Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site

Go Back   Windows BBS > Security > Malware and Virus Removal
Reload this Page

[Resolved] Can not update windows XP new post as requested

Register FAQ Mark Forums Read

Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.

Register your FREE account to unlock additional features at WindowsBBS.com
Register
Welcome to WindowsBBS.com
Microsoft Windows Support

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Windows 2000 Windows 2000
Windows 95/98/Me/NT Windows 95/98/Me/NT
Internet & Networking
Networking
Internet Explorer
Microsoft Mail
Firefox, Thunderbird
      & SeaMonkey
General Internet
Security
General Security
Malware and Virus
     Removal
Other
Other Software
Hardware
Test Posts
Community
Introductions
General Discussions
Comments
      & Suggestions
News @ WindowsBBS

Forum Sponsor
Image

Reply
 
LinkBack Thread Tools
Old 1st October 2008   #1
Member
 
Profile:
Join Date: Oct 2008
Posts: 20
Computer Experience:
Beginner
mshaver Reputation Level
Question [Resolved] Can not update windows XP new post as requested
I have posted on spybot forum as well and was recommended to this site.
http://forums.spybot.info/showthread.php?t=34450
I also have the first post on this site at
I can not update my windows xp home

Here is the log requested. It only gave me the one log.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Customer at 2008-10-01 10:08:24
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 27 GB (46%) free of 59 GB
Total RAM: 255 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:59 AM, on 10/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\MozyHome\mozystat.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Customer\Local Settings\Application Data\TouchStoneSoftware\driveragent_288.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Customer\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Customer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myembarq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Embarq Toolbar - {4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C} - C:\PROGRA~1\EMBARQ~1\EMBARQ~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Embarq Toolbar - {4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C} - C:\PROGRA~1\EMBARQ~1\EMBARQ~1.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'Default user')
O4 - Global Startup: EMBARQ Help.lnk = C:\Program Files\Virtual Assistant\bin\matcli.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: &3D Satellite Search - res://C:\WINDOWS\system32\EFOToolbar.dll/GoSatteliteSearch.dll.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: S&earchSave Web Search - res://C:\WINDOWS\system32\EFOToolbar.dll/GoWebSearch.dll.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O15 - Trusted Zone: http://sckesc.owotw.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {38A5F6F0-0B64-421B-A553-3D49A76ECDCD} (CPlayFirstMythicMarblesControl Object) - http://download.playfirst.com/play/g...es.1.0.0.3.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://www.gamehouse.com/realarcade-...atePoppers.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1216430943179
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://download.playfirst.com/play/g...2.1.0.0.67.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.gamehouse.com/realarcade-...amesPlayer.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://download.playfirst.com/play/g...b.1.0.0.10.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.gamehouse.com/realarcade-...rDashFloGo.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/realarcade-...ylomplayer.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O24 - Desktop Component 1: How to Make a Website on SiteRightNow.com - http://www.siteritenow.com/

