsocm.log" Aug 24 2008 6:57:46p 205,926 A.... "C:\WINDOWS\ntbtlog.txt" Aug 24 2008 3:10:44a 197,433 A.... "C:\WINDOWS\ntdtcsetup.log" Aug 24 2008 3:10:44a 474,587 A.... "C:\WINDOWS\ocgen.log" Aug 24 2008 3:10:44a 53,325 A.... "C:\WINDOWS\ocmsn.log" Jul 27 2008 8:14:56a 1,523 A.... "C:\WINDOWS\OEWABLog.txt" Jul 28 2008 6:48:10p 54,156 A..H. "C:\WINDOWS\QTFont.qfn" Aug 24 2008 6:51:14p 32,582 A.... "C:\WINDOWS\SchedLgU.Txt" Aug 4 2008 12:10:20a 217,088 A.... "C:\WINDOWS\setupact.log" Aug 24 2008 5:32:40p 300,658 A.... "C:\WINDOWS\setupapi.log" Aug 9 2008 11:06:24p 1,961,529 A.... "C:\WINDOWS\spuninst.log" Aug 10 2008 12:22:20a 195,309 A.... "C:\WINDOWS\spupdsvc.log" Aug 10 2008 12:08:42a 682 A.... "C:\WINDOWS\spupdsvc.log.1.log" Jul 28 2008 6:05:02p 126 A.... "C:\WINDOWS\sssTbarSettings.ini" Jul 27 2008 7:05:04p 74 A.... "C:\WINDOWS\st_affiliate.ini" Aug 24 2008 5:55:40p 1,419,014 A.... "C:\WINDOWS\svcpack.log" Aug 24 2008 6:51:12p 1,224 A.... "C:\WINDOWS\TMFilter.log" Aug 24 2008 3:10:44a 376,232 A.... "C:\WINDOWS\tsoc.log" Aug 24 2008 3:10:42a 899,676 A.... "C:\WINDOWS\updspapi.log" Aug 24 2008 6:50:56p 216 A.... "C:\WINDOWS\wiadebug.log" Aug 24 2008 4:56:18p 49 A.... "C:\WINDOWS\wiaservc.log" Aug 24 2008 3:00:06a 700 A.... "C:\WINDOWS\win.ini" Aug 24 2008 6:51:32p 1,131,122 A.... "C:\WINDOWS\WindowsUpdate.log" Aug 10 2008 12:21:54a 108,996 A.... "C:\WINDOWS\wmsetup.log" Aug 3 2008 9:59:28p 2 A.... "C:\WINDOWS\CREATOR\BurnInfo.log" Aug 3 2008 10:25:30p 57,222 A.... "C:\WINDOWS\CREATOR\Creator.log" Aug 3 2008 10:00:00p 6,117 A.... "C:\WINDOWS\CREATOR\DSplit.log" Aug 3 2008 9:24:04p 0 A.... "C:\WINDOWS\CREATOR\RPCheck.log" Aug 3 2008 10:25:36p 2,837 A.... "C:\WINDOWS\CREATOR\STRCDC.ini" Aug 3 2008 9:59:28p 336 A.... "C:\WINDOWS\CREATOR\Writer.ini" Aug 24 2008 3:07:58a 13,600 A.... "C:\WINDOWS\Debug\mrt.log" Aug 24 2008 3:07:58a 5,208 A.... "C:\WINDOWS\Debug\mrteng.log" Aug 24 2008 6:54:24p 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG" Aug 4 2008 2:03:28a 112 A.... "C:\WINDOWS\EHome\medctrro.cmd" Aug 23 2008 1:52:30p 157,092 A.... "C:\WINDOWS\Help\iexplore.chw" Jul 28 2008 8:04:56p 17,836 A.... "C:\WINDOWS\Help\taskbar.chw" Aug 4 2008 8:45:54a 4,256 A.... "C:\WINDOWS\inf\branches.PNF" Aug 4 2008 8:45:54a 1,546,392 A.... "C:\WINDOWS\inf\INFCACHE.1" Jul 27 2008 6:48:52p 3,943 A.... "C:\WINDOWS\inf\oem15.inf" Jul 27 2008 6:51:20p 9,662 A.... "C:\WINDOWS\inf\oem15.PNF" Aug 4 2008 8:45:54a 5,536 A.... "C:\WINDOWS\inf\USBkey.PNF" Aug 3 2008 8:31:20p 1,048,576 A.... "C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{E1B737BB-6EBE-4595-9AC2-545B1593A317}.crmlog" Aug 3 2008 9:25:48p 48 A.... "C:\WINDOWS\SMINST\COMPAQ" Aug 3 2008 9:25:48p 42 A.... "C:\WINDOWS\SMINST\DVD" Aug 3 2008 9:25:48p 40 A.... "C:\WINDOWS\SMINST\RP" Aug 3 2008 1:57:16p 0 A.... "C:\WINDOWS\system32\9fe991d2-.txt" Aug 4 2008 3:14:38p 1,382,557 ..SH. "C:\WINDOWS\system32\ablopyeh.ini" Aug 10 2008 12:15:42a 16,832 A.... "C:\WINDOWS\system32\amcompat.tlb" Aug 3 2008 3:06:50p 10,520 A.... "C:\WINDOWS\system32\avgrsstx.dll" Jul 8 2008 3:15:34p 1,747,498 ..SH. "C:\WINDOWS\system32\bvophooi.ini" Jul 7 2008 4:32:22p 253,952 A.... "C:\WINDOWS\system32\es.dll" Aug 3 2008 9:18:36p 917,504 A.... "C:\WINDOWS\system32\FLASH.OCX" Jul 26 2008 9:01:30p 1,532,438 ..SH. "C:\WINDOWS\system32\ispfbvab.ini" Jul 8 2008 3:09:52p 1,747,326 ..SH. "C:\WINDOWS\system32\iwndonnn.ini" Aug 3 2008 3:13:36p 143 A.... "C:\WINDOWS\system32\mcrh.tmp" Aug 3 2008 11:13:04p 126 A.... "C:\WINDOWS\system32\mmc.exe.config" Aug 5 2008 2:11:02p 15,888,504 A.... "C:\WINDOWS\system32\MRT.exe" Jun 24 2008 12:23:06p 74,240 A.... "C:\WINDOWS\system32\mscms.dll" Jun 24 2008 10:57:40a 3,592,192 A.... "C:\WINDOWS\system32\mshtml.dll" Aug 10 2008 12:15:42a 23,392 A.... "C:\WINDOWS\system32\nscompat.tlb" Jul 26 2008 9:01:08p 1,747,086 ..SH. "C:\WINDOWS\system32\rtfkdnwp.ini" Aug 9 2008 11:03:08p 160 A.... "C:\WINDOWS\system32\spdwnwxp.log" Jul 14 2008 7:09:18a 62,976 A.... "C:\WINDOWS\system32\tzchange.exe" Aug 24 2008 3:05:06a 488,344 A.... "C:\WINDOWS\system32\TZLog.log" Aug 23 2008 1:04:44p 1,158 A.... "C:\WINDOWS\system32\wpa.dbl" Aug 3 2008 3:13:10p 777,701 A.SH. "C:\WINDOWS\system32\wyyIRqru.ini" Aug 3 2008 3:10:54p 777,701 A.SH. "C:\WINDOWS\system32\wyyIRqru.ini2" Aug 24 2008 6:51:12p 6 A..H. "C:\WINDOWS\Tasks\SA.DAT" Aug 24 2008 7:11:48p 5,105 A.... "C:\WINDOWS\Temp\scsA.tmp" Aug 24 2008 12:20:24a 841,530 A.... "C:\WINDOWS\Debug\Setup\UpdSh.bak" Aug 24 2008 5:55:34p 851,216 A.... "C:\WINDOWS\Debug\Setup\UpdSh.log" Aug 9 2008 9:39:48p 1,056,768 A.... "C:\WINDOWS\security\Database\Service Pack 3.sdb" Aug 9 2008 9:39:50p 6,530 A.... "C:\WINDOWS\security\logs\update.log" Jul 7 2008 4:32:22p 253,952 A.... "C:\WINDOWS\system32\dllcache\es.dll" Jun 24 2008 12:23:06p 74,240 A.... "C:\WINDOWS\system32\dllcache\mscms.dll" Jun 24 2008 10:57:40a 3,592,192 A.... "C:\WINDOWS\system32\dllcache\mshtml.dll" Aug 3 2008 3:06:26p 96,520 A.... "C:\WINDOWS\system32\drivers\avgldx86.sys" Aug 3 2008 3:06:18p 26,824 A.... "C:\WINDOWS\system32\drivers\avgmfx86.sys" Aug 3 2008 3:06:44p 76,040 A.... "C:\WINDOWS\system32\drivers\avgtdix.sys" Aug 3 2008 8:17:28p 139,264 A.... "C:\WINDOWS\system32\NtmsData\NTMSDATA" Aug 3 2008 8:17:28p 139,264 A.... "C:\WINDOWS\system32\NtmsData\NTMSDATA.BAK" Aug 3 2008 8:17:28p 90,104 A.... "C:\WINDOWS\system32\NtmsData\NTMSIDX" Aug 3 2008 5:59:38p 816 A.... "C:\WINDOWS\system32\NtmsData\NTMSREG" Aug 9 2008 10:00:50p 1,883 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows .Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest" Aug 9 2008 10:00:52p 1,187 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows .Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest" Aug 9 2008 10:00:52p 460 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows .Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a 24bc0.Manifest" Aug 9 2008 10:00:50p 1,237 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows .SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest" Aug 9 2008 10:00:58p 1,822 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.V isualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a.Manifest" Aug 24 2008 5:23:08p 0 A.... "C:\WINDOWS\Debug\Setup\Backup\HDAUDIO_Backup. bak" Aug 24 2008 5:23:08p 0 A.... "C:\WINDOWS\Debug\Setup\Backup\IE7_Backup.bak" Aug 24 2008 5:23:08p 4 A.... "C:\WINDOWS\Debug\Setup\Backup\INTPPM_Backup.b ak" Aug 9 2008 10:46:32p 755,305 A.... "C:\WINDOWS\pchealth\helpctr\Logs\hcupdate.log " Aug 3 2008 10:00:00p 409 A.... "C:\WINDOWS\SMINST\Apps\dta\DTA.LST" Aug 3 2008 10:00:00p 224 A.... "C:\WINDOWS\SMINST\Drv\dta\DTA.LST" Aug 3 2008 3:06:02p 6,061,540 A.... "C:\WINDOWS\system32\drivers\Avg\avi7.avg" Aug 23 2008 8:05:06p 26,556,568 A.... "C:\WINDOWS\system32\drivers\Avg\incavi.avm" Aug 23 2008 8:05:06p 67,349 A.... "C:\WINDOWS\system32\drivers\Avg\microavi.avg" Aug 23 2008 8:05:06p 211,986 A.... "C:\WINDOWS\system32\drivers\Avg\miniavi.avg" Aug 3 2008 2:47:06p 734 A.... "C:\WINDOWS\system32\drivers\etc\hosts" Aug 24 2008 6:51:28p 12,288 A.... "C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.e tl" Aug 4 2008 1:22:42p 24,576 A.... "C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log" Aug 