|
|
beatrice
new user
Reg'd: Mon
Posts: 24
|
|
my desktop icons and toolbar have disapeared,
i try many things,i scaned with "superantispyware",i tried with "SDFix.exe"too,i scaned with my antivirus "esset"(Nod 32)nothing works and i don't know what to do
Please help me
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:21:17 PM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\New Folder\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Eset\nod32krn.exe
D:\New Folder\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar Browser Helper Object - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - D:\New Folder\SZSG.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\New Folder\SZIEBHO.dll
O2 - BHO: (no name) - {FFC5CF77-13E3-4127-A069-2DBDB9AD00A5} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - D:\New Folder\SZSG.dll
O4 - HKLM\..\Run: [SBCSTray] D:\New Folder\SBCSTray.exe
O4 - HKLM\..\Run: [BM3b39471e] Rundll32.exe "C:\WINDOWS\system32\yamygiau.dll",s
O4 - HKLM\..\Run: [MSN] C:\Windows
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [a-squared] "D:\New Folder\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\New Folder (2)\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - <a href="res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000" target="_blank">res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000</a>
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - D:\New Folder\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - D:\New Folder\SBCSSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
--
End of file - 9368 bytes
THANK YOU
Edited by beatrice (Mon Mar 03 2008 05:36 PM)
|
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28201
Loc: belfast
|
|
Welcome to the Webuser forum. 
I don't see much in your HJT log, have you tried a system restore to a point before the problem occurred ?
How to Start and Use System Restore
To start System Restore, follow these steps:
1. Click Start, point to Programs, point to Accessories, point to System Tools, and then click System Restore.
The first time you use System Restore, there are two options on the Welcome page:
• Restore my computer to an earlier time
• Create a restore point
2. Click Restore my computer to an earlier time and click Next.
A calendar appears.
3. In the calendar, choose which Restore Point to roll your system back to.(before your problems started)
4. Click Next.
You are prompted to close all applications before completing the Restore process because the computer will restart.
5. Upon completion of the restart, a confirmation screen appears. Click OK to continue using your computer.
let us know how you get on.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
 
A computer once beat me at chess, but it was no match for me at kick boxing.
|
beatrice
new user
Reg'd: Mon
Posts: 24
|
|
I tried with restore system ,but i don't have any date to restore before that incident and i don't have "start" too. If i want to gave restore single possibility to come in my computer it is only with "ctrl+alt+del"(task manager),new task,c:windows, system 32,restore.I was also in regedit to see if it is from shell"explorer.exe",but was correct so i don't know where is the problem.
Thank you
|
beatrice
new user
Reg'd: Mon
Posts: 24
|
|
I tried with restore system ,but i don't have any date to restore before that incident and i don't have "start" too. If i want to gave restore single possibility to come in my computer it is only with "ctrl+alt+del"(task manager),new task,c:windows, system 32,restore.I was also in regedit to see if it is from shell"explorer.exe",but was correct so i don't know where is the problem.
Thank you.I tried also to reinstall windows but was impossible when the setup start the blue screen "death screen" appear and i can't do nothing.
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28201
Loc: belfast
|
|
try this if you can get on the net :-
* Please visit this webpage for instructions for downloading and running ComboFix:
This includes installing the Windows XP Recovery Console in case you have not installed it yet.
Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
A computer once beat me at chess, but it was no match for me at kick boxing.
|
beatrice
new user
Reg'd: Mon
Posts: 24
|
|
I did what you said with "ComboFix.exe" but,situation is the same.
ComboFix 08-03-04.2 - 2008-03-04 15:55:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.544 [GMT -7:00]
Running from: C:\Users\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM3b39471e.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbeeg.ini
C:\WINDOWS\system32\cbeeg.ini2
C:\WINDOWS\system32\mpqss.ini
C:\WINDOWS\system32\mpqss.ini2
C:\WINDOWS\system32\mycjamib.ini
C:\WINDOWS\system32\oxpnkhcs.ini
C:\WINDOWS\system32\qpqss.ini2
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.