--
End of file - 10380 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\{5237129E-AB10-445E-B37F-02814D2F34BD}_KCRC-75F6A08A51_Customer.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-09-28 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C}]
Embarq Toolbar - C:\PROGRA~1\EMBARQ~1\EMBARQ~1.DLL [2007-06-08 1897472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
Ask Toolbar BHO - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-08-29 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN Search Toolbar - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll [2005-09-20 577744]
{4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C} - Embarq Toolbar - C:\PROGRA~1\EMBARQ~1\EMBARQ~1.DLL [2007-06-08 1897472]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-08-29 262144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Motive SmartBridge"=C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe [2006-04-21 438359]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"COMODO SafeSurf"=C:\Program Files\COMODO\SafeSurf\cssurf.exe [2008-08-29 278264]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2008-08-29 1655552]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-09-28 185872]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax DllCmd 4.0.lnk]
C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe /R []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax Tray Menu 4.0.lnk]
C:\Program Files\eFax Messenger 4.0\J2GTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
C:\PROGRA~1\MSNTOO~1\DS\020500~1.111\en-us\bin\WINDOW~3.EXE [2005-09-20 238080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Customer^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe [2005-09-14 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Customer^Start Menu^Programs^Startup^TypeItIn.lnk]
C:\PROGRA~1\TypeItIn\TypeItIn.exe [2004-11-23 858624]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
EMBARQ Help.lnk - C:\Program Files\Virtual Assistant\bin\matcli.exe
MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explor er]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explo rer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2008-10-01 10:08:24 ----D---- C:\rsit
2008-10-01 08:51:01 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-01 07:25:23 ----D---- C:\Program Files\iPod
2008-10-01 07:25:07 ----D---- C:\Program Files\iTunes
2008-10-01 07:25:07 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-01 07:19:33 ----D---- C:\Program Files\QuickTime
2008-10-01 07:01:27 ----D---- C:\Program Files\Bonjour
2008-09-30 15:56:17 ----D---- C:\WINDOWS\LastGood
2008-09-30 15:56:16 ----D---- C:\WINDOWS\Logs
2008-09-30 06:55:26 ----A---- C:\ComboFix.txt
2008-09-30 06:26:33 ----D---- C:\QooBox
2008-09-30 06:26:27 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-30 06:26:26 ----A---- C:\WINDOWS\zip.exe
2008-09-30 06:26:26 ----A---- C:\WINDOWS\VFind.exe
2008-09-30 06:26:26 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-30 06:26:26 ----A---- C:\WINDOWS\SWSC.exe
2008-09-30 06:26:26 ----A---- C:\WINDOWS\swreg.exe
2008-09-30 06:26:26 ----A---- C:\WINDOWS\sed.exe
2008-09-30 06:26:26 ----A---- C:\WINDOWS\grep.exe
2008-09-30 06:26:26 ----A---- C:\WINDOWS\fdsv.exe
2008-09-30 06:26:01 ----D---- C:\ComboFix
2008-09-29 21:19:19 ----D---- C:\Documents and Settings\Customer\Application Data\Malwarebytes
2008-09-29 21:18:47 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-29 21:17:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 15:22:14 ----D---- C:\Program Files\Common Files\xing shared
2008-09-10 03:03:53 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 03:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-08-29 16:11:02 ----A---- C:\WINDOWS\system32\cssdll32.dll
2008-08-29 16:10:59 ----D---- C:\Program Files\AskSBar
2008-08-29 15:50:09 ----D---- C:\Documents and Settings\Customer\Application Data\Comodo
2008-08-29 15:50:03 ----D---- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-29 15:50:02 ----A---- C:\WINDOWS\system32\guard32.dll
2008-08-29 15:49:55 ----D---- C:\Program Files\COMODO
2008-08-29 11:49:23 ----D---- C:\Program Files\Avira
2008-08-29 11:49:23 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-29 10:18:58 ----A---- C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53:50 ----A---- C:\WINDOWS\system32\dnssd.dll
2008-08-27 15:04:47 ----D---- C:\Program Files\Byron
2008-08-27 15:01:56 ----A---- C:\WINDOWS\uninst.exe
2008-08-26 10:15:39 ----D---- C:\Program Files\Apple Software Update
2008-08-25 16:53:45 ----D---- C:\Documents and Settings\Customer\Application Data\F-Secure
2008-08-25 16:14:07 ----D---- C:\Program Files\EMBARQ Online Security
2008-08-25 16:13:40 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-08-25 16:12:49 ----D---- C:\Documents and Settings\All Users\Application Data\fssg
2008-08-24 02:34:36 ----D---- C:\Program Files\Microsoft Reader
2008-08-24 02:34:36 ----A---- C:\WINDOWS\DASShp.dll
2008-08-23 19:20:07 ----D---- C:\Documents and Settings\All Users\Application Data\QB9 S.R.L
2008-08-22 18:26:29 ----D---- C:\Documents and Settings\Customer\Application Data\Snood
2008-08-22 18:18:26 ----D---- C:\Program Files\Snood Deluxe
2008-08-19 21:10:11 ----D---- C:\Program Files\Ragu Recipe Widget
2008-08-18 17:34:41 ----D---- C:\Documents and Settings\Customer\Application Data\Gaijin Ent
2008-08-17 22:31:48 ----D---- C:\Documents and Settings\All Users\Application Data\Free Ride Games
2008-08-17 22:31:40 ----D---- C:\Remote Programs
2008-08-17 22:30:06 ----N---- C:\WINDOWS\ExentInfo.exe
2008-08-17 22:29:55 ----D---- C:\Program Files\Free Ride Games
2008-08-17 20:58:17 ----D---- C:\Documents and Settings\Customer\Application Data\SpinTop
2008-08-17 15:42:49 ----D---- C:\Program Files\Zylom Games
2008-08-14 23:41:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-14 23:41:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-14 23:40:51 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 23:39:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-14 23:36:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 23:36:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-14 23:35:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-14 00:19:56 ----D---- C:\Program Files\Microsoft
2008-08-13 23:45:20 ----A---- C:\WINDOWS\system32\msonpmon.dll
2008-08-13 23:41:26 ----D---- C:\Program Files\Microsoft Works
2008-08-13 23:40:01 ----D---- C:\Program Files\Common Files\DESIGNER
2008-08-13 23:38:08 ----D---- C:\Program Files\Microsoft.NET
2008-08-13 23:31:09 ----D---- C:\WINDOWS\SHELLNEW
2008-08-13 23:29:54 ----D---- C:\Program Files\Microsoft Office
2008-08-13 23:29:52 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-13 23:27:06 ----RHD---- C:\MSOCache
2008-08-07 19:47:43 ----A---- C:\WINDOWS\unvise32.dll
2008-08-07 19:47:41 ----A---- C:\WINDOWS\unvise.exe
2008-08-07 19:47:08 ----D---- C:\WINDOWS\Claris
2008-08-07 19:47:00 ----D---- C:\Program Files\CookBook
2008-08-01 04:41:49 ----D---- C:\Program Files\Lavasoft
2008-07-31 09:51:01 ----D---- C:\Documents and Settings\Customer\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-28 14:51:53 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-07-28 13:13:12 ----D---- C:\WINDOWS\Omniquad Personal Firewall
2008-07-28 13:12:48 ----D---- C:\WINDOWS\Omniquad Total Security
2008-07-28 13:12:46 ----D---- C:\Program Files\Total Security 2007
2008-07-28 12:05:35 ----D---- C:\Deckard
2008-07-28 11:14:56 ----D---- C:\Program Files\R-TT
2008-07-28 11:09:26 ----D---- C:\Program Files\SpywareBlaster
2008-07-28 10:59:14 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-27 12:03:42 ----D---- C:\WINDOWS\system32\Kaspersky Lab
2008-07-27 10:52:26 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-27 10:52:26 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-27 10:52:26 ----A---- C:\WINDOWS\system32\java.exe
2008-07-26 09:20:36 ----D---- C:\WINDOWS\erdnt
2008-07-24 23:34:02 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-07-21 16:25:48 ----D---- C:\Program Files\Trend Micro
2008-07-20 17:32:08 ----D---- C:\Program Files\MozyHome
2008-07-20 12:07:08 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-07-20 12:04:42 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-07-19 17:04:08 ----D---- C:\WINDOWS\Prefetch
2008-07-19 16:24:57 ----C---- C:\WINDOWS\system32\HFX1126.tmp
2008-07-19 16:12:04 ----A---- C:\WINDOWS\system32\SET108B.tmp
2008-07-19 16:12:02 ----A---- C:\WINDOWS\system32\SET1084.tmp
2008-07-19 16:11:53 ----A---- C:\WINDOWS\system32\SET1060.tmp
2008-07-19 16:11:40 ----A---- C:\WINDOWS\system32\SET1038.tmp
2008-07-19 16:11:39 ----A---- C:\WINDOWS\system32\SET1031.tmp
2008-07-19 16:11:37 ----A---- C:\WINDOWS\system32\SET102D.tmp
2008-07-19 16:11:36 ----A---- C:\WINDOWS\system32\SET1028.tmp
2008-07-19 16:11:35 ----A---- C:\WINDOWS\system32\SET1025.tmp
2008-07-19 16:11:35 ----A---- C:\WINDOWS\system32\SET1024.tmp
2008-07-19 16:11:29 ----D---- C:\WINDOWS\system32\scripting
2008-07-19 16:11:23 ----D---- C:\WINDOWS\l2schemas
2008-07-19 16:11:21 ----D---- C:\WINDOWS\system32\en
2008-07-19 15:58:55 ----A---- C:\WINDOWS\SET468.tmp
2008-07-19 15:58:48 ----A---- C:\WINDOWS\system32\SET449.tmp
2008-07-19 15:58:48 ----A---- C:\WINDOWS\system32\SET447.tmp
2008-07-19 15:58:47 ----A---- C:\WINDOWS\system32\SET445.tmp
2008-07-19 15:58:45 ----A---- C:\WINDOWS\system32\SET43E.tmp
2008-07-19 15:58:44 ----A---- C:\WINDOWS\system32\SET439.tmp
2008-07-19 15:58:43 ----A---- C:\WINDOWS\system32\SET434.tmp
2008-07-19 15:58:43 ----A---- C:\WINDOWS\system32\SET433.tmp
2008-07-19 15:58:42 ----A---- C:\WINDOWS\system32\SET42F.tmp
2008-07-19 15:58:42 ----A---- C:\WINDOWS\system32\SET42E.tmp
2008-07-19 15:58:41 ----A---- C:\WINDOWS\system32\SET42B.tmp
2008-07-19 15:58:41 ----A---- C:\WINDOWS\system32\SET42A.tmp
2008-07-19 15:58:40 ----A---- C:\WINDOWS\system32\SET429.tmp
2008-07-19 15:58:39 ----A---- C:\WINDOWS\system32\SET423.tmp
2008-07-19 15:58:38 ----A---- C:\WINDOWS\system32\SET421.tmp
2008-07-19 15:58:37 ----A---- C:\WINDOWS\system32\SET41E.tmp
2008-07-19 15:58:36 ----A---- C:\WINDOWS\system32\SET41B.tmp
2008-07-19 15:58:34 ----A---- C:\WINDOWS\system32\SET411.tmp
2008-07-19 15:58:32 ----A---- C:\WINDOWS\system32\SET409.tmp
2008-07-19 15:58:31 ----A---- C:\WINDOWS\system32\SET408.tmp
2008-07-19 15:58:30 ----A---- C:\WINDOWS\system32\SET403.tmp
2008-07-19 15:58:29 ----A---- C:\WINDOWS\system32\SET401.tmp
2008-07-19 15:58:28 ----A---- C:\WINDOWS\system32\SET3FE.tmp
2008-07-19 15:58:27 ----A---- C:\WINDOWS\system32\SET3FD.tmp
2008-07-19 15:58:27 ----A---- C:\WINDOWS\system32\SET3FC.tmp
2008-07-19 15:58:27 ----A---- C:\WINDOWS\system32\SET3FB.tmp
2008-07-19 15:58:26 ----A---- C:\WINDOWS\system32\SET3F9.tmp
2008-07-19 15:58:26 ----A---- C:\WINDOWS\system32\SET3F7.tmp
2008-07-19 15:58:25 ----A---- C:\WINDOWS\system32\SET3F6.tmp
mshaver is offline   Reply With Quote
Didn't find the information you thought to find?
Check out these Similar Threads
Old 1st October 2008   #2
Member
 