24 2008 6:51:10p 1,204 A.... "C:\WINDOWS\system32\spool\PRINTERS\00004.SHD" Aug 9 2008 11:03:04p 2,774,334 A.... "C:\WINDOWS\system32\wbem\AutoRecover\26C097A9392F 8C541AD42E89B7909073.mof" Aug 9 2008 11:02:54p 15,688 A.... "C:\WINDOWS\system32\wbem\AutoRecover\79E817BC978E 2D450EB9E3794DFDA6CF.mof" Aug 9 2008 11:02:50p 99,856 A.... "C:\WINDOWS\system32\wbem\AutoRecover\C6300BFE37AD E6B52EC023F66124985F.mof" Aug 9 2008 10:00:52p 641 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microso ft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy" Aug 9 2008 10:00:52p 641 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microso ft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy" Aug 9 2008 10:00:58p 644 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microso ft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_x-ww_527a1c68\6.0.9792.0.Policy" Aug 9 2008 10:00:50p 625 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microso ft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy" sorry had to cutt in half. seer1 |
#9
|
|||
|
|||
second half
C:\Program Files\
Aug 23 2008 3:58:44p 59,302 A.... "C:\Program Files\7-Zip\Uninstall.exe" Aug 21 2008 5:13:30p 147,456 A.... "C:\Program Files\LimeWire\LimeWire.exe" Aug 23 2008 2:10:10p 124,404 A.... "C:\Program Files\LimeWire\uninstall.exe" Jul 27 2008 9:19:32p 267,845 A.... "C:\Program Files\Avanquest\Fix-It\tsc.exe" Aug 3 2008 3:05:50p 540,440 A.... "C:\Program Files\AVG\AVG8\aAvgApi.exe" Aug 3 2008 3:05:02p 181,528 A.... "C:\Program Files\AVG\AVG8\avg7api.dll" Aug 3 2008 3:05:02p 945,944 A.... "C:\Program Files\AVG\AVG8\avgabout.dll" Aug 3 2008 3:05:02p 312,600 A.... "C:\Program Files\AVG\AVG8\avgapix.dll" Aug 3 2008 3:04:54p 405,272 A.... "C:\Program Files\AVG\AVG8\avgcfgex.exe" Aug 3 2008 3:04:40p 557,848 A.... "C:\Program Files\AVG\AVG8\avgcfgx.dll" Aug 3 2008 3:05:10p 202,008 A.... "C:\Program Files\AVG\AVG8\avgcmgr.exe" Aug 3 2008 3:05:08p 1,351,960 A.... "C:\Program Files\AVG\AVG8\avgcorex.dll" Aug 3 2008 3:05:08p 67,352 A.... "C:\Program Files\AVG\AVG8\avgcrlpx.dll" Aug 3 2008 3:04:54p 68,376 A.... "C:\Program Files\AVG\AVG8\avgdumpx.exe" Aug 3 2008 3:04:58p 873,752 A.... "C:\Program Files\AVG\AVG8\avgemc.exe" Aug 3 2008 3:05:06p 1,000,728 A.... "C:\Program Files\AVG\AVG8\avgfrw.exe" Aug 3 2008 3:05:00p 582,424 A.... "C:\Program Files\AVG\AVG8\avginet.dll" Aug 3 2008 3:05:00p 443,672 A.... "C:\Program Files\AVG\AVG8\avgiproxy.exe" Aug 3 2008 3:04:54p 152,856 A.... "C:\Program Files\AVG\AVG8\avglngx.dll" Aug 3 2008 3:05:08p 161,048 A.... "C:\Program Files\AVG\AVG8\avglogx.dll" Aug 3 2008 3:04:58p 170,776 A.... "C:\Program Files\AVG\AVG8\avgmail.dll" Aug 3 2008 3:04:58p 281,880 A.... "C:\Program Files\AVG\AVG8\avgmvflx.dll" Aug 3 2008 3:04:58p 247,064 A.... "C:\Program Files\AVG\AVG8\avgoff2k.dll" Aug 3 2008 3:05:48p 79,128 A.... "C:\Program Files\AVG\AVG8\avgpp.dll" Aug 3 2008 3:05:06p 966,424 A.... "C:\Program Files\AVG\AVG8\avgresf.dll" Aug 3 2008 3:05:08p 287,000 A.... "C:\Program Files\AVG\AVG8\avgrsx.exe" Aug 3 2008 3:04:42p 294,168 A.... "C:\Program Files\AVG\AVG8\avgscanx.dll" Aug 3 2008 3:04:44p 551,192 A.... "C:\Program Files\AVG\AVG8\avgscanx.exe" Aug 3 2008 3:04:54p 330,520 A.... "C:\Program Files\AVG\AVG8\avgsched.dll" Aug 3 2008 3:05:08p 99,608 A.... "C:\Program Files\AVG\AVG8\avgse.dll" Aug 3 2008 3:04:52p 161,048 A.... "C:\Program Files\AVG\AVG8\avgsrmax.exe" Aug 3 2008 3:04:52p 358,168 A.... "C:\Program Files\AVG\AVG8\avgsrmx.dll" Aug 3 2008 3:05:50p 422,168 A.... "C:\Program Files\AVG\AVG8\avgtbapi.dll" Aug 3 2008 3:05:50p 2,055,960 A.... "C:\Program Files\AVG\AVG8\avgtoolbar.dll" Aug 3 2008 3:05:02p 1,232,152 A.... "C:\Program Files\AVG\AVG8\avgtray.exe" Aug 3 2008 3:05:04p 2,749,720 A.... "C:\Program Files\AVG\AVG8\avgui.exe" Aug 3 2008 3:05:06p 1,821,976 A.... "C:\Program Files\AVG\AVG8\avguiadv.dll" Aug 3 2008 3:05:06p 1,948,440 A.... "C:\Program Files\AVG\AVG8\avguires.dll" Aug 3 2008 3:05:00p 1,066,240 A.... "C:\Program Files\AVG\AVG8\avgupd.dll" Aug 3 2008 3:05:00p 640,280 A.... "C:\Program Files\AVG\AVG8\avgupd.exe" Aug 3 2008 3:04:56p 309,528 A.... "C:\Program Files\AVG\AVG8\avgvvx.dll" Aug 3 2008 3:04:56p 833,304 A.... "C:\Program Files\AVG\AVG8\avgwd.dll" Aug 3 2008 3:04:56p 231,192 A.... "C:\Program Files\AVG\AVG8\avgwdsvc.exe" Aug 3 2008 3:04:58p 223,512 A.... "C:\Program Files\AVG\AVG8\avgwdwsc.dll" Aug 3 2008 3:05:10p 308,504 A.... "C:\Program Files\AVG\AVG8\avgxpl.dll" Aug 3 2008 3:06:00p 18,984 A.... "C:\Program Files\AVG\AVG8\contacts_us.html" Aug 3 2008 3:06:00p 1,045,128 A.... "C:\Program Files\AVG\AVG8\dbghelp.dll" Aug 3 2008 3:05:02p 59,069 A.... "C:\Program Files\AVG\AVG8\dfncfg.dat" Aug 3 2008 3:05:00p 53,528 A.... "C:\Program Files\AVG\AVG8\libsasl.dll" Aug 3 2008 3:05:00p 18,200 A.... "C:\Program Files\AVG\AVG8\saslcrammd5.dll" Aug 3 2008 3:05:00p 36,632 A.... "C:\Program Files\AVG\AVG8\sasldigestmd5.dll" Aug 3 2008 3:05:00p 16,664 A.... "C:\Program Files\AVG\AVG8\sasllogin.dll" Aug 3 2008 3:05:00p 16,664 A.... "C:\Program Files\AVG\AVG8\saslplain.dll" Aug 3 2008 3:05:10p 862,808 A.... "C:\Program Files\AVG\AVG8\setup.dat" Aug 3 2008 3:05:08p 2,539,800 A.... "C:\Program Files\AVG\AVG8\setup.exe" Aug 21 2008 5:13:22p 110,592 A.... "C:\Program Files\LimeWire\lib\jdic.dll" Aug 21 2008 5:13:20p 90,112 A.... "C:\Program Files\LimeWire\lib\SystemUtilities.dll" Aug 21 2008 5:13:20p 86,016 A.... "C:\Program Files\LimeWire\lib\SystemUtilitiesA.dll" Aug 21 2008 5:13:30p 45,056 A.... "C:\Program Files\LimeWire\lib\tray.dll" Jun 29 2008 11:44:20p 3,612,656 A.... "C:\Program Files\Microsoft Office\OFFICE11\OUTLFLTR.DAT" Jul 3 2008 6:36:56p 12,313,096 A.... "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" Aug 23 2008 4:17:52p 396,288 A.... "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" Aug 24 2008 12:54:40a 25,136 A.... "C:\Program Files\Webroot\Spy Sweeper\compressed.dat" Jul 27 2008 2:11:22a 280,777 A.... "C:\Program Files\Webroot\Spy Sweeper\unins000.dat" Jul 27 2008 2:09:20a 768,634 A.... "C:\Program Files\Webroot\Spy Sweeper\unins000.exe" Aug 24 2008 6:35:24p 343,144 A.... "C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0007NAV~.TMP" Aug 24 2008 6:00:18p 0 A.... "C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0415NAV~.TMP" Aug 3 2008 3:05:10p 455,960 A.... "C:\Program Files\Trend Micro\HijackThis\backups\backup-20080823-230608-215.dll" Aug 4 2008 5:59:12p 399 A.... "C:\Program Files\Avanquest\Fix-It\Updates\AntiVirus_Tables\cfg56.tmp" Aug 24 2008 6:50:26p 5,032 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chandir.dat " Aug 24 2008 6:50:26p 12,056 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chn.dat" Aug 9 2008 8:24:04p 4,032 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs.dat" Aug 9 2008 8:24:04p 2,816 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_die.dat " Aug 24 2008 2:51:46a 4,768 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_dnd.dat " Aug 9 2008 8:24:04p 3,008 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_ext.dat " Aug 23 2008 11:07:36p 7,104 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_rcv.dat " Aug 9 2008 8:24:04p 13,546 