2008-03-04 15:58 . 2008-03-04 15:58 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-03-04 15:58 . 2008-03-04 15:58 <DIR> d-------- C:\WINDOWS\srchasst
2008-03-04 15:58 . 2008-03-04 15:58 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-03-03 20:45 . 2008-03-03 20:45 <DIR> d-------- C:\Users\All Users\Application Data\Martau
2008-03-03 20:16 . 2008-03-03 20:16 <DIR> d-------- C:\Program Files\total
2008-03-03 17:37 . 2008-03-03 17:38 1,756 --a------ C:\WINDOWS\mozver.dat
2008-03-03 16:15 . 2008-03-03 16:15 <DIR> d-------- C:\Users\All Users\Application Data\Apple Computer
2008-03-03 16:15 . 2008-03-03 16:15 <DIR> d-------- C:\Users\All Users\Application Data\Apple
2008-03-03 16:15 . 2008-03-03 16:16 <DIR> d-------- C:\Program Files\QuickTime
2008-03-03 16:15 . 2008-03-03 16:15 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-03 16:15 . 2008-03-03 16:15 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-01 19:33 . 2008-03-01 19:33 122 --a------ C:\WINDOWS\Winchat.ini
2008-03-01 15:43 . 2008-03-01 15:43 0 --a------ C:\~GLHTTP1.TMP
2008-03-01 15:04 . 2008-03-01 15:04 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-03-01 15:04 . 2008-03-01 15:04 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-03-01 15:03 . 2008-03-01 15:03 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-03-01 14:54 . 2008-03-01 14:54 <DIR> d-------- C:\Users\All Users\Application Data\Sunbelt Software
2008-03-01 14:54 . 2008-03-01 14:54 <DIR> d-------- C:\Users\Administrator\Application Data\Sunbelt Software
2008-03-01 14:42 . 2008-03-01 14:42 <DIR> d-------- C:\VundoFix Backups
2008-03-01 14:36 . 2008-03-01 14:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-29 12:02 . 2008-02-29 22:12 0 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-02-27 16:08 . 2008-02-27 16:08 <DIR> d-------- C:\Users\Administrator\Application Data\URSoft
2008-02-26 20:11 . 2008-02-26 20:11 <DIR> d-------- C:\Users\Administrator\Application Data\Uniblue
2008-02-26 19:12 . 2007-12-21 01:58 455,256 -ra------ C:\txtsetup.sif
2008-02-26 19:12 . 2007-12-21 01:57 259,776 -ra------ C:\$LDR$
2008-02-26 16:13 . 2008-02-26 16:14 <DIR> d-------- C:\Users\All Users\Application Data\SITEguard
2008-02-26 16:12 . 2008-03-04 15:58 <DIR> d-------- C:\Users\All Users\Application Data\STOPzilla!
2008-02-26 16:12 . 2008-02-26 16:12 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-02-25 22:04 . 2008-02-25 22:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-25 17:01 . 2008-02-25 17:01 <DIR> d-------- C:\Users\All Users\Application Data\Lavasoft
2008-02-24 21:35 . 2008-02-24 21:35 36,864 --a------ C:\WINDOWS\system32\urqoppm.dll
2008-02-24 21:35 . 2008-02-24 21:35 36,864 --a------ C:\WINDOWS\system32\fccabyy.dll
2008-02-17 16:28 . 2008-02-17 16:28 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-02-17 00:21 . 2008-02-17 14:26 0 --a------ C:\WINDOWS\ka.ini
2008-02-17 00:20 . 2008-02-17 14:26 <DIR> d-------- C:\Users\All Users\Application Data\Vivendi Universal Games
2008-02-17 00:20 . 2008-02-17 00:20 <DIR> d-------- C:\Program Files\Common Files\Vivendi Universal Games
2008-02-05 20:50 . 2008-02-05 20:50 <DIR> d-------- C:\Users\All Users\Application Data\PC Tools
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 06:16 --------- d-----w C:\Users\Administrator\Application Data\uTorrent
2008-03-04 00:58 --------- d-----w C:\Program Files\Nirsoft
2008-03-02 05:05 --------- d-----w C:\Users\All Users\Application Data\Skype
2008-03-02 05:05 --------- d-----w C:\Program Files\Skype
2008-03-02 05:03 --------- d-----w C:\Program Files\Yahoo!