Profile:
Join Date: Oct 2008
Posts: 20
Computer Experience:
Beginner
mshaver Reputation Level
Talking log part 2
2008-07-19 15:58:24 ----A---- C:\WINDOWS\system32\SET3F5.tmp
2008-07-19 15:58:24 ----A---- C:\WINDOWS\system32\SET3F4.tmp
2008-07-19 15:58:23 ----A---- C:\WINDOWS\system32\SET3F2.tmp
2008-07-19 15:58:23 ----A---- C:\WINDOWS\system32\SET3F1.tmp
2008-07-19 15:58:23 ----A---- C:\WINDOWS\system32\SET3F0.tmp
2008-07-19 15:58:20 ----A---- C:\WINDOWS\system32\SET3E9.tmp
2008-07-19 15:58:18 ----A---- C:\WINDOWS\system32\SET3E2.tmp
2008-07-19 15:58:18 ----A---- C:\WINDOWS\system32\SET3DF.tmp
2008-07-19 15:58:17 ----A---- C:\WINDOWS\system32\SET3DE.tmp
2008-07-19 15:58:09 ----A---- C:\WINDOWS\system32\SET3BD.tmp
2008-07-19 15:58:09 ----A---- C:\WINDOWS\system32\SET3BC.tmp
2008-07-19 15:58:05 ----A---- C:\WINDOWS\system32\SET3AC.tmp
2008-07-19 15:58:02 ----A---- C:\WINDOWS\system32\SET3A1.tmp
2008-07-19 15:58:01 ----A---- C:\WINDOWS\system32\SET39D.tmp
2008-07-19 15:57:58 ----A---- C:\WINDOWS\system32\SET395.tmp
2008-07-19 15:57:58 ----A---- C:\WINDOWS\system32\SET394.tmp
2008-07-19 15:57:57 ----A---- C:\WINDOWS\system32\SET393.tmp
2008-07-19 15:57:56 ----A---- C:\WINDOWS\system32\SET391.tmp
2008-07-19 15:57:55 ----A---- C:\WINDOWS\system32\SET38C.tmp
2008-07-19 15:57:53 ----A---- C:\WINDOWS\system32\SET383.tmp
2008-07-19 15:57:52 ----A---- C:\WINDOWS\system32\SET37F.tmp
2008-07-19 15:57:50 ----A---- C:\WINDOWS\system32\SET379.tmp
2008-07-19 15:57:50 ----A---- C:\WINDOWS\system32\SET378.tmp
2008-07-19 15:57:49 ----A---- C:\WINDOWS\system32\SET376.tmp
2008-07-19 15:57:47 ----A---- C:\WINDOWS\system32\SET370.tmp
2008-07-19 15:57:44 ----A---- C:\WINDOWS\system32\SET362.tmp
2008-07-19 15:57:43 ----A---- C:\WINDOWS\system32\SET35E.tmp
2008-07-19 15:57:42 ----A---- C:\WINDOWS\system32\SET358.tmp
2008-07-19 15:57:41 ----A---- C:\WINDOWS\system32\SET356.tmp
2008-07-19 15:57:40 ----A---- C:\WINDOWS\system32\SET354.tmp
2008-07-19 15:57:39 ----A---- C:\WINDOWS\system32\SET350.tmp
2008-07-19 15:57:35 ----A---- C:\WINDOWS\system32\SET340.tmp
2008-07-19 15:57:34 ----A---- C:\WINDOWS\system32\SET33C.tmp
2008-07-19 15:57:34 ----A---- C:\WINDOWS\system32\SET33A.tmp
2008-07-19 15:57:32 ----A---- C:\WINDOWS\system32\SET331.tmp
2008-07-19 15:57:31 ----A---- C:\WINDOWS\system32\SET32F.tmp
2008-07-19 15:57:29 ----A---- C:\WINDOWS\system32\SET328.tmp
2008-07-19 15:57:27 ----A---- C:\WINDOWS\system32\SET320.tmp
2008-07-19 15:57:24 ----A---- C:\WINDOWS\system32\SET31C.tmp
2008-07-19 15:57:24 ----A---- C:\WINDOWS\system32\SET31B.tmp
2008-07-19 15:57:23 ----A---- C:\WINDOWS\system32\SET318.tmp
2008-07-19 15:57:19 ----A---- C:\WINDOWS\system32\SET30D.tmp
2008-07-19 15:57:15 ----A---- C:\WINDOWS\system32\SET307.tmp
2008-07-19 15:57:15 ----A---- C:\WINDOWS\system32\SET306.tmp
2008-07-19 15:57:14 ----A---- C:\WINDOWS\system32\SET304.tmp
2008-07-19 15:57:12 ----A---- C:\WINDOWS\system32\SET2FF.tmp
2008-07-19 15:57:11 ----A---- C:\WINDOWS\system32\SET2FD.tmp
2008-07-19 15:57:10 ----A---- C:\WINDOWS\system32\SET2FB.tmp
2008-07-19 15:57:10 ----A---- C:\WINDOWS\system32\SET2FA.tmp
2008-07-19 15:57:09 ----A---- C:\WINDOWS\system32\SET2F9.tmp
2008-07-19 15:57:08 ----A---- C:\WINDOWS\system32\SET2F7.tmp
2008-07-19 15:57:03 ----A---- C:\WINDOWS\system32\SET2ED.tmp
2008-07-19 15:57:01 ----A---- C:\WINDOWS\system32\SET2EA.tmp
2008-07-19 15:57:00 ----A---- C:\WINDOWS\system32\SET2E8.tmp
2008-07-19 15:56:59 ----A---- C:\WINDOWS\system32\SET2E6.tmp
2008-07-19 15:56:58 ----A---- C:\WINDOWS\system32\SET2E5.tmp
2008-07-19 15:56:58 ----A---- C:\WINDOWS\system32\SET2E4.tmp
2008-07-19 15:56:58 ----A---- C:\WINDOWS\system32\SET2E3.tmp
2008-07-19 15:56:56 ----A---- C:\WINDOWS\system32\SET2E2.tmp
2008-07-19 15:56:56 ----A---- C:\WINDOWS\system32\SET2E1.tmp
2008-07-19 15:56:54 ----A---- C:\WINDOWS\system32\SET2DB.tmp
2008-07-19 15:56:53 ----A---- C:\WINDOWS\system32\SET2DA.tmp
2008-07-19 15:56:52 ----A---- C:\WINDOWS\system32\SET2D8.tmp
2008-07-19 15:56:51 ----A---- C:\WINDOWS\system32\SET2D7.tmp
2008-07-19 15:56:49 ----A---- C:\WINDOWS\system32\SET2D1.tmp
2008-07-19 15:56:49 ----A---- C:\WINDOWS\system32\SET2D0.tmp
2008-07-19 15:56:47 ----A---- C:\WINDOWS\system32\SET2CD.tmp
2008-07-19 15:56:46 ----A---- C:\WINDOWS\system32\SET2CC.tmp
2008-07-19 15:56:44 ----A---- C:\WINDOWS\system32\SET2C6.tmp
2008-07-19 15:56:42 ----A---- C:\WINDOWS\system32\SET2C3.tmp
2008-07-19 15:56:41 ----A---- C:\WINDOWS\system32\SET2C1.tmp
2008-07-19 15:56:40 ----A---- C:\WINDOWS\system32\SET2BC.tmp
2008-07-19 15:56:40 ----A---- C:\WINDOWS\system32\SET2BA.tmp
2008-07-19 15:56:39 ----A---- C:\WINDOWS\system32\SET2B9.tmp
2008-07-19 15:56:39 ----A---- C:\WINDOWS\system32\SET2B6.tmp
2008-07-19 15:56:38 ----A---- C:\WINDOWS\system32\SET2B3.tmp
2008-07-19 15:56:37 ----A---- C:\WINDOWS\system32\SET2B2.tmp
2008-07-19 15:56:36 ----A---- C:\WINDOWS\system32\SET2AF.tmp
2008-07-19 15:56:36 ----A---- C:\WINDOWS\system32\SET2AE.tmp
2008-07-19 15:56:35 ----A---- C:\WINDOWS\system32\SET2AC.tmp
2008-07-19 15:56:33 ----A---- C:\WINDOWS\system32\SET2A9.tmp
2008-07-19 15:56:33 ----A---- C:\WINDOWS\system32\SET2A7.tmp
2008-07-19 15:56:32 ----A---- C:\WINDOWS\system32\SET2A6.tmp
2008-07-19 15:56:32 ----A---- C:\WINDOWS\system32\SET2A5.tmp
2008-07-19 15:56:31 ----A---- C:\WINDOWS\system32\SET2A0.tmp
2008-07-19 15:56:30 ----A---- C:\WINDOWS\system32\SET29F.tmp
2008-07-19 15:56:30 ----A---- C:\WINDOWS\system32\SET29E.tmp
2008-07-19 15:56:28 ----A---- C:\WINDOWS\system32\SET299.tmp
2008-07-19 15:56:27 ----A---- C:\WINDOWS\system32\SET296.tmp
2008-07-19 15:56:27 ----A---- C:\WINDOWS\system32\SET294.tmp
2008-07-19 15:56:26 ----A---- C:\WINDOWS\system32\SET293.tmp
2008-07-19 15:56:26 ----A---- C:\WINDOWS\system32\SET292.tmp
2008-07-19 15:56:26 ----A---- C:\WINDOWS\system32\SET290.tmp
2008-07-19 15:56:25 ----A---- C:\WINDOWS\system32\SET28F.tmp
2008-07-19 15:56:25 ----A---- C:\WINDOWS\system32\SET28E.tmp
2008-07-19 15:56:25 ----A---- C:\WINDOWS\system32\SET28C.tmp
2008-07-19 15:56:25 ----A---- C:\WINDOWS\system32\SET28B.tmp
2008-07-19 15:56:24 ----A---- C:\WINDOWS\system32\SET28A.tmp
2008-07-19 15:56:24 ----A---- C:\WINDOWS\system32\SET289.tmp
2008-07-19 15:56:24 ----A---- C:\WINDOWS\system32\SET288.tmp
2008-07-19 15:56:23 ----A---- C:\WINDOWS\system32\SET285.tmp
2008-07-19 15:56:23 ----A---- C:\WINDOWS\system32\SET284.tmp