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\storydb.dat " Aug 23 2008 1:16:16p 159 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\5f3c\Stats. tmp" Aug 24 2008 5:03:46p 1,332 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\5f3c\UserPr of.dat" Files with hidden attributes: Wed 10 Oct 2007 211 A.SHR --- "C:\BOOT.BAK" Sat 3 Nov 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sat 3 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c4 06b1d7e0f5c1e6f6d44a3f6e\BIT4.tmp" Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc 8132a10b438ce6e2b49d4652\BIT2.tmp" Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111 678c52099a3b3123b12f2325\BIT6.tmp" Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5 109d0f8b0dee9fab84906813\BIT5.tmp" Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b 8fed23dd91f50d167cce60d3\BIT7.tmp" Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916b b150f8a929e7a4ffdfbc120f\BIT3.tmp" Program Folders: C:\Program Files\ 7-Zip ACW Adobe ATI Technologies Avanquest AVG Common Files Compaq Connections ComPlus Applications CONEXANT DivX Easy Internet signup FunWebProducts Hewlett-Packard HP InstallShield Installation Information InterActual Internet Explorer InterVideo Java Lexmark X1100 Series LimeWire Messenger Microsoft ActiveSync Microsoft CAPICOM 2.1.0.2 microsoft frontpage Microsoft Money 2005 Microsoft Office Microsoft Plus! Dancer LE Microsoft Plus! Digital Media Edition Microsoft Plus! Photo Story 2 LE Microsoft Visual Studio Microsoft Works Microsoft.NET Movie Maker MSN MSN Encarta Standard MSN Gaming Zone MSXML 4.0 MySpace MyWebSearch NetMeeting Norton Internet Security Online Services Outlook Express PC-Doctor 5 for Windows PC-Doctor for DOS Quicken Sonic support.com Symantec Trend Micro TryMedia Uninstall Information Webroot WildTangent Windows Media Connect 2 Windows Media Player Windows NT WindowsUpdate xerox Yahoo! Yahoo! Games C:\Program Files\Common Files\ Adobe DESIGNER HP InstallShield Java L&H Microsoft Shared MSSoap ODBC Real Services SpeechEngines SupportSoft Symantec Shared System Wise Installation Wizard Add/Remove Programs: 360Share Pro(remove only) 7-Zip 4.57 Adobe Flash Player ActiveX Adobe Shockwave Player ATI Display Driver AVG Free 8.0 Data Fax SoftModem with SmartCP HijackThis 2.0.2 Compaq Connections (remove only) Microsoft Internationalized Domain Names Mitigation APIs Windows Internet Explorer 7 PC-Doctor 5 for Windows Windows XP Hotfix - KB873339 Windows XP Hotfix - KB883667 Security Update for Windows XP (KB883939) Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 High Definition Audio Driver Package - KB888111 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888239 Windows XP Hotfix - KB888302 Security Update for Windows XP (KB890046) Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows Genuine Advantage Validation Tool (KB892130) Windows XP Hotfix - KB893066 Security Update for Windows XP (KB893756) Windows Installer 3.1 (KB893803) Update for Windows XP (KB894391) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896428) Update for Windows XP (KB898461) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Update for Windows XP (KB900485) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Update for Windows XP (KB904942) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows Media Player (KB911564) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Update for Windows XP (KB916595) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Update for Windows XP (KB920872) Security Update for Windows XP (KB921503) Update for Windows XP (KB922582) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB925902) Hotfix for Windows XP (KB926239) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Update for Windows XP (KB927891) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Hotfix for Windows Media Format 11 SDK (KB929399) Security Update for Windows XP (KB930178) Update for Windows XP (KB930916) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for CAPICOM (KB931906) Security Update for Windows XP (KB932168) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows XP (KB938127) Security Update for Windows Internet Explorer 7 (KB938127) Update for Windows XP (KB938828) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Hotfix for Windows Media Player 11 (KB939683) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB942615) Security Update for Windows Internet Explorer 7 (KB942615) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Update for Windows XP (KB946627) Security Update for Windows XP (KB946648) Hotfix for Windows Internet Explorer 7 (KB947864) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Update for Windows XP (KB951072-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Hotfix for Windows XP (KB952287) Security Update for Windows XP (KB952954) Update for Windows XP (KB953356) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows XP (KB953839) Lexmark X1100 Series LimeWire PRO 4.18.6 LiveReg (Symantec Corporation) Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 1.1 Microsoft Money 2005 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft National Language Support Downlevel APIs Adobe Flash Player 9 ActiveX Norton Internet Security 2005 (Symantec Corporation) WebVideo Support Windows Genuine Advantage Validation Tool (KB892130) Windows Media Format 11 runtime Windows Media Player 11 Windows Media Format 11 runtime Windows Media Player 11 Microsoft User-Mode Driver Framework Feature Pack 1.0 ATI Control Panel Microsoft Plus! Photo Story 2 LE Security Update for CAPICOM (KB931906) Norton Internet Security Microsoft Plus! Dancer LE SymNet J2SE Runtime Environment 5.0 InterVideo WinDVD Player HP Boot Optimizer Norton Internet Security Norton Internet Security Fix-It Utilities 8 Professional Norton Internet Security Norton AntiSpam Microsoft Plus! Digital Media Edition Installer Microsoft Visual C++ 2005 Redistributable Spy Sweeper SPBBC Microsoft Office Basic Edition 2003 InterVideo WinDVD Player Adobe® Photoshop® Album Starter Edition 3.2 Norton Internet Security Norton Internet Security PC-Doctor 5 for Windows Adobe Reader 8.1.2 MSRedist MSXML 4.0 SP2 (KB936181) Norton AntiVirus 2005 Norton Internet Security Microsoft .NET Framework 1.1 Compaq Organize ccCommon CC_ccProxyExt HpSdpAppCoreApp Norton Internet Security Norton Internet Security Norton WMI Update HP Software Update Norton WMI Update ccPxyCore Norton Internet Security HP Image Zone Express Run Values: [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run] "Lexmark X1100 Series"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\"" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\"" "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" "VirusScannerPro"="C:\\PROGRA~1\\AVANQU~1\\Fix-It\\MemCheck.exe" "94ca55ac"="\"rundll32.exe\" \"C:\\WINDOWS\\system32\\heypolba.dll\",b" "AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray. exe" "PCDrProfiler"="" "SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray" [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents] @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL] "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS] "Installed"="1" @="" [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e" will send third one seer1 |