2008-03-02 04:47 --------- d-----w C:\Users\Administrator\Application Data\SUPERAntiSpyware.com
2008-03-02 04:38 --------- d-----w C:\Users\Administrator\Application Data\skypePM
2008-03-01 05:49 --------- d---a-w C:\Users\All Users\Application Data\TEMP
2008-02-27 17:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 17:22 --------- d-----w C:\Users\All Users\Application Data\Ulead Systems
2008-02-27 17:21 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-02-27 17:16 --------- d-----w C:\Program Files\EA GAMES
2008-02-26 21:26 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-24 23:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-24 01:27 --------- d-----w C:\Users\Administrator\Application Data\LimeWire
2008-02-20 05:03 --------- d-----w C:\Users\Administrator\Application Data\Yahoo!
2008-02-17 21:56 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-17 21:33 --------- d-----w C:\Users\Administrator\Application Data\dvdcss
2008-02-09 00:23 --------- d-----w C:\Program Files\ESET
2008-02-03 06:13 --------- d-----w C:\Users\Administrator\Application Data\Ulead Systems
2008-02-03 05:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-03 04:29 --------- d-----w C:\Users\Administrator\Application Data\InstallShield
2008-02-03 04:27 --------- d-----w C:\Program Files\Windows Media Components
2008-02-03 04:27 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-01-31 19:16 34,944 ----a-r C:\WINDOWS\system32\drivers\SZKG.sys
2008-01-31 01:57 --------- d-----w C:\Users\Administrator\Application Data\VeniceMysteryData
2008-01-30 03:31 --------- d-----w C:\Users\All Users\Application Data\Christmasville
2008-01-30 03:07 --------- d-----w C:\Users\Administrator\Application Data\Super-Cow
2008-01-30 01:29 --------- d-----w C:\Users\All Users\Application Data\SpinTop Games
2008-01-29 23:16 --------- d-----w C:\Users\All Users\Application Data\Trymedia
2008-01-29 20:26 --------- d-----w C:\Users\All Users\Application Data\Escape From Paradise
2008-01-19 06:18 --------- d-----w C:\Users\Administrator\Application Data\mIRC
2008-01-18 05:38 --------- d-----w C:\Users\Administrator\Application Data\Hamachi
2008-01-18 05:33 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-09 00:19 --------- d-----w C:\Program Files\uTorrent
2008-01-06 23:26 --------- d-----w C:\Program Files\AlfaClock 2
2007-12-17 02:50 32 ----a-w C:\Users\All Users\Application Data\ezsid.dat
2005-12-12 01:56 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2005-12-12 01:56 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2005-12-12 01:56 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012005121120051212\index.dat
2005-12-12 01:56 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
------- Sigcheck -------
1a5fb58fc6e970a308719a4ea49eb8b5 C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 360,704 2007-09-01 09:00:00 C:\WINDOWS\system32\drivers\tcpip.sys
69a39aaff83508304fc92b49a81915de C:\WINDOWS\system32\ntoskrnl.exe
----a-w 2,321,792 2007-09-01 09:00:00 C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:21 1694208]
"Uniblue RegistryBooster 2"="D:\New Folder (2)\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 16:06 1885464]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-02-02 21:08 219952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-16 19:49 171448]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 07:16 171464]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-09-01 02:00 15360]
"SkinClock"="C:\Program Files\Clock Tray Skins\ClockTraySkins.exe" [2007-03-11 12:00 448000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBCSTray"="D:\New Folder\SBCSTray.exe" [2007-12-21 15:30 698864]
"BM3b39471e"="C:\WINDOWS\system32\yamygiau.dll" [ ]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2007-09-01 02:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2005-12-11 19:09 921600]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 00:06 40048]
"SunJavaUpdateSched"="" []
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 06:38 16384512 C:\WINDOWS\RTHDCPL.EXE]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2007-09-01 02:00 169984]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"a-squared"="D:\New Folder\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LXPNewUser"="C:\WINDOWS\System32\TrunksLXP-NUserFix.cmd" [2007-09-01 02:00 2303]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2007-09-01 02:00 44544]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2007-09-01 02:00 123904 C:\WINDOWS\system32\advpack.dll]
C:\Users\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 00:37:10 323646]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwly32]
winwly32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R0 m5287;m5287;C:\WINDOWS\system32\DRIVERS\m5287.sys [2005-09-23 09:53]
R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-03-01 15:03]
R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2008-01-31 12:16]
R3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2006-10-19 00:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\monsetup.exe
*Newly Created Service* - ASPI32
*Newly Created Service* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder
"2008-03-03 23:15:47 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-24 16:11:26 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1197907725.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 16:04:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\New Folder\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Eset\nod32krn.exe
D:\New Folder\SBCSSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-03-04 16:05:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-04 23:05:21
thank you for helping me, i will try to "racovery"from CD.