2008-07-19 15:56:21 ----A---- C:\WINDOWS\system32\SET27D.tmp
2008-07-19 15:56:20 ----A---- C:\WINDOWS\system32\SET27C.tmp
2008-07-19 15:56:20 ----A---- C:\WINDOWS\system32\SET27B.tmp
2008-07-19 15:56:19 ----A---- C:\WINDOWS\system32\SET279.tmp
2008-07-19 15:56:17 ----A---- C:\WINDOWS\system32\SET273.tmp
2008-07-19 15:56:16 ----A---- C:\WINDOWS\system32\SET26F.tmp
2008-07-19 15:56:15 ----A---- C:\WINDOWS\system32\SET26A.tmp
2008-07-19 15:56:14 ----A---- C:\WINDOWS\system32\SET267.tmp
2008-07-19 15:56:13 ----A---- C:\WINDOWS\system32\SET265.tmp
2008-07-19 15:56:12 ----A---- C:\WINDOWS\system32\SET262.tmp
2008-07-19 15:56:12 ----A---- C:\WINDOWS\system32\SET261.tmp
2008-07-19 15:56:10 ----A---- C:\WINDOWS\system32\SET25F.tmp
2008-07-19 15:56:08 ----A---- C:\WINDOWS\system32\SET259.tmp
2008-07-19 15:56:06 ----A---- C:\WINDOWS\system32\SET254.tmp
2008-07-19 15:56:06 ----A---- C:\WINDOWS\system32\SET253.tmp
2008-07-19 15:56:05 ----A---- C:\WINDOWS\system32\SET252.tmp
2008-07-19 15:56:05 ----A---- C:\WINDOWS\system32\SET250.tmp
2008-07-19 15:56:04 ----A---- C:\WINDOWS\system32\SET24E.tmp
2008-07-19 15:56:01 ----A---- C:\WINDOWS\system32\SET242.tmp
2008-07-19 15:55:59 ----A---- C:\WINDOWS\system32\SET23C.tmp
2008-07-19 15:55:58 ----A---- C:\WINDOWS\system32\SET239.tmp
2008-07-19 15:55:58 ----A---- C:\WINDOWS\system32\SET238.tmp
2008-07-19 15:55:57 ----A---- C:\WINDOWS\system32\SET237.tmp
2008-07-19 15:55:56 ----A---- C:\WINDOWS\system32\SET231.tmp
2008-07-19 15:55:55 ----A---- C:\WINDOWS\system32\SET230.tmp
2008-07-19 15:55:54 ----A---- C:\WINDOWS\system32\SET229.tmp
2008-07-19 15:55:53 ----A---- C:\WINDOWS\system32\SET228.tmp
2008-07-19 15:55:53 ----A---- C:\WINDOWS\system32\SET227.tmp
2008-07-19 15:55:51 ----A---- C:\WINDOWS\system32\SET221.tmp
2008-07-19 15:55:50 ----A---- C:\WINDOWS\system32\SET220.tmp
2008-07-19 15:55:49 ----A---- C:\WINDOWS\system32\SET21C.tmp
2008-07-19 15:55:49 ----A---- C:\WINDOWS\system32\SET21B.tmp
2008-07-19 15:55:48 ----A---- C:\WINDOWS\system32\SET217.tmp
2008-07-19 15:55:47 ----A---- C:\WINDOWS\system32\SET216.tmp
2008-07-19 15:55:46 ----A---- C:\WINDOWS\system32\SET213.tmp
2008-07-19 15:55:42 ----A---- C:\WINDOWS\system32\SET212.tmp
2008-07-19 15:55:41 ----A---- C:\WINDOWS\system32\SET211.tmp
2008-07-19 15:55:41 ----A---- C:\WINDOWS\system32\SET20F.tmp
2008-07-19 15:55:38 ----A---- C:\WINDOWS\system32\SET20D.tmp
2008-07-19 15:55:34 ----A---- C:\WINDOWS\system32\SET208.tmp
2008-07-19 15:55:26 ----A---- C:\WINDOWS\system32\SET1F8.tmp
2008-07-19 15:55:25 ----A---- C:\WINDOWS\system32\SET1F7.tmp
2008-07-19 15:55:25 ----A---- C:\WINDOWS\system32\SET1F6.tmp
2008-07-19 15:55:24 ----A---- C:\WINDOWS\system32\SET1F5.tmp
2008-07-19 15:55:24 ----A---- C:\WINDOWS\system32\SET1F4.tmp
2008-07-19 15:55:22 ----A---- C:\WINDOWS\system32\SET1F1.tmp
2008-07-19 15:55:17 ----A---- C:\WINDOWS\system32\SET1E4.tmp
2008-07-19 15:55:16 ----A---- C:\WINDOWS\system32\SET1E3.tmp
2008-07-19 15:55:15 ----A---- C:\WINDOWS\system32\SET1E0.tmp
2008-07-19 15:55:15 ----A---- C:\WINDOWS\system32\SET1DD.tmp
2008-07-19 15:55:14 ----A---- C:\WINDOWS\system32\SET1DC.tmp
2008-07-19 15:55:11 ----A---- C:\WINDOWS\system32\SET1D5.tmp
2008-07-19 15:55:10 ----A---- C:\WINDOWS\system32\SET1D4.tmp
2008-07-19 15:55:09 ----A---- C:\WINDOWS\system32\SET1D1.tmp
2008-07-19 15:55:08 ----A---- C:\WINDOWS\system32\SET1CE.tmp
2008-07-19 15:55:07 ----A---- C:\WINDOWS\system32\SET1CD.tmp
2008-07-19 15:55:05 ----A---- C:\WINDOWS\system32\SET1C8.tmp
2008-07-19 15:55:02 ----A---- C:\WINDOWS\system32\SET1C2.tmp
2008-07-19 15:55:02 ----A---- C:\WINDOWS\system32\SET1C1.tmp
2008-07-19 15:55:01 ----A---- C:\WINDOWS\system32\SET1C0.tmp
2008-07-19 15:55:01 ----A---- C:\WINDOWS\system32\SET1BF.tmp
2008-07-19 15:54:58 ----A---- C:\WINDOWS\system32\SET1B9.tmp
2008-07-19 15:54:57 ----A---- C:\WINDOWS\system32\SET1B7.tmp
2008-07-19 15:54:56 ----A---- C:\WINDOWS\system32\SET1B6.tmp
2008-07-19 15:54:56 ----A---- C:\WINDOWS\system32\SET1B5.tmp
2008-07-19 15:54:55 ----A---- C:\WINDOWS\system32\SET1B3.tmp
2008-07-19 15:54:51 ----A---- C:\WINDOWS\system32\SET1B0.tmp
2008-07-19 15:54:49 ----A---- C:\WINDOWS\system32\SET1AC.tmp
2008-07-19 15:54:48 ----A---- C:\WINDOWS\system32\SET1AA.tmp
2008-07-19 15:54:45 ----A---- C:\WINDOWS\system32\SET1A8.tmp
2008-07-19 15:54:44 ----A---- C:\WINDOWS\system32\SET1A5.tmp
2008-07-19 15:54:43 ----A---- C:\WINDOWS\system32\SET1A4.tmp
2008-07-19 15:54:42 ----A---- C:\WINDOWS\system32\SET1A3.tmp
2008-07-19 15:54:39 ----A---- C:\WINDOWS\system32\SET19C.tmp
2008-07-19 15:54:38 ----A---- C:\WINDOWS\system32\SET199.tmp
2008-07-19 15:54:37 ----A---- C:\WINDOWS\system32\SET198.tmp
2008-07-19 15:54:37 ----A---- C:\WINDOWS\system32\SET197.tmp
2008-07-19 15:54:36 ----A---- C:\WINDOWS\system32\SET195.tmp
2008-07-19 15:54:36 ----A---- C:\WINDOWS\system32\SET194.tmp
2008-07-19 15:54:35 ----A---- C:\WINDOWS\system32\SET193.tmp
2008-07-19 15:54:35 ----A---- C:\WINDOWS\system32\SET192.tmp
2008-07-19 15:54:34 ----A---- C:\WINDOWS\system32\SET191.tmp
2008-07-19 15:54:34 ----A---- C:\WINDOWS\system32\SET18F.tmp
2008-07-19 15:54:33 ----A---- C:\WINDOWS\system32\SET18D.tmp
2008-07-19 15:54:31 ----A---- C:\WINDOWS\system32\SET188.tmp
2008-07-19 15:54:30 ----A---- C:\WINDOWS\system32\SET185.tmp
2008-07-19 15:54:29 ----A---- C:\WINDOWS\system32\SET184.tmp
2008-07-19 15:54:28 ----A---- C:\WINDOWS\system32\SET17D.tmp
2008-07-19 15:54:27 ----A---- C:\WINDOWS\system32\SET17B.tmp
2008-07-19 15:54:27 ----A---- C:\WINDOWS\system32\SET179.tmp
2008-07-19 15:54:26 ----A---- C:\WINDOWS\system32\SET177.tmp
2008-07-19 15:54:25 ----A---- C:\WINDOWS\system32\SET176.tmp
2008-07-19 15:45:50 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2008-07-19 15:45:35 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-07-19 15:41:23 ----A---- C:\WINDOWS\system32\cmd.exe
2008-07-19 15:41:23 ----A---- C:\WINDOWS\system32\cacls.exe
2008-07-19 15:41:23 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-07-19 15:41:23 ----A---- C:\WINDOWS\system32\autochk.exe
2008-07-19 15:41:23 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-07-19 15:41:22 ----A---- C:\WINDOWS\system32\ftp.exe
2008-07-19 15:41:22 ----A---- C:\WINDOWS\system32\format.com
2008-07-19 15:41:22 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-07-19 15:41:22 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-07-19 15:41:22 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-07-19 15:41:22 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-07-19 15:41:21 ----A---- C:\WINDOWS\system32\locator.exe