#10
|
|||
|
|||
third one
Bot Check:
SERVICE_NAME: wscsvc DISPLAY_NAME : Security Center START_TYPE : 2 AUTO_START SERVICE_NAME: sharedaccess DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS) START_TYPE : 2 AUTO_START SERVICE_NAME: wuauserv DISPLAY_NAME : Automatic Updates START_TYPE : 2 AUTO_START SERVICE_NAME: srservice DISPLAY_NAME : System Restore Service START_TYPE : 2 AUTO_START [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] "EnableDCOM"="Y" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa] "restrictanonymous"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update] "AUOptions"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000000 "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "WaitToKillServiceTimeout"="20000" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "SFCDisable"=dword:00000000 "Shell"="Explorer.exe" "Userinit"="C:\\WINDOWS\\system32\\userinit.ex e," [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shell extensions] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetBT\Parameters] "TransportBindName"="\\Device\\" ShellExecuteHooks: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{73984FE0-9702-4C55-9C7B-9BA3C5861F25}"="" Environment: HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager\environment ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\Sy stem32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel windir REG_EXPAND_SZ %SystemRoot% OS REG_SZ Windows_NT PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH TEMP REG_EXPAND_SZ %SystemRoot%\TEMP TMP REG_EXPAND_SZ %SystemRoot%\TEMP SAFEBOOT_OPTION REG_SZ NETWORK SecurityProviders: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Authentication Packages: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa Authentication Packages REG_MULTI_SZ msv1_0\0C:\WINDOWS\system32\urqRIyyw\0\0 Subsystem Startup: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager\SubSystems] "Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16" Midi Drivers: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midi"="wdmaud.drv" Non-Default IFEO Debugger: Non-Default Installed Components: Non-Default Safeboot Minimal: HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\webrootspysweeperservice <NO NAME> REG_SZ Service File Associations: [HKEY_CLASSES_ROOT\batfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\cmdfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\comfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\htafile\shell\open\command] @="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*" [HKEY_CLASSES_ROOT\http\shell\open\command] @="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome" [HKEY_CLASSES_ROOT\htmlfile\shell\open\command] @="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome" [HKEY_CLASSES_ROOT\regedit\shell\open\command] @="regedit.exe %1" [HKEY_CLASSES_ROOT\regfile\shell\open\command] @="regedit.exe \"%1\"" [HKEY_CLASSES_ROOT\scrfile\shell\open\command] @="\"%1\" /S" [HKEY_CLASSES_ROOT\txtfile\shell\open\command] @="%SystemRoot%\system32\NOTEPAD.EXE %1" Finished! this is the last seer1 |
#11
|
||||
|
||||
Download Malwarebytes' Anti-Malware from here or here.
Doubleclick on mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan" then click Scan. The scan may take some time to finish so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. Please do so. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Please copy and paste the entire report in your next reply. Also post a new SDFix report please. |
#12
|
|||
|
|||
Here is both reports
Malwarebytes' Anti-Malware 1.25
Database version: 1085 Windows 5.1.2600 Service Pack 2 8:12:24 PM 8/24/2008 mbam-log-08-24-2008 (20-12-24).txt Scan type: Quick Scan Objects scanned: 48067 Time elapsed: 3 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 35 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 9 Files Infected: 13 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{73984fe0-9702-4c55-9c7b-9ba3c5861f25} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnnoebs (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{73984fe0-9702-4c55-9c7b-9ba3c5861f25} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9e0a5800-a6d1-40ad-8d28-2d2f95aed449} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9e0a5800-a6d1-40ad-8d28-2d2f95aed449} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{42e2b43f-3954-48ec-b549-5c05cb7dbd0a} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4fcb7cfd-13fc-4afe-a634-efbd957e7083} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{81d04785-9638-4bec-8b39-3b9b9e972d1d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{07895222-50a5-4598-acb1-806ef2a9babc} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3885c07e-5f60-4cb3-bcea-ebccc3135201} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\sqvgnrpx.bwbf (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\94ca55ac (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76477-OEM-0011903-00106) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\WINDOWS\system32\778670 (Trojan.BHO) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\nnnnOeBS.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gfxhnj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\hh.exe (Trojan.FakeHelp) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images\02BA4F55.u rr (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Owner\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Owner\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Owner\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Owner\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. next one coming seer1 |
#13
|
|||
|
|||
System report 2 part 1
System Report
************* Run on Sun 08/24/2008 at 08:26 PM Microsoft Windows XP [Version 5.1.2600] Current user is an administrator Running Processes: \SystemRoot\System32\smss.exe [360] \??\C:\WINDOWS\system32\csrss.exe [424] \??\C:\WINDOWS\system32\winlogon.exe [448] C:\WINDOWS\system32\services.exe [492] C:\WINDOWS\system32\lsass.exe [504] C:\WINDOWS\system32\svchost.exe [652] C:\WINDOWS\system32\svchost.exe [704] C:\WINDOWS\system32\svchost.exe [808] C:\WINDOWS\system32\svchost.exe [848] C:\WINDOWS\system32\svchost.exe [948] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [1120] C:\WINDOWS\Explorer.EXE [1440] C:\Program Files\Internet Explorer\iexplore.exe [1912] C:\WINDOWS\system32\ctfmon.exe [1928] Drivers - Running: ACPI AFD atapi bb-run Beep Cdfs Cdrom Disk Fastfat FltMgr Ftdisk ftsata2 Gpc i8042prt Imapi IpNat IPSec isapnp Kbdclass KSecDD Mouclass MountMgr MRxSmb Msfs mssmbios Mup NDIS NdisTapi Ndisuio NdisWan NDProxy NetBIOS NetBT Npfs Ntfs Null PartMgr PCI PCIIde PptpMiniport PSched Ptilink RasAcd Rasl2tp RasPppoe Raspti Rdbss RDPCDD redbook RTL8023xp sr Srv SSFS0BB9 SSHRMD SSIDRV SSKBFD swenum Tcpip TermDD Update usbehci usbhub usbohci usbstor VgaSave VolSnap WudfPf Drivers - Stopped: Abiosdsk abp480n5 ACPIEC adpu160m aec Aha154x aic78u2 aic78xx ALCXWDM AliIde AmdK8 amsint Arp1394 asc asc3350p asc3550 AsyncMac Atdisk