|
beatrice
new user
Reg'd: Mon
Posts: 24
|
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:31 PM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\New Folder\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Eset\nod32krn.exe
D:\New Folder\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar Browser Helper Object - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - D:\New Folder\SZSG.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\New Folder\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - D:\New Folder\SZSG.dll
O4 - HKLM\..\Run: [SBCSTray] D:\New Folder\SBCSTray.exe
O4 - HKLM\..\Run: [BM3b39471e] Rundll32.exe "C:\WINDOWS\system32\yamygiau.dll",s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [a-squared] "D:\New Folder\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\New Folder (2)\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - D:\New Folder\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - D:\New Folder\SBCSSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
--
End of file - 9222 bytes
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28201
Loc: belfast
|
|
unfortunately you didn't install the recovery console
Quote:
This includes installing the Windows XP Recovery Console in case you have not installed it yet.
can you go back to that link and install the recovery console, then run combofix again and post the new combofix log.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
A computer once beat me at chess, but it was no match for me at kick boxing.
|
beatrice
new user
Reg'd: Mon
Posts: 24
|
|
I am sorry, i don't know how to install "recovery" because i don't have "start button and run "i can use only task manager like "new task ".
I tried from restart computer and when the setup windows show up to push "R",but i got also problem , "blue screen " where it was writhe this:
A problem has been detected and the windows has been shut down to prevent damage to your computer ...follow these steps,check for viruses on your computer .Remove any newly installed hard drive controllers, check your hard drive to make sure it is properly configurated and terminated .Run CHKDSK/F to check for hard drive corruption and then restart your computer.Tehnical information "STOP:0x0000007B(0xF7AFA524, 0x0000034, 0x000000000, 0x00000000)".And i can't run CHKDSK/F becose like i said before i don't have start button and run too.
Thank you for your time.
Edited by beatrice (Tue Mar 04 2008 03:56 PM)
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28201
Loc: belfast
|
|
sorry i should have realized.
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Quote:
Killall::
File::
C:\~GLHTTP1.TMP
C:\WINDOWS\system32\urqoppm.dll
C:\WINDOWS\system32\fccabyy.dll
C:\WINDOWS\iun6002.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\winwly32]
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.
Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please and
let me know how it is running.
*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
Then :-
Rerun HJT,and put a checkmark beside these :-
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O4 - HKLM\..\Run: [BM3b39471e] Rundll32.exe "C:\WINDOWS\system32\yamygiau.dll",s
O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing)
now close all windows and browsers and click FIX CHECKED
bring up taskmanager then click FILE >> new task run, type in MSConfig and click ok
When the System Configuration Utility opens,
click on the 'Startup Tab' and make sure there is a checkmark beside each entry.
Also check the 'General Tab' has the "normal startup" option checked. REBOOT when asked to by Windows to complete the change.