2008-07-19 15:41:21 ----A---- C:\WINDOWS\system32\localspl.dll
2008-07-19 15:41:21 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-07-19 15:41:21 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-07-19 15:41:21 ----A---- C:\WINDOWS\system32\imagehlp.dll
2008-07-19 15:41:20 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-07-19 15:41:20 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-07-19 15:41:20 ----A---- C:\WINDOWS\system32\ntdll.dll
2008-07-19 15:41:20 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-07-19 15:41:20 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-07-19 15:41:20 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-07-19 15:41:20 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-07-19 15:41:20 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-07-19 15:41:18 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-07-19 15:41:18 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-07-19 15:41:18 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-07-19 15:41:18 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-07-19 15:41:18 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-07-19 15:41:17 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-07-19 15:41:17 ----A---- C:\WINDOWS\system32\rasman.dll
2008-07-19 15:41:17 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-07-19 15:41:17 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-07-19 15:41:17 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-07-19 15:41:17 ----A---- C:\WINDOWS\system32\printui.dll
2008-07-19 15:41:16 ----A---- C:\WINDOWS\system32\schannel.dll
2008-07-19 15:41:16 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-07-19 15:41:16 ----A---- C:\WINDOWS\system32\savedump.exe
2008-07-19 15:41:16 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-07-19 15:41:16 ----A---- C:\WINDOWS\system32\samlib.dll
2008-07-19 15:41:16 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-07-19 15:41:15 ----A---- C:\WINDOWS\system32\smss.exe
2008-07-19 15:41:15 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-07-19 15:41:15 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-07-19 15:41:15 ----A---- C:\WINDOWS\system32\services.exe
2008-07-19 15:41:14 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-07-19 15:41:14 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-07-19 15:41:14 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-07-19 15:41:13 ----A---- C:\WINDOWS\system32\userinit.exe
2008-07-19 15:41:13 ----A---- C:\WINDOWS\system32\untfs.dll
2008-07-19 15:41:13 ----A---- C:\WINDOWS\system32\ulib.dll
2008-07-19 15:41:12 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-07-19 15:41:12 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-07-19 15:40:57 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-07-19 15:40:57 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-19 15:40:57 ----A---- C:\WINDOWS\system32\hal.dll
2008-07-19 15:40:56 ----A---- C:\WINDOWS\system32\asfsipc.dll
2008-07-19 15:39:27 ----D---- C:\WINDOWS\EHome
2008-07-19 12:32:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-19 12:30:34 ----HDC---- C:\WINDOWS\$NtUninstallKB884020$
2008-07-19 09:50:36 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-18 21:38:38 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-07-18 21:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-07-18 20:59:05 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-07-18 20:58:39 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-07-18 20:55:49 ----D---- C:\Program Files\Windows Media Connect 2
2008-07-18 20:54:56 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-07-18 20:48:58 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-07-18 20:46:11 ----D---- C:\WINDOWS\system32\LogFiles
2008-07-18 20:45:30 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-07-16 11:36:04 ----D---- C:\Program Files\Cat Computer
2008-07-16 11:31:46 ----A---- C:\WINDOWS\ODBC.INI
2008-07-16 11:09:26 ----AC---- C:\WINDOWS\sensor.INI
2008-07-16 11:07:18 ----D---- C:\Program Files\Quick Heal
2008-07-16 01:00:56 ----A---- C:\$@sdntvt_optimize.tmp
2008-07-14 15:58:54 ----D---- C:\WINDOWS\system32\bits
2008-07-14 15:58:31 ----HDC---- C:\WINDOWS\$NtUninstallKB923845$
2008-07-14 15:57:59 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2008-07-14 15:56:41 ----HDC---- C:\WINDOWS\$NtUninstallKB914882$
2008-07-14 15:39:38 ----RSD---- C:\WINDOWS\assembly
2008-07-14 15:25:12 ----D---- C:\WINDOWS\Microsoft.NET
2008-07-14 15:09:18 ----HD---- C:\Config.Msi
2008-07-13 20:53:49 ----D---- C:\WINDOWS\system32\NtmsData
2008-07-13 19:25:58 ----AC---- C:\WINDOWS\system32\eb017685-.txt
2008-07-09 10:19:13 ----D---- C:\Program Files\Common Files\Apple
2008-07-09 10:18:49 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-09 09:47:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-07-07 11:58:11 ----D---- C:\Documents and Settings\Customer\Application Data\Meridian93
2008-07-07 11:12:02 ----D---- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-07-07 11:08:42 ----D---- C:\Documents and Settings\Customer\Application Data\Gamelab
2008-07-06 18:01:21 ----D---- C:\Program Files\sisagp
2008-07-06 14:58:22 ----D---- C:\Documents and Settings\Customer\Application Data\Legends of pirates
2008-07-06 13:06:13 ----D---- C:\Documents and Settings\Customer\Application Data\TheScruffs
2008-07-06 13:01:35 ----D---- C:\Documents and Settings\All Users\Application Data\PlayPond
2008-07-06 12:57:51 ----D---- C:\Documents and Settings\Customer\Application Data\Super-Cow
2008-07-06 12:32:37 ----D---- C:\Documents and Settings\All Users\Application Data\3 Blokes Studios
2008-07-06 11:37:49 ----D---- C:\Documents and Settings\Customer\Application Data\Twilight Games
2008-07-06 10:26:08 ----D---- C:\Documents and Settings\All Users\Application Data\JollyBear
2008-07-06 10:25:07 ----D---- C:\Documents and Settings\All Users\Application Data\MonteCristo
2008-07-04 11:38:23 ----D---- C:\Documents and Settings\Customer\Application Data\Eyeblaster
2008-07-04 11:23:45 ----D---- C:\users
2008-07-04 11:21:33 ----D---- C:\Program Files\RealArcade
2008-07-02 22:30:16 ----A---- C:\WINDOWS\unins001.exe
2008-07-02 21:12:26 ----D---- C:\WINDOWS\.jagex_cache_32