ati2mtag Atmarpc audstub AvgLdx86 AvgMfx86 AvgTdiX cbidf2k cd20xrnt Cdaudio Changer CmdIde Cpqarray dac960nt dmboot dmio dmload DMusic dpti2o drmkaud eeCtrl Fdc Fips Flpydisk HidUsb hpn HSFHWBS2 HSF_DP HTTP i2omgmt i2omp iaStor ini910u IntelIde intelppm Ip6Fw IpFilterDriver IpInIp IRENUM kmixer lbrtfdc MailScan mdmxsdk mnmdd Modem mouhid mraid35x MRxDAV MSKSSRV MSPCLOCK MSPQM NAVENG NAVEX15 NIC1394 NwlnkFlt NwlnkFwd ohci1394 Parport ParVdm PCIDump Pcmcia PDCOMP PDFRAME PDRELI PDRFRAME perc2 perc2hib Processor ql1080 Ql10wnt ql12160 ql1240 ql1280 RDPWD rtl8139 SAVRT SAVRTPEL sbp2port Secdrv Serial Sfloppy Simbad Sparrow SPBBCDrv splitter swmidi symc810 symc8xx SymEvent SYMREDRV SYMTDI sym_hi sym_u3 sysaudio TDPIPE TDTCP tmpreflt tmxpflt TosIde Udfs ultra USBAAPL usbprint usbscan usbuhci ViaIde Vsapint Wanarp WDICA wdmaud winachsf WpdUsb WudfRd Services - Running: CryptSvc DcomLaunch Dhcp Dnscache Eventlog helpsvc lanmanserver lanmanworkstation LmHosts Netman PlugPlay RpcSs SharedAccess srservice TermService WebrootSpySweeperService winmgmt WZCSVC Services - Stopped: Alerter ALG AppMgmt aspnet_state Ati AudioSrv avg8emc avg8wd BITS Browser ccEvtMgr ccProxy ccPwdSvc ccSetMgr CiSvc ClipSrv COMSysApp dmadmin dmserver ERSvc EventSystem FastUserSwitchingCompatibility Fax Fix-It HidServ HTTPFilter IDriverT ImapiService ISSVC LexBceS MDM Messenger mnmsrvc MSDTC MSIServer navapsvc NetDDE NetDDEdsdm Netlogon Nla NtLmSsp NtmsSvc ose PolicyAgent ProtectedStorage RasAuto RasMan RDSessMgr RemoteAccess RpcLocator RSVP SamSs SAVScan SCardSvr Schedule seclogon SENS ShellHWDetection SNDSrvc SPBBCSvc Spooler SSDPSRV stisvc SwPrv SysmonLog TapiSrv Themes TrkWks uploadmgr upnphost UPS VSS W32Time WebClient WmdmPmSN WmiApSrv WMPNetworkSvc wscsvc wuauserv WudfSvc xmlprov Files Created/Modified - 60 Days: sending in 3 parts again. seer1 |
#14
|
|||
|
|||
system report part 2
C:\
Aug 24 2008 8:14:58p 11,776 A.... "C:\avenger.txt" Jul 28 2008 7:30:42p 37,158 A.... "C:\CybDefInstallInfo.log" Aug 9 2008 10:47:00p 250,032 A.SHR "C:\ntldr" Aug 24 2008 8:15:04p 352,321,536 A.SH. "C:\pagefile.sys" Jul 28 2008 7:14:24p 150 A.... "C:\YServer.txt" C:\WINDOWS\ Aug 24 2008 8:15:30p 0 A.... "C:\WINDOWS\0.log" Aug 24 2008 8:15:08p 2,048 A.S.. "C:\WINDOWS\bootstat.dat" Aug 9 2008 10:46:24p 1,129 A.... "C:\WINDOWS\cmsetacl.log" Aug 24 2008 3:10:44a 326,309 A.... "C:\WINDOWS\comsetup.log" Aug 9 2008 10:46:22p 1,132 A.... "C:\WINDOWS\DtcInstall.log" Aug 24 2008 3:10:44a 982,068 A.... "C:\WINDOWS\FaxSetup.log" Aug 24 2008 3:10:44a 152,219 A.... "C:\WINDOWS\iis6.log" Aug 24 2008 3:10:30a 1,374 A.... "C:\WINDOWS\imsins.BAK" Aug 24 2008 3:10:44a 1,374 A.... "C:\WINDOWS\imsins.log" Aug 4 2008 1:18:40a 5,279 A.... "C:\WINDOWS\KB892130.log" Aug 24 2008 3:10:30a 14,644 A.... "C:\WINDOWS\KB946648.log" Aug 4 2008 2:59:54p 28,191 A.... "C:\WINDOWS\KB950759-IE7.log" Aug 24 2008 3:10:06a 19,694 A.... "C:\WINDOWS\KB950974.log" Aug 24 2008 3:03:24a 8,438 A.... "C:\WINDOWS\KB951066.log" Aug 24 2008 3:05:14a 32,692 A.... "C:\WINDOWS\KB951072-v2.log" Aug 4 2008 2:52:14p 20,453 A.... "C:\WINDOWS\KB951748.log" Aug 24 2008 3:04:52a 14,077 A.... "C:\WINDOWS\KB952287.log" Aug 24 2008 3:10:44a 19,876 A.... "C:\WINDOWS\KB952954.log" Aug 24 2008 3:10:16a 13,064 A.... "C:\WINDOWS\KB953839.log" Aug 24 2008 3:04:34a 18,648 A.... "C:\WINDOWS\KB953838-IE7.log" Aug 24 2008 3:10:44a 48,852 A.... "C:\WINDOWS\msgsocm.log" Aug 24 2008 8:25:34p 263,176 A.... "C:\WINDOWS\ntbtlog.txt" Aug 24 2008 3:10:44a 197,433 A.... "C:\WINDOWS\ntdtcsetup.log" Aug 24 2008 3:10:44a 474,587 A.... "C:\WINDOWS\ocgen.log" Aug 24 2008 3:10:44a 53,325 A.... "C:\WINDOWS\ocmsn.log" Jul 27 2008 8:14:56a 1,523 A.... "C:\WINDOWS\OEWABLog.txt" Jul 28 2008 6:48:10p 54,156 A..H. "C:\WINDOWS\QTFont.qfn" Aug 24 2008 6:51:14p 32,582 A.... "C:\WINDOWS\SchedLgU.Txt" Aug 4 2008 12:10:20a 217,088 A.... "C:\WINDOWS\setupact.log" Aug 24 2008 5:32:40p 300,658 A.... "C:\WINDOWS\setupapi.log" Aug 9 2008 11:06:24p 1,961,529 A.... "C:\WINDOWS\spuninst.log" Aug 10 2008 12:22:20a 195,309 A.... "C:\WINDOWS\spupdsvc.log" Aug 10 2008 12:08:42a 682 A.... "C:\WINDOWS\spupdsvc.log.1.log" Jul 28 2008 6:05:02p 126 A.... "C:\WINDOWS\sssTbarSettings.ini" Jul 27 2008 7:05:04p 74 A.... "C:\WINDOWS\st_affiliate.ini" Aug 24 2008 5:55:40p 1,419,014 A.... "C:\WINDOWS\svcpack.log" Aug 24 2008 6:51:12p 1,224 A.... "C:\WINDOWS\TMFilter.log" Aug 24 2008 3:10:44a 376,232 A.... "C:\WINDOWS\tsoc.log" Aug 24 2008 3:10:42a 899,676 A.... "C:\WINDOWS\updspapi.log" Aug 24 2008 6:50:56p 216 A.... "C:\WINDOWS\wiadebug.log" Aug 24 2008 4:56:18p 49 A.... "C:\WINDOWS\wiaservc.log" Aug 24 2008 3:00:06a 700 A.... "C:\WINDOWS\win.ini" Aug 24 2008 8:18:30p 1,132,288 A.... "C:\WINDOWS\WindowsUpdate.log" Aug 10 2008 12:21:54a 108,996 A.... "C:\WINDOWS\wmsetup.log" Aug 3 2008 9:59:28p 2 A.... "C:\WINDOWS\CREATOR\BurnInfo.log" Aug 3 2008 10:25:30p 57,222 A.... "C:\WINDOWS\CREATOR\Creator.log" Aug 3 2008 10:00:00p 6,117 A.... "C:\WINDOWS\CREATOR\DSplit.log" Aug 3 2008 9:24:04p 0 A.... "C:\WINDOWS\CREATOR\RPCheck.log" Aug 3 2008 10:25:36p 2,837 A.... "C:\WINDOWS\CREATOR\STRCDC.ini" Aug 3 2008 9:59:28p 336 A.... "C:\WINDOWS\CREATOR\Writer.ini" Aug 24 2008 3:07:58a 13,600 A.... "C:\WINDOWS\Debug\mrt.log" Aug 24 2008 3:07:58a 5,208 A.... "C:\WINDOWS\Debug\mrteng.log" Aug 24 2008 8:15:10p 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG" Aug 4 2008 2:03:28a 112 A.... "C:\WINDOWS\EHome\medctrro.cmd" Aug 23 2008 1:52:30p 157,092 A.... "C:\WINDOWS\Help\iexplore.chw" Jul 28 2008 8:04:56p 17,836 A.... "C:\WINDOWS\Help\taskbar.chw" Aug 4 2008 8:45:54a 4,256 A.... "C:\WINDOWS\inf\branches.PNF" Aug 4 2008 8:45:54a 1,546,392 A.... "C:\WINDOWS\inf\INFCACHE.1" Jul 27 2008 6:48:52p 3,943 A.... "C:\WINDOWS\inf\oem15.inf" Jul 27 2008 6:51:20p 9,662 A.... "C:\WINDOWS\inf\oem15.PNF" Aug 4 2008 8:45:54a 5,536 A.... "C:\WINDOWS\inf\USBkey.PNF" Aug 3 2008 8:31:20p 1,048,576 A.... "C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{E1B737BB-6EBE-4595-9AC2-545B1593A317}.crmlog" Aug 3 2008 9:25:48p 48 A.... "C:\WINDOWS\SMINST\COMPAQ" Aug 3 2008 9:25:48p 42 A.... "C:\WINDOWS\SMINST\DVD" Aug 3 2008 9:25:48p 40 A.... "C:\WINDOWS\SMINST\RP" Aug 3 2008 1:57:16p 0 A.... "C:\WINDOWS\system32\9fe991d2-.txt" Aug 4 2008 3:14:38p 1,382,557 ..SH. "C:\WINDOWS\system32\ablopyeh.ini" Aug 10 2008 12:15:42a 16,832 A.... "C:\WINDOWS\system32\amcompat.tlb" Aug 3 2008 3:06:50p 10,520 A.... "C:\WINDOWS\system32\avgrsstx.dll" Jul 8 2008 3:15:34p 1,747,498 ..SH. "C:\WINDOWS\system32\bvophooi.ini" Jul 7 2008 4:32:22p 253,952 A.... "C:\WINDOWS\system32\es.dll" Aug 3 2008 9:18:36p 917,504 A.... "C:\WINDOWS\system32\FLASH.OCX" Jul 26 2008 9:01:30p 1,532,438 ..SH. "C:\WINDOWS\system32\ispfbvab.ini" Jul 8 2008 3:09:52p 1,747,326 ..SH. "C:\WINDOWS\system32\iwndonnn.ini" Aug 3 2008 11:13:04p 126 A.... "C:\WINDOWS\system32\mmc.exe.config" Aug 5 2008 2:11:02p 15,888,504 A.... "C:\WINDOWS\system32\MRT.exe" Jun 24 2008 12:23:06p 74,240 A.... "C:\WINDOWS\system32\mscms.dll" Jun 24 2008 10:57:40a 3,592,192 A.... "C:\WINDOWS\system32\mshtml.dll" Aug 10 2008 12:15:42a 23,392 A.... "C:\WINDOWS\system32\nscompat.tlb" Jul 26 2008 9:01:08p 1,747,086 ..SH. "C:\WINDOWS\system32\rtfkdnwp.ini" Aug 