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please and
let me know how it is running.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
A computer once beat me at chess, but it was no match for me at kick boxing.
|
beatrice
new user
Reg'd: Mon
Posts: 24
|
|
Hello again i did what you said with HiJack i fix that file what you saidand this is the new log
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\New Folder\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Eset\nod32krn.exe
D:\New Folder\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar Browser Helper Object - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - D:\New Folder\SZSG.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\New Folder\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - D:\New Folder\SZSG.dll
O4 - HKLM\..\Run: [SBCSTray] D:\New Folder\SBCSTray.exe
O4 - HKLM\..\Run: [BM3b39471e] Rundll32.exe "C:\WINDOWS\system32\yamygiau.dll",s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [a-squared] "D:\New Folder\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [combofix] \ /c C:\ComboFix(2)\Combobatch.bat
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\New Folder (2)\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 - HKCU\..\Run: [NoteZilla] D:\New Folder\NoteZilla\NoteZilla.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - D:\New Folder\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - D:\New Folder\SBCSSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
--
End of file - 9361 bytes
But with combofix i couldn't ,i'm really sorry
Can i ask you something?
I have a program "EVEREST Ultimate Edition" probable you know,or sure you know
but you think with this program, you can find more about, my computer problem (or have to be more private?)if i scan with??????? Thank you
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28201
Loc: belfast
|
|
Quote:
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply
did you follow my instructions for combofix ?
can you post the combofix text.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
A computer once beat me at chess, but it was no match for me at kick boxing.
|
beatrice
new user
Reg'd: Mon
Posts: 24
|
|
Hello, i did what you said to copy/paste that information on ComboFix
but it said" Where do you trying to run CFScript?The name, CFScript
appears to be incorrectly spelt"...this is the message witch appear
every time. 
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28201
Loc: belfast
|
|
Quote:
Where do you trying to run CFScript
It has to be named CFScript.txt
any variation in the name won't work
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
A computer once beat me at chess, but it was no match for me at kick boxing.
|
beatrice
new user
Reg'd: Mon
Posts: 24
|
|
This is the new log from ComboFix and in the final scan i get a alert info like
:don't find "explorer.exe"
ComboFix 08-03-04.2 - 2008-03-06 16:00:49.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.552 [GMT -7:00]
Running from: C:\Users\Administrator\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\~GLHTTP1.TMP
C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\fccabyy.dll
C:\WINDOWS\system32\urqoppm.dll
.
((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 )))))))))))))))))))))))))))))))
.
2008-03-06 12:18 . 2008-03-06 12:18 <DIR> d-------- C:\ComboFix(4)
2008-03-06 11:52 . 2008-03-06 11:52 <DIR> d-------- C:\Program Files\ACW
2008-03-05 12:58 . 2008-03-05 12:58 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-03-05 12:58 . 2008-03-05 12:58 <DIR> d-------- C:\WINDOWS\srchasst
2008-03-05 12:58 . 2008-03-05 12:58 <DIR> d-------- C:\Program Files\total
2008-03-05 12:58 . 2008-03-05 12:58 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-03-05 12:33 . 2008-03-05 12:33 <DIR> d-------- C:\Users\Administrator\Application Data\Conceptworld
2008-03-04 22:36 . 2008-03-04 22:36 <DIR> d-------- C:\New Folder
2008-03-03 17:37 . 2008-03-03 17:38 1,756 --a------ C:\WINDOWS\mozver.dat
2008-03-03 16:15 . 2008-03-03 16:15 <DIR> d-------- C:\Users\All Users\Application Data\Apple
2008-03-03 16:15 . 2008-03-03 16:15 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-03 16:15 . 2008-03-03 16:15 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-01 19:33 . 2008-03-01 19:33 122 --a------ C:\WINDOWS\Winchat.ini
2008-03-01 15:04 . 2008-03-01 15:04 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-03-01 15:04 . 2008-03-01 15:04 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-03-01 14:54 . 2008-03-01 14:54 <DIR> d-------- C:\Users\Administrator\Application Data\Sunbelt Software
2008-03-01 14:42 . 2008-03-01 14:42 <DIR> d-------- C:\VundoFix Backups
2008-03-01 14:36 . 2008-03-01 14:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-29 12:02 . 2008-02-29 22:12 0 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-02-27 16:08 . 2008-02-27 16:08 <DIR> d-------- C:\Users\Administrator\Application Data\URSoft
2008-02-26 20:11 . 2008-02-26 20:11 <DIR> d-------- C:\Users\Administrator\Application Data\Uniblue
2008-02-26 19:12 . 2007-12-21 01:58 455,256 -ra------ C:\txtsetup.sif
2008-02-26 19:12 . 2007-12-21 01:57 259,776 -ra------ C:\$LDR$
2008-02-26 16:13 . 2008-02-26 16:14 <DIR> d-------- C:\Users\All Users\Application Data\SITEguard
2008-02-26 16:12 . 2008-03-06 15:59 <DIR> d-------- C:\Users\All Users\Application Data\STOPzilla!