======List of files/folders modified in the last 3 months======

2008-10-01 08:56:25 ----D---- C:\Program Files\Mozilla Firefox
2008-10-01 08:55:56 ----D---- C:\WINDOWS\system32
2008-10-01 08:52:42 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-01 08:50:26 ----D---- C:\WINDOWS\Temp
2008-10-01 07:59:02 ----D---- C:\WINDOWS
2008-10-01 07:41:33 ----HD---- C:\WINDOWS\inf
2008-10-01 07:41:30 ----D---- C:\WINDOWS\system32\drivers
2008-10-01 07:27:44 ----SHD---- C:\WINDOWS\Installer
2008-10-01 07:26:28 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-01 07:25:23 ----AD---- C:\Program Files
2008-09-30 15:56:22 ----D---- C:\WINDOWS\system32\DirectX
2008-09-30 14:11:07 ----SHD---- C:\RECYCLER
2008-09-30 13:01:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-30 06:39:47 ----A---- C:\WINDOWS\system.ini
2008-09-30 06:36:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-30 06:36:12 ----D---- C:\WINDOWS\system32\config
2008-09-30 06:32:44 ----D---- C:\WINDOWS\AppPatch
2008-09-30 06:32:44 ----D---- C:\Program Files\Common Files
2008-09-30 06:09:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-30 06:09:07 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-29 08:49:33 ----AC---- C:\WINDOWS\cdplayer.ini
2008-09-29 08:23:20 ----SD---- C:\WINDOWS\Tasks
2008-09-28 15:21:42 ----D---- C:\Program Files\Common Files\Real
2008-09-28 15:21:34 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-09-28 15:20:01 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-09-28 15:20:01 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-09-28 15:19:51 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-09-28 15:19:50 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-09-28 15:19:50 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-09-21 17:20:57 ----D---- C:\WINDOWS\Registration
2008-09-21 11:32:43 ----D---- C:\WINDOWS\Help
2008-09-17 07:48:53 ----AC---- C:\WINDOWS\WORDPAD.INI
2008-09-15 10:48:42 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-10 03:04:09 ----A---- C:\WINDOWS\imsins.BAK
2008-09-10 03:03:59 ----D---- C:\WINDOWS\WinSxS
2008-09-10 03:01:29 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-03 08:45:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-08-30 03:36:37 ----D---- C:\Documents and Settings\Customer\Application Data\Yahoo!
2008-08-27 15:18:39 ----RSD---- C:\WINDOWS\Fonts
2008-08-26 10:19:10 ----D---- C:\Documents and Settings\Customer\Application Data\Apple Computer
2008-08-26 10:13:41 ----AC---- C:\WINDOWS\ANS2000.INI
2008-08-26 09:47:00 ----D---- C:\Program Files\iWin.com
2008-08-26 09:42:24 ----D---- C:\My Games
2008-08-25 16:17:51 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-08-25 12:05:09 ----SD---- C:\Documents and Settings\Customer\Application Data\Microsoft
2008-08-24 02:34:36 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-08-24 02:34:35 ----HD---- C:\Program Files\InstallShield Installation Information
2008-08-18 16:22:31 ----D---- C:\Documents and Settings\Customer\Application Data\EMBARQTOOLBAR
2008-08-17 16:01:39 ----D---- C:\Documents and Settings\All Users\Application Data\Zylom
2008-08-14 23:41:12 ----D---- C:\Program Files\Messenger
2008-08-14 23:36:04 ----D---- C:\Program Files\Internet Explorer
2008-08-14 23:35:46 ----D---- C:\WINDOWS\ie7updates
2008-08-14 00:57:15 ----D---- C:\Program Files\GraphicView32
2008-08-14 00:48:15 ----D---- C:\Program Files\Conference
2008-08-13 23:38:08 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-08-12 18:03:27 ----D---- C:\Documents and Settings\Customer\Application Data\Adobe
2008-07-31 09:51:33 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-29 08:11:15 ----D---- C:\Install ICQ
2008-07-28 14:52:48 ----D---- C:\Program Files\Adobe
2008-07-28 14:39:18 ----D---- C:\Program Files\Common Files\Adobe
2008-07-28 09:40:01 ----SHD---- C:\System Volume Information
2008-07-28 09:40:01 ----D---- C:\WINDOWS\system32\Restore
2008-07-27 11:27:02 ----HD---- C:\Temp
2008-07-27 11:00:27 ----D---- C:\Program Files\Java
2008-07-26 16:52:37 ----AC---- C:\WINDOWS\ACROREAD.INI
2008-07-26 16:39:52 ----D---- C:\Program Files\SearchAssistant6
2008-07-26 15:54:57 ----D---- C:\Program Files\Desktop
2008-07-25 03:29:44 ----A---- C:\WINDOWS\WININIT.INI
2008-07-20 23:04:29 ----D---- C:\Program Files\AMS
2008-07-20 22:38:58 ----D---- C:\WINDOWS\Cursors
2008-07-20 12:16:12 ----D---- C:\WINDOWS\security
2008-07-19 18:57:24 ----D---- C:\Program Files\Yahoo!
2008-07-19 17:03:39 ----D---- C:\WINDOWS\system32\wbem
2008-07-19 17:03:39 ----D---- C:\WINDOWS\system32\Setup
2008-07-19 16:50:10 ----D---- C:\WINDOWS\system32\usmt
2008-07-19 16:50:01 ----D---- C:\WINDOWS\system32\oobe
2008-07-19 16:49:59 ----D---- C:\WINDOWS\system32\npp
2008-07-19 16:41:50 ----D---- C:\WINDOWS\system32\Com
2008-07-19 16:37:18 ----D---- C:\WINDOWS\system
2008-07-19 16:37:17 ----D---- C:\WINDOWS\srchasst
2008-07-19 16:37:11 ----D---- C:\WINDOWS\PeerNet
2008-07-19 16:37:05 ----D---- C:\WINDOWS\network diagnostic
2008-07-19 16:37:01 ----D---- C:\WINDOWS\msagent
2008-07-19 16:36:36 ----D---- C:\WINDOWS\ime
2008-07-19 16:36:18 ----D---- C:\Program Files\Windows NT
2008-07-19 16:36:18 ----D---- C:\Program Files\Windows Media Player
2008-07-19 16:36:17 ----D---- C:\Program Files\Outlook Express
2008-07-19 16:36:13 ----D---- C:\Program Files\NetMeeting
2008-07-19 16:36:09 ----D---- C:\Program Files\Movie Maker
2008-07-19 16:35:49 ----D---- C:\Program Files\Common Files\System
2008-07-19 16:11:33 ----D---- C:\WINDOWS\system32\en-US
2008-07-19 15:49:18 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----AC---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-18 22:07:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\muweb.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-07-18 21:38:37 ----D---- C:\WINDOWS\Debug
2008-07-18 20:56:38 ----A---- C:\WINDOWS\win.ini
2008-07-16 18:55:33 ----D---- C:\Program Files\MSN Messenger
2008-07-16 17:47:12 ----D---- C:\Program Files\Symantec