9 2008 11:03:08p 160 A.... "C:\WINDOWS\system32\spdwnwxp.log" Jul 14 2008 7:09:18a 62,976 A.... "C:\WINDOWS\system32\tzchange.exe" Aug 24 2008 3:05:06a 488,344 A.... "C:\WINDOWS\system32\TZLog.log" Aug 23 2008 1:04:44p 1,158 A.... "C:\WINDOWS\system32\wpa.dbl" Aug 3 2008 3:13:10p 777,701 A.SH. "C:\WINDOWS\system32\wyyIRqru.ini" Aug 3 2008 3:10:54p 777,701 A.SH. "C:\WINDOWS\system32\wyyIRqru.ini2" Aug 24 2008 6:51:12p 6 A..H. "C:\WINDOWS\Tasks\SA.DAT" Aug 24 2008 8:25:52p 4,935 A.... "C:\WINDOWS\Temp\scs4.tmp" Aug 24 2008 12:20:24a 841,530 A.... "C:\WINDOWS\Debug\Setup\UpdSh.bak" Aug 24 2008 5:55:34p 851,216 A.... "C:\WINDOWS\Debug\Setup\UpdSh.log" Aug 9 2008 9:39:48p 1,056,768 A.... "C:\WINDOWS\security\Database\Service Pack 3.sdb" Aug 9 2008 9:39:50p 6,530 A.... "C:\WINDOWS\security\logs\update.log" Jul 7 2008 4:32:22p 253,952 A.... "C:\WINDOWS\system32\dllcache\es.dll" Jun 24 2008 12:23:06p 74,240 A.... "C:\WINDOWS\system32\dllcache\mscms.dll" Jun 24 2008 10:57:40a 3,592,192 A.... "C:\WINDOWS\system32\dllcache\mshtml.dll" Aug 3 2008 3:06:26p 96,520 A.... "C:\WINDOWS\system32\drivers\avgldx86.sys" Aug 3 2008 3:06:18p 26,824 A.... "C:\WINDOWS\system32\drivers\avgmfx86.sys" Aug 3 2008 3:06:44p 76,040 A.... "C:\WINDOWS\system32\drivers\avgtdix.sys" Aug 17 2008 3:01:14p 17,144 A.... "C:\WINDOWS\system32\drivers\mbam.sys" Aug 17 2008 3:01:18p 38,472 A.... "C:\WINDOWS\system32\drivers\mbamswissarmy.sys " Aug 3 2008 8:17:28p 139,264 A.... "C:\WINDOWS\system32\NtmsData\NTMSDATA" Aug 3 2008 8:17:28p 139,264 A.... "C:\WINDOWS\system32\NtmsData\NTMSDATA.BAK" Aug 3 2008 8:17:28p 90,104 A.... "C:\WINDOWS\system32\NtmsData\NTMSIDX" Aug 3 2008 5:59:38p 816 A.... "C:\WINDOWS\system32\NtmsData\NTMSREG" Aug 9 2008 10:00:50p 1,883 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows .Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest" Aug 9 2008 10:00:52p 1,187 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows .Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest" Aug 9 2008 10:00:52p 460 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows .Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a 24bc0.Manifest" Aug 9 2008 10:00:50p 1,237 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows .SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest" Aug 9 2008 10:00:58p 1,822 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.V isualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a.Manifest" Aug 24 2008 5:23:08p 0 A.... "C:\WINDOWS\Debug\Setup\Backup\HDAUDIO_Backup. bak" Aug 24 2008 5:23:08p 0 A.... "C:\WINDOWS\Debug\Setup\Backup\IE7_Backup.bak" Aug 24 2008 5:23:08p 4 A.... "C:\WINDOWS\Debug\Setup\Backup\INTPPM_Backup.b ak" Aug 9 2008 10:46:32p 755,305 A.... "C:\WINDOWS\pchealth\helpctr\Logs\hcupdate.log " Aug 3 2008 10:00:00p 409 A.... "C:\WINDOWS\SMINST\Apps\dta\DTA.LST" Aug 3 2008 10:00:00p 224 A.... "C:\WINDOWS\SMINST\Drv\dta\DTA.LST" Aug 3 2008 3:06:02p 6,061,540 A.... "C:\WINDOWS\system32\drivers\Avg\avi7.avg" Aug 23 2008 8:05:06p 26,556,568 A.... "C:\WINDOWS\system32\drivers\Avg\incavi.avm" Aug 23 2008 8:05:06p 67,349 A.... "C:\WINDOWS\system32\drivers\Avg\microavi.avg" Aug 23 2008 8:05:06p 211,986 A.... "C:\WINDOWS\system32\drivers\Avg\miniavi.avg" Aug 3 2008 2:47:06p 734 A.... "C:\WINDOWS\system32\drivers\etc\hosts" Aug 24 2008 6:51:28p 12,288 A.... "C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.e tl" Aug 4 2008 1:22:42p 24,576 A.... "C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log" Aug 24 2008 6:51:10p 1,204 A.... "C:\WINDOWS\system32\spool\PRINTERS\00004.SHD" Aug 9 2008 11:03:04p 2,774,334 A.... "C:\WINDOWS\system32\wbem\AutoRecover\26C097A9392F 8C541AD42E89B7909073.mof" Aug 9 2008 11:02:54p 15,688 A.... "C:\WINDOWS\system32\wbem\AutoRecover\79E817BC978E 2D450EB9E3794DFDA6CF.mof" Aug 9 2008 11:02:50p 99,856 A.... "C:\WINDOWS\system32\wbem\AutoRecover\C6300BFE37AD E6B52EC023F66124985F.mof" Aug 9 2008 10:00:52p 641 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microso ft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy" Aug 9 2008 10:00:52p 641 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microso ft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy" Aug 9 2008 10:00:58p 644 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microso ft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_x-ww_527a1c68\6.0.9792.0.Policy" Aug 9 2008 10:00:50p 625 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microso ft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy" C:\Program Files\ Aug 23 2008 3:58:44p 59,302 A.... "C:\Program Files\7-Zip\Uninstall.exe" Aug 21 2008 5:13:30p 147,456 A.... "C:\Program Files\LimeWire\LimeWire.exe" Aug 23 2008 2:10:10p 124,404 A.... "C:\Program Files\LimeWire\uninstall.exe" Aug 17 2008 3:01:14p 380,024 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe" Aug 17 2008 3:01:12p 61,048 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll" Aug 17 2008 3:01:12p 1,195,640 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" Aug 17 2008 3:01:14p 73,336 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" Aug 17 2008 3:01:16p 110,200 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" Aug 17 2008 3:01:16p 372,344 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe" Aug 17 2008 3:01:16p 44,664 A.... "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll" Aug 24 2008 8:04:34p 8,030 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.dat" Aug 24 2008 8:03:52p 688,760 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Aug 17 2008 3:01:18p 77,944 A.... "C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll" Jul 27 2008 9:19:32p 267,845 A.... "C:\Program Files\Avanquest\Fix-It\tsc.exe" Aug 3 2008 3:05:50p 540,440 A.... "C:\Program Files\AVG\AVG8\aAvgApi.exe" Aug 3 2008 3:05:02p 181,528 A.... "C:\Program Files\AVG\AVG8\avg7api.dll" Aug 3 2008 3:05:02p 945,944 A.... "C:\Program Files\AVG\AVG8\avgabout.dll" Aug 3 2008 3:05:02p 312,600 A.... "C:\Program Files\AVG\AVG8\avgapix.dll" Aug 3 2008 3:04:54p 405,272 A.... "C:\Program Files\AVG\AVG8\avgcfgex.exe" Aug 3 2008 3:04:40p 557,848 A.... "C:\Program Files\AVG\AVG8\avgcfgx.dll" Aug 3 2008 3:05:10p 202,008 A.... "C:\Program Files\AVG\AVG8\avgcmgr.exe" Aug 3 2008 3:05:08p 1,351,960 A.... "C:\Program Files\AVG\AVG8\avgcorex.dll" Aug 3 2008 3:05:08p 67,352 A.... "C:\Program Files\AVG\AVG8\avgcrlpx.dll" Aug 3 2008 3:04:54p 68,376 A.... "C:\Program Files\AVG\AVG8\avgdumpx.exe" Aug 3 2008 3:04:58p 873,752 A.... "C:\Program Files\AVG\AVG8\avgemc.exe" Aug 3 2008 3:05:06p 1,000,728 A.... "C:\Program Files\AVG\AVG8\avgfrw.exe" Aug 3 2008 3:05:00p 582,424 A.... "C:\Program Files\AVG\AVG8\avginet.dll" Aug 3 2008 3:05:00p 443,672 A.... "C:\Program Files\AVG\AVG8\avgiproxy.exe" Aug 3 2008 3:04:54p 152,856 A.... "C:\Program Files\AVG\AVG8\avglngx.dll" Aug 3 2008 3:05:08p 161,048 A.... "C:\Program Files\AVG\AVG8\avglogx.dll" Aug 3 2008 3:04:58p 170,776 A.... "C:\Program Files\AVG\AVG8\avgmail.dll" Aug 3 2008 3:04:58p 281,880 A.... "C:\Program Files\AVG\AVG8\avgmvflx.dll" Aug 3 2008 3:04:58p 247,064 A.... "C:\Program Files\AVG\AVG8\avgoff2k.dll" Aug 3 2008 3:05:48p 79,128 A.... "C:\Program