2008-02-26 16:12 . 2008-02-26 16:12 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-02-25 22:04 . 2008-02-25 22:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-25 17:01 . 2008-02-25 17:01 <DIR> d-------- C:\Users\All Users\Application Data\Lavasoft
2008-02-17 16:28 . 2008-02-17 16:28 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-02-17 00:21 . 2008-02-17 14:26 0 --a------ C:\WINDOWS\ka.ini
2008-02-17 00:20 . 2008-02-17 14:26 <DIR> d-------- C:\Users\All Users\Application Data\Vivendi Universal Games
2008-02-17 00:20 . 2008-02-17 00:20 <DIR> d-------- C:\Program Files\Common Files\Vivendi Universal Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 03:48 --------- d-----w C:\Program Files\EA GAMES
2008-03-05 21:25 --------- d-----w C:\Users\All Users\Application Data\Yahoo!
2008-03-05 21:25 --------- d-----w C:\Users\Administrator\Application Data\Yahoo!
2008-03-05 21:19 --------- d-----w C:\Program Files\ESET
2008-03-05 20:10 244 ----a-w C:\Program Files\New Text Document.txt
2008-03-04 00:58 --------- d-----w C:\Program Files\Nirsoft
2008-03-02 05:05 --------- d-----w C:\Users\All Users\Application Data\Skype
2008-03-02 05:05 --------- d-----w C:\Program Files\Skype
2008-03-02 05:03 --------- d-----w C:\Program Files\Yahoo!
2008-03-02 04:47 --------- d-----w C:\Users\Administrator\Application Data\SUPERAntiSpyware.com
2008-03-02 04:38 --------- d-----w C:\Users\Administrator\Application Data\skypePM
2008-03-01 05:49 --------- d---a-w C:\Users\All Users\Application Data\TEMP
2008-02-27 17:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 17:22 --------- d-----w C:\Users\All Users\Application Data\Ulead Systems
2008-02-27 17:21 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-02-26 21:26 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-24 23:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-24 01:27 --------- d-----w C:\Users\Administrator\Application Data\LimeWire
2008-02-17 21:33 --------- d-----w C:\Users\Administrator\Application Data\dvdcss
2008-02-06 03:50 --------- d-----w C:\Users\All Users\Application Data\PC Tools
2008-02-03 06:13 --------- d-----w C:\Users\Administrator\Application Data\Ulead Systems
2008-02-03 05:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-03 04:29 --------- d-----w C:\Users\Administrator\Application Data\InstallShield
2008-02-03 04:27 --------- d-----w C:\Program Files\Windows Media Components
2008-02-03 04:27 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-02-01 21:36 229,376 ----a-r C:\WINDOWS\system32\SZBase5.dll
2008-01-31 19:16 34,944 ----a-r C:\WINDOWS\system32\drivers\SZKG.sys
2008-01-31 01:57 --------- d-----w C:\Users\Administrator\Application Data\VeniceMysteryData
2008-01-31 00:53 126,976 ----a-r C:\WINDOWS\system32\IS3HTUI5.dll
2008-01-31 00 |
Previous
Index
Next
Threaded
Edit
Reply
Quote