2008-07-16 17:37:18 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-07-16 17:05:45 ----D---- C:\Program Files\XoftSpy
2008-07-16 16:50:13 ----D---- C:\Program Files\Norton SystemWorks
2008-07-16 16:44:57 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-16 12:26:42 ----D---- C:\Program Files\iWin Games
2008-07-15 10:16:05 ----SD---- C:\WINDOWS\system32\Microsoft
2008-07-14 15:25:57 ----D---- C:\WINDOWS\system32\mui
2008-07-14 06:09:18 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-07-12 00:34:14 ----D---- C:\Documents and Settings\Customer\Application Data\PlayFirst
2008-07-10 11:31:26 ----D---- C:\Program Files\PopCap Games
2008-07-09 10:21:27 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-07 15:32:22 ----A---- C:\WINDOWS\system32\es.dll
2008-07-07 12:57:15 ----D---- C:\Documents and Settings\Customer\Application Data\iWin
2008-07-07 12:10:50 ----D---- C:\WINDOWS\Minidump
2008-07-07 11:57:31 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-07-06 19:07:12 ----A---- C:\WINDOWS\unins000.exe
2008-07-04 15:01:23 ----A---- C:\WINDOWS\msoffice.ini
2008-07-04 14:57:36 ----D---- C:\Documents and Settings\Customer\Application Data\Lavasoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-08-29 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-08-29 24208]
R1 mozyFilter;mozyFilter; C:\WINDOWS\system32\DRIVERS\mozy.sys [2008-06-11 53752]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-04 42496]
R1 SbcpHid;SbcpHid; \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 UdfReadr;UdfReadr; C:\WINDOWS\system32\drivers\UdfReadr.sys [2002-10-02 206464]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 X4HSX32Ex;X4HSX32Ex; \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys []
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 SiSV;SiSV; C:\WINDOWS\system32\DRIVERS\SiSV.sys [2001-08-17 50432]
R3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2003-08-19 73984]
S3 ATWPKT2;ATWPKT2; \??\C:\Program Files\America Online 8.0a\ATWPKT2.SYS []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MR97310_USB_DUAL_CAMERA;CIF Dual-Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2006-05-02 110720]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 ovt519;VGA USB Camera; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-10-21 174530]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SQTECH9080;MegaCam(PID_9080_00); C:\WINDOWS\System32\Drivers\Capt9080.sys [2005-01-12 51016]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 cmdAgent;COMODO Firewall Pro Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2008-08-29 519936]
R2 iWinGamesInstaller;iWinGamesInstaller; C:\Program Files\iWin Games\iWinGamesInstaller.exe [2008-07-07 78104]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2008-04-01 303104]
R2 mozybackup;MozyHome Backup Service; C:\Program Files\MozyHome\mozybackup.exe [2008-06-11 87344]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------
mshaver is offline   Reply With Quote
Old 4th October 2008   #3
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,521
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Hi mshaver

First, I'd like to get a look at your Winlogon key. Highlight and copy the contents of the code box below.

Code:
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /s >winlogon.txt
start notepad winlogon.txt
exit
cls
Click Start then Run, type cmd then hit Enter to open a command window.
Right click in the command window and select Paste.
The command window will close and a log will open.
Post the contents of that log here.
noahdfear is offline   Reply With Quote
Old 6th October 2008   #4
Member
 
Profile:
Join Date: Oct 2008
Posts: 20
Computer Experience:
Beginner
mshaver Reputation Level
Red face
I did as you instructed and a window popped up and went away then nothing. The window goes away so quickly that I don't catch what is there, however, I do believe I caught the word invalid. Sorry this post took so long I fell sick this week end. Much better now.
mshaver is offline   Reply With Quote
Old 6th October 2008   #5
Member
 
Profile:
Join Date: Oct 2008
Posts: 20
Computer Experience:
Beginner
mshaver Reputation Level
Did not know if this would be relevant but thought you may want to see what was done in the past when I had an infection.
http://forums.spybot.info/showthread.php?t=31342


Also when I reread your post I discovered I did not follow you instructions very well. Would you believe that things work the way you expect when you follow directions carefully. Well I'll try to pay better attention from now on.


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
AutoRestartShell REG_DWORD 0x1
DefaultDomainName REG_SZ KCRC-75F6A08A51
DefaultUserName REG_SZ Customer
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD 0xffffffff
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0x0
passwordexpirywarning REG_DWORD 0xe
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0x0
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0x1
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0x0
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 0x1
ShowLogonOptions REG_DWORD 0x0
AltDefaultUserName REG_SZ Customer
AltDefaultDomainName REG_SZ KCRC-75F6A08A51
Background REG_SZ 0 0 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}
<NO NAME> REG_SZ Microsoft Disk Quota
NoMachinePolicy REG_DWORD 0x0
NoUserPolicy REG_DWORD 0x1
NoSlowLink REG_DWORD 0x1
NoBackgroundPolicy REG_DWORD 0x1
NoGPOListChanges REG_DWORD 0x1
PerUserLocalSettings REG_DWORD 0x0
RequiresSuccessfulRegistry REG_DWORD 0x1
EnableAsynchronousProcessing REG_DWORD 0x0
DllName REG_EXPAND_SZ dskquota.dll
ProcessGroupPolicy REG_SZ ProcessGroupPolicy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
<NO NAME> REG_SZ Internet Explorer Zonemapping
DllName REG_EXPAND_SZ iedkcs32.dll
ProcessGroupPolicy REG_SZ ProcessGroupPolicyForZoneMap
NoGPOListChanges REG_DWORD 0x1
RequiresSucessfulRegistry REG_DWORD 0x1
DisplayName REG_EXPAND_SZ @iedkcs32.dll,-3051