Files\AVG\AVG8\avgpp.dll" Aug 3 2008 3:05:06p 966,424 A.... "C:\Program Files\AVG\AVG8\avgresf.dll" Aug 3 2008 3:05:08p 287,000 A.... "C:\Program Files\AVG\AVG8\avgrsx.exe" Aug 3 2008 3:04:42p 294,168 A.... "C:\Program Files\AVG\AVG8\avgscanx.dll" Aug 3 2008 3:04:44p 551,192 A.... "C:\Program Files\AVG\AVG8\avgscanx.exe" Aug 3 2008 3:04:54p 330,520 A.... "C:\Program Files\AVG\AVG8\avgsched.dll" Aug 3 2008 3:05:08p 99,608 A.... "C:\Program Files\AVG\AVG8\avgse.dll" Aug 3 2008 3:04:52p 161,048 A.... "C:\Program Files\AVG\AVG8\avgsrmax.exe" Aug 3 2008 3:04:52p 358,168 A.... "C:\Program Files\AVG\AVG8\avgsrmx.dll" Aug 3 2008 3:05:50p 422,168 A.... "C:\Program Files\AVG\AVG8\avgtbapi.dll" Aug 3 2008 3:05:50p 2,055,960 A.... "C:\Program Files\AVG\AVG8\avgtoolbar.dll" Aug 3 2008 3:05:02p 1,232,152 A.... "C:\Program Files\AVG\AVG8\avgtray.exe" Aug 3 2008 3:05:04p 2,749,720 A.... "C:\Program Files\AVG\AVG8\avgui.exe" Aug 3 2008 3:05:06p 1,821,976 A.... "C:\Program Files\AVG\AVG8\avguiadv.dll" Aug 3 2008 3:05:06p 1,948,440 A.... "C:\Program Files\AVG\AVG8\avguires.dll" Aug 3 2008 3:05:00p 1,066,240 A.... "C:\Program Files\AVG\AVG8\avgupd.dll" Aug 3 2008 3:05:00p 640,280 A.... "C:\Program Files\AVG\AVG8\avgupd.exe" Aug 3 2008 3:04:56p 309,528 A.... "C:\Program Files\AVG\AVG8\avgvvx.dll" Aug 3 2008 3:04:56p 833,304 A.... "C:\Program Files\AVG\AVG8\avgwd.dll" Aug 3 2008 3:04:56p 231,192 A.... "C:\Program Files\AVG\AVG8\avgwdsvc.exe" Aug 3 2008 3:04:58p 223,512 A.... "C:\Program Files\AVG\AVG8\avgwdwsc.dll" Aug 3 2008 3:05:10p 308,504 A.... "C:\Program Files\AVG\AVG8\avgxpl.dll" Aug 3 2008 3:06:00p 18,984 A.... "C:\Program Files\AVG\AVG8\contacts_us.html" Aug 3 2008 3:06:00p 1,045,128 A.... "C:\Program Files\AVG\AVG8\dbghelp.dll" Aug 3 2008 3:05:02p 59,069 A.... "C:\Program Files\AVG\AVG8\dfncfg.dat" Aug 3 2008 3:05:00p 53,528 A.... "C:\Program Files\AVG\AVG8\libsasl.dll" Aug 3 2008 3:05:00p 18,200 A.... "C:\Program Files\AVG\AVG8\saslcrammd5.dll" Aug 3 2008 3:05:00p 36,632 A.... "C:\Program Files\AVG\AVG8\sasldigestmd5.dll" Aug 3 2008 3:05:00p 16,664 A.... "C:\Program Files\AVG\AVG8\sasllogin.dll" Aug 3 2008 3:05:00p 16,664 A.... "C:\Program Files\AVG\AVG8\saslplain.dll" Aug 3 2008 3:05:10p 862,808 A.... "C:\Program Files\AVG\AVG8\setup.dat" Aug 3 2008 3:05:08p 2,539,800 A.... "C:\Program Files\AVG\AVG8\setup.exe" part 3 is next |
#15
|
|||
|
|||
Third part
Aug 21 2008 5:13:22p 110,592 A.... "C:\Program Files\LimeWire\lib\jdic.dll"
Aug 21 2008 5:13:20p 90,112 A.... "C:\Program Files\LimeWire\lib\SystemUtilities.dll" Aug 21 2008 5:13:20p 86,016 A.... "C:\Program Files\LimeWire\lib\SystemUtilitiesA.dll" Aug 21 2008 5:13:30p 45,056 A.... "C:\Program Files\LimeWire\lib\tray.dll" Jun 29 2008 11:44:20p 3,612,656 A.... "C:\Program Files\Microsoft Office\OFFICE11\OUTLFLTR.DAT" Jul 3 2008 6:36:56p 12,313,096 A.... "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" Aug 23 2008 4:17:52p 396,288 A.... "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" Aug 24 2008 12:54:40a 25,136 A.... "C:\Program Files\Webroot\Spy Sweeper\compressed.dat" Jul 27 2008 2:11:22a 280,777 A.... "C:\Program Files\Webroot\Spy Sweeper\unins000.dat" Jul 27 2008 2:09:20a 768,634 A.... "C:\Program Files\Webroot\Spy Sweeper\unins000.exe" Aug 24 2008 6:35:24p 343,144 A.... "C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0007NAV~.TMP" Aug 24 2008 6:00:18p 0 A.... "C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0415NAV~.TMP" Aug 3 2008 3:05:10p 455,960 A.... "C:\Program Files\Trend Micro\HijackThis\backups\backup-20080823-230608-215.dll" Aug 4 2008 5:59:12p 399 A.... "C:\Program Files\Avanquest\Fix-It\Updates\AntiVirus_Tables\cfg56.tmp" Aug 24 2008 6:50:26p 5,032 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chandir.dat " Aug 24 2008 6:50:26p 12,056 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chn.dat" Aug 9 2008 8:24:04p 4,032 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs.dat" Aug 9 2008 8:24:04p 2,816 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_die.dat " Aug 24 2008 2:51:46a 4,768 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_dnd.dat " Aug 9 2008 8:24:04p 3,008 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_ext.dat " Aug 23 2008 11:07:36p 7,104 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_rcv.dat " Aug 9 2008 8:24:04p 13,546 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\storydb.dat " Aug 23 2008 1:16:16p 159 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\5f3c\Stats. tmp" Aug 24 2008 5:03:46p 1,332 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\5f3c\UserPr of.dat" Files with hidden attributes: Wed 10 Oct 2007 211 A.SHR --- "C:\BOOT.BAK" Sat 3 Nov 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sat 3 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c4 06b1d7e0f5c1e6f6d44a3f6e\BIT4.tmp" Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc 8132a10b438ce6e2b49d4652\BIT2.tmp" Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111 678c52099a3b3123b12f2325\BIT6.tmp" Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5 109d0f8b0dee9fab84906813\BIT5.tmp" Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b 8fed23dd91f50d167cce60d3\BIT7.tmp" Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916b b150f8a929e7a4ffdfbc120f\BIT3.tmp" Program Folders: b]Add/Remove Programs[/b]: 360Share Pro(remove only) 7-Zip 4.57 Adobe Flash Player ActiveX Adobe Shockwave Player ATI Display Driver AVG Free 8.0 Data Fax SoftModem with SmartCP HijackThis 2.0.2 Compaq Connections (remove only) Microsoft Internationalized Domain Names Mitigation APIs Windows Internet Explorer 7 PC-Doctor 5 for Windows Windows XP Hotfix - KB873339 Windows XP Hotfix - KB883667 Security Update for Windows XP (KB883939) Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 High Definition Audio Driver Package - KB888111 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888239 Windows XP Hotfix - KB888302 Security Update for Windows XP (KB890046) Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows Genuine Advantage Validation Tool (KB892130) Windows XP Hotfix - KB893066 Security Update for Windows XP (KB893756) Windows Installer 3.1 (KB893803) Update for Windows XP (KB894391) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896428) Update for Windows XP (KB898461) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Update for Windows XP (KB900485) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Update for Windows XP (KB904942) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows Media Player (KB911564) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Update for Windows XP (KB916595) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Update for Windows XP (KB920872) Security Update for Windows XP (KB921503) Update for Windows XP (KB922582) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB925902) Hotfix for Windows XP (KB926239) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Update for Windows XP (KB927891) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Hotfix for Windows Media Format 11 SDK (KB929399) Security Update for Windows XP (KB930178) Update for Windows XP (KB930916) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for