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}
ProcessGroupPolicy REG_SZ SceProcessSecurityPolicyGPO
GenerateGroupPolicy REG_SZ SceGenerateGroupPolicy
ExtensionRsopPlanningDebugLevel REG_DWORD 0x1
ProcessGroupPolicyEx REG_SZ SceProcessSecurityPolicyGPOEx
ExtensionDebugLevel REG_DWORD 0x1
DllName REG_EXPAND_SZ scecli.dll
<NO NAME> REG_SZ Security
NoUserPolicy REG_DWORD 0x1
NoGPOListChanges REG_DWORD 0x1
EnableAsynchronousProcessing REG_DWORD 0x1
MaxNoGPOListChangesInterval REG_DWORD 0x3c0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyEx
GenerateGroupPolicy REG_SZ GenerateGroupPolicy
ProcessGroupPolicy REG_SZ ProcessGroupPolicy
DllName REG_SZ iedkcs32.dll
<NO NAME> REG_SZ Internet Explorer Branding
NoSlowLink REG_DWORD 0x1
NoBackgroundPolicy REG_DWORD 0x0
NoGPOListChanges REG_DWORD 0x1
NoMachinePolicy REG_DWORD 0x1
DisplayName REG_EXPAND_SZ @iedkcs32.dll,-3014

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}
ProcessGroupPolicy REG_SZ SceProcessEFSRecoveryGPO
DllName REG_EXPAND_SZ scecli.dll
<NO NAME> REG_SZ EFS recovery
NoUserPolicy REG_DWORD 0x1
NoGPOListChanges REG_DWORD 0x1
RequiresSuccessfulRegistry REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}
<NO NAME> REG_SZ Microsoft Offline Files
DllName REG_EXPAND_SZ %SystemRoot%\System32\cscui.dll
EnableAsynchronousProcessing REG_DWORD 0x0
NoBackgroundPolicy REG_DWORD 0x0
NoGPOListChanges REG_DWORD 0x0
NoMachinePolicy REG_DWORD 0x0
NoSlowLink REG_DWORD 0x0
NoUserPolicy REG_DWORD 0x1
PerUserLocalSettings REG_DWORD 0x0
ProcessGroupPolicy REG_SZ ProcessGroupPolicy
RequiresSuccessfulRegistry REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}
<NO NAME> REG_SZ Software Installation
DllName REG_EXPAND_SZ appmgmts.dll
ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyObjectsEx
GenerateGroupPolicy REG_SZ GenerateGroupPolicy
NoBackgroundPolicy REG_DWORD 0x0
RequiresSucessfulRegistry REG_DWORD 0x0
NoSlowLink REG_DWORD 0x1
PerUserLocalSettings REG_DWORD 0x1
EventSources REG_MULTI_SZ (Application Management,Application)\0(MsiInstaller,Application)\0\0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
Asynchronous REG_DWORD 0x0
Impersonate REG_DWORD 0x0
DllName REG_EXPAND_SZ crypt32.dll
Logoff REG_SZ ChainWlxLogoffEvent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
Asynchronous REG_DWORD 0x0
Impersonate REG_DWORD 0x0
DllName REG_EXPAND_SZ cryptnet.dll
Logoff REG_SZ CryptnetWlxLogoffEvent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SCLogon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
HelpAssistant REG_DWORD 0x0
TsInternetUser REG_DWORD 0x0
SQLAgentCmdExec REG_DWORD 0x0
NetShowServices REG_DWORD 0x0
IWAM_ REG_DWORD 0x10000
IUSR_ REG_DWORD 0x10000
VUSR_ REG_DWORD 0x10000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials
Last edited by mshaver; 6th October 2008 at 19:48.
mshaver is offline   Reply With Quote
Old 8th October 2008   #6
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,521
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Highlight and copy the contents of the code box below.
Code:
del /q C:\WINDOWS\system32\SET???.tmp
exit
cls
Click Start>Run and type cmd then hit enter to open a command window. Right click in the command window and select paste. The command window will close on it's own.



Highlight and copy the contents of the code box below to a blank notepad. Save it to the desktop as;

Filename: fix.reg
Save as type: All Files (*.*)

Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
Double click fix.reg and allow it to merge with the registry, then delete fix.reg.
Reboot the computer and see if Windows Update will work now.
noahdfear is offline   Reply With Quote
Old 8th October 2008   #7
Member
 
Profile:
Join Date: Oct 2008
Posts: 20
Computer Experience:
Beginner
mshaver Reputation Level
That did the trick. As soon as I rebooted my pc auto update was back to work do its job. Thank you for the help. Is there any thing else I should do? Also off subject, can word pad be updated. My copy does not have word count which would help for school projects. Otherwise its nice to have update running again. Thanks again.
mshaver is offline   Reply With Quote
Old 9th October 2008   #8
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,521
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Glad to hear that did the trick. I'll look over your logs and previous topics a bit closer to see if anything else should be done and let you know, hopefully later this evening.

Wordpad does not have a word count function. I'd recommend you try OpenOffice. It's an open source (free) alternative to Microsoft Office.
noahdfear is offline   Reply With Quote
Old 9th October 2008   #9
Member
 
Profile:
Join Date: Oct 2008
Posts: 20
Computer Experience:
Beginner
mshaver Reputation Level
Thank you for your recommendation. After searching my computer I found I already have open office. I will give it a try. I'll also check back latter for any further post.
mshaver is offline   Reply With Quote
Old 9th October 2008   #10
Member
 
Profile:
Join Date: Oct 2008
Posts: 20
Computer Experience:
Beginner
mshaver Reputation Level
I ran spybot tonight which found 1 problem. When I hit fix the problem button I received this message:

2Search

(SBI $A898A57E) Text file
C:\Documents and Settings\Customer\Local Settings\temo\_uninsep.bat

Unexpected error in fixing problems
(Cannot create file "C:\WINDOWS\wininit.ini".Access is denied)

Should I be worried?
mshaver is offline   Reply With Quote
Old 9th October 2008   #11
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,521
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

That's odd. First, see if you still have the file C:\WINDOWS\WININIT.INI and delete it if present. Then, Download ATF Cleaner by Atribune and save it to your Desktop.
  • Double click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:

    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch
    • Java Cache
    • Recycle bin

  • The rest are optional - if you want it to remove everything check "Select All".
  • Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.
Reboot


Run Spybot again and let me know of any findings/issues.
noahdfear is offline   Reply With Quote
Old 9th October 2008   #12
Member
 
Profile:
Join Date: Oct 2008
Posts: 20
Computer Experience:
Beginner
mshaver Reputation Level
Yes, that seemed to do the trick. I did have to delete the mentioned file. Spybot found no threats after reboot.
mshaver is offline   Reply With Quote
Reply

« [InActive] win32/autoRun.ARX worm | [Resolved] Google Redirect - Help required »
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
[Resolved] google search redirected to ads some sites get connection errors coolbart323 Malware and Virus Removal 15 5th October 2008 03:05
Google Redirect Virus and 'Casino' icon cnugent Malware and Virus Removal 4 16th September 2008 04:06
[Resolved] Virus Alert next to clock p33kev Malware and Virus Removal 15 13th September 2008 07:20
Generic Downloader.z trojan ReggieB Malware and Virus Removal 4 20th August 2008 16:48
Generic Host Process for Win32 Services has encountered a problem... Jervin Malware and Virus Removal 16 10th May 2008 04:26


All times are GMT +1. The time now is 01:27.




Advertise - Contact Us - Windows BBS - Archive - Privacy Statement - Top

Advertisements do not imply our endorsement of the product or service advertised.
Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0
Copyright © 2002 - 2009 WindowsBBS.com. All rights reserved.
Terms of Use, Legal Information & Privacy Policy
[]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33