CAPICOM (KB931906) Security Update for Windows XP (KB932168) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows XP (KB938127) Security Update for Windows Internet Explorer 7 (KB938127) Update for Windows XP (KB938828) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Hotfix for Windows Media Player 11 (KB939683) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB942615) Security Update for Windows Internet Explorer 7 (KB942615) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Update for Windows XP (KB946627) Security Update for Windows XP (KB946648) Hotfix for Windows Internet Explorer 7 (KB947864) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Update for Windows XP (KB951072-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Hotfix for Windows XP (KB952287) Security Update for Windows XP (KB952954) Update for Windows XP (KB953356) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows XP (KB953839) Lexmark X1100 Series LimeWire PRO 4.18.6 LiveReg (Symantec Corporation) Microsoft .NET Framework 1.1 Hotfix (KB928366) Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft Money 2005 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft National Language Support Downlevel APIs Adobe Flash Player 9 ActiveX Norton Internet Security 2005 (Symantec Corporation) Windows Genuine Advantage Validation Tool (KB892130) Windows Media Format 11 runtime Windows Media Player 11 Windows Media Format 11 runtime Windows Media Player 11 Microsoft User-Mode Driver Framework Feature Pack 1.0 ATI Control Panel Microsoft Plus! Photo Story 2 LE Security Update for CAPICOM (KB931906) Norton Internet Security Microsoft Plus! Dancer LE SymNet J2SE Runtime Environment 5.0 InterVideo WinDVD Player HP Boot Optimizer Norton Internet Security Norton Internet Security Fix-It Utilities 8 Professional Norton Internet Security Norton AntiSpam Microsoft Plus! Digital Media Edition Installer Microsoft Visual C++ 2005 Redistributable Spy Sweeper SPBBC Microsoft Office Basic Edition 2003 InterVideo WinDVD Player Adobe® Photoshop® Album Starter Edition 3.2 Norton Internet Security Norton Internet Security PC-Doctor 5 for Windows Adobe Reader 8.1.2 MSRedist MSXML 4.0 SP2 (KB936181) Norton AntiVirus 2005 Norton Internet Security Microsoft .NET Framework 1.1 Compaq Organize ccCommon CC_ccProxyExt HpSdpAppCoreApp Norton Internet Security Norton Internet Security Norton WMI Update HP Software Update Norton WMI Update ccPxyCore Norton Internet Security HP Image Zone Express Run Values: [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run] "Lexmark X1100 Series"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\"" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\"" "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" "VirusScannerPro"="C:\\PROGRA~1\\AVANQU~1\\Fix-It\\MemCheck.exe" "AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray. exe" "PCDrProfiler"="" "SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray" "Malwarebytes Anti-Malware (reboot)"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript" [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents] @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL] "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS] "Installed"="1" @="" [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e" Bot Check: SERVICE_NAME: wscsvc DISPLAY_NAME : Security Center START_TYPE : 2 AUTO_START SERVICE_NAME: sharedaccess DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS) START_TYPE : 2 AUTO_START SERVICE_NAME: wuauserv DISPLAY_NAME : Automatic Updates START_TYPE : 2 AUTO_START SERVICE_NAME: srservice DISPLAY_NAME : System Restore Service START_TYPE : 2 AUTO_START [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] "EnableDCOM"="Y" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa] "restrictanonymous"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update] "AUOptions"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000000 "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "WaitToKillServiceTimeout"="20000" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "SFCDisable"=dword:00000000 "Shell"="Explorer.exe" "Userinit"="C:\\WINDOWS\\system32\\userinit.ex e," [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shell extensions] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetBT\Parameters] "TransportBindName"="\\Device\\" ShellExecuteHooks: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{73984FE0-9702-4C55-9C7B-9BA3C5861F25}"="" Environment: HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager\environment ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\Sy stem32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel windir REG_EXPAND_SZ %SystemRoot% OS REG_SZ Windows_NT PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH TEMP REG_EXPAND_SZ %SystemRoot%\TEMP TMP REG_EXPAND_SZ %SystemRoot%\TEMP SAFEBOOT_OPTION REG_SZ NETWORK SecurityProviders: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders SecurityProviders REG_SZ msapsspc.dll schannel.dll digest.dll msnsspc.dll Authentication Packages: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa Authentication Packages REG_MULTI_SZ msv1_0\0C:\WINDOWS\system32\urqRIyyw\0\0 Subsystem Startup: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager\SubSystems] "Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16" Midi Drivers: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midi"="wdmaud.drv" Non-Default IFEO Debugger: Non-Default Installed Components: Non-Default Safeboot Minimal: HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\webrootspysweeperservice <NO NAME> REG_SZ Service File Associations: [HKEY_CLASSES_ROOT\batfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\cmdfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\comfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\htafile\shell\open\command] @="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*" [HKEY_CLASSES_ROOT\http\shell\open\command] @="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome" [HKEY_CLASSES_ROOT\htmlfile\shell\open\command] @="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome" [HKEY_CLASSES_ROOT\regedit\shell\open\command] @="regedit.exe %1" [HKEY_CLASSES_ROOT\regfile\shell\open\command] @="regedit.exe \"%1\" %*" [HKEY_CLASSES_ROOT\scrfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\txtfile\shell\open\command] @="%SystemRoot%\system32\NOTEPAD.EXE %1" Finished! here is the the last part seer1 |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Flashplayer Problems and General Problems | white17 | Windows XP | 9 | October 4th, 2008 03:54 PM |
Vista boot problems, partition problems | cHiNgY1788 | Windows Vista | 1 | May 23rd, 2007 01:45 AM |
Lagging problems and Audio Problems/HJT Attached. | lucaspgordon | Malware Removal | 10 | August 21st, 2006 03:17 PM |
Problems amongst Problems adware/spyware and virus | roc slaughter | Malware Removal | 12 | April 26th, 2006 09:42 PM |
problems downloading using Rapdishare - suspect proxy servers problems - Help. | Jaaay | Internet / Browsers | 2 | February 3rd, 2006 05:10 PM |
All times are GMT +1. The time now is 01:47 PM.