Skip to main content

billseymour

14 Posts

September 2nd, 2008 19:00

-= Yet more =-

 

8/5/2008 6:36:57 AM    97    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn417.tmp
8/5/2008 6:36:57 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn418.tmp
8/7/2008 6:42:15 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn41E.tmp
8/8/2008 6:57:02 AM    153    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn41F.tmp
8/5/2008 6:36:57 AM    149    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn420.tmp
8/5/2008 6:36:57 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn421.tmp
8/6/2008 6:04:02 AM    156    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn422.tmp
8/6/2008 6:04:02 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn423.tmp
8/8/2008 6:57:02 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn424.tmp
8/30/2008 7:58:07 AM    149    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn425.tmp
8/7/2008 6:42:15 AM    156    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn426.tmp
8/6/2008 6:04:02 AM    149    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn427.tmp
8/6/2008 6:04:02 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn428.tmp
8/7/2008 6:42:15 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn42C.tmp
8/13/2008 6:43:25 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn42D.tmp
8/9/2008 7:02:40 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn42E.tmp
8/8/2008 6:57:02 AM    156    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn42F.tmp
8/7/2008 6:42:15 AM    149    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn437.tmp
8/7/2008 6:42:15 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn438.tmp
8/8/2008 6:57:02 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn43B.tmp
8/9/2008 7:02:40 AM    153    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn43C.tmp
8/9/2008 7:02:40 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn43D.tmp
8/12/2008 6:54:13 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn43E.tmp
8/8/2008 6:57:03 AM    149    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn444.tmp
8/8/2008 6:57:03 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn445.tmp
8/12/2008 6:54:13 AM    153    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn446.tmp
8/12/2008 6:54:13 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn447.tmp
8/9/2008 7:02:41 AM    156    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn448.tmp
8/9/2008 7:02:41 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn449.tmp
8/13/2008 6:43:25 AM    153    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn44A.tmp
8/13/2008 6:43:25 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn44B.tmp
8/12/2008 6:54:14 AM    156    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn44C.tmp
8/9/2008 7:02:41 AM    149    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn44D.tmp
8/9/2008 7:02:41 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn44E.tmp
8/12/2008 6:54:14 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn44F.tmp
8/26/2008 7:24:26 AM    149    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn450.tmp
8/8/2008 6:57:13 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn451.tmp
8/8/2008 6:57:13 AM    215458    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn452.tmp
8/8/2008 6:57:13 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn453.tmp
8/8/2008 6:57:13 AM    176    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn454.tmp
8/8/2008 6:57:13 AM    1061275    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn455.tmp
8/15/2008 6:41:40 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn456.tmp
8/13/2008 6:43:25 AM    156    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn457.tmp
8/13/2008 6:43:25 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn458.tmp
8/12/2008 6:54:14 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn459.tmp
8/12/2008 6:54:14 AM    97    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn45A.tmp
8/9/2008 7:02:49 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn45B.tmp
8/9/2008 7:02:49 AM    215497    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn45C.tmp
8/9/2008 7:02:49 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn45D.tmp
8/9/2008 7:02:49 AM    176    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn45E.tmp
8/9/2008 7:02:49 AM    1061275    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn45F.tmp
8/12/2008 6:54:14 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn460.tmp
8/15/2008 6:41:40 AM    153    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn461.tmp
8/15/2008 6:41:40 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn462.tmp
8/13/2008 6:43:25 AM    149    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn463.tmp
8/12/2008 6:54:14 AM    149    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn464.tmp
8/12/2008 6:54:14 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn465.tmp
8/13/2008 6:43:25 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn466.tmp
8/17/2008 8:18:09 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn467.tmp
8/17/2008 8:18:09 AM    153    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn468.tmp
8/15/2008 6:41:40 AM    156    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn469.tmp
8/15/2008 6:41:40 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn46A.tmp
8/17/2008 8:18:09 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn46B.tmp
8/19/2008 7:02:58 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn46C.tmp
8/19/2008 7:02:58 AM    153    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn46D.tmp
8/15/2008 6:41:40 AM    149    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn46E.tmp
8/15/2008 6:41:40 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn46F.tmp
8/19/2008 7:02:58 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn470.tmp
8/20/2008 6:38:30 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn471.tmp
8/13/2008 6:43:35 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn472.tmp
8/13/2008 6:43:35 AM    215875    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn473.tmp
8/13/2008 6:43:35 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn474.tmp
8/13/2008 6:43:35 AM    176    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn475.tmp
8/13/2008 6:43:35 AM    1061275    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn476.tmp
8/17/2008 8:18:09 AM    156    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn477.tmp
8/17/2008 8:18:09 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn478.tmp
8/20/2008 6:38:30 AM    153    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn479.tmp
8/20/2008 6:38:30 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn47A.tmp
8/19/2008 7:02:59 AM    156    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn47B.tmp
8/15/2008 6:41:46 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn47C.tmp
8/15/2008 6:41:46 AM    216081    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn47D.tmp
8/15/2008 6:41:46 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn47E.tmp
8/15/2008 6:41:46 AM    176    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn47F.tmp
8/15/2008 6:41:46 AM    1061275    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn480.tmp
8/17/2008 8:18:09 AM    149    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn481.tmp
8/17/2008 8:18:09 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn482.tmp
8/19/2008 7:02:59 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn483.tmp
8/21/2008 6:38:45 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn484.tmp
8/21/2008 6:38:45 AM    153    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn485.tmp
8/20/2008 6:38:30 AM    156    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn486.tmp
8/20/2008 6:38:30 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn487.tmp
8/21/2008 6:38:45 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn488.tmp
8/22/2008 6:53:59 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn489.tmp
8/19/2008 7:02:59 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn48A.tmp
8/19/2008 7:02:59 AM    97    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn48B.tmp
8/19/2008 7:02:59 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn48C.tmp
8/22/2008 6:53:59 AM    153    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn48D.tmp
8/20/2008 6:38:30 AM    149    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn48E.tmp
8/20/2008 6:38:30 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn48F.tmp
8/19/2008 7:02:59 AM    149    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn490.tmp
8/17/2008 8:18:17 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn491.tmp
8/17/2008 8:18:17 AM    216124    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn492.tmp
8/17/2008 8:18:17 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn493.tmp
8/17/2008 8:18:17 AM    176    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn494.tmp
8/17/2008 8:18:17 AM    1063047    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn495.tmp

 

-= TBC =-

billseymour

14 Posts

September 2nd, 2008 19:00

-= Almost the last =-

 

 

 ====== Files and Folders under "All Users\Application Data" Last 30 Days======

8/20/2008 9:18:08 AM    27316    C:\Documents and Settings\All Users\Application Data\COMMON FILES
8/20/2008 9:18:08 AM    27316    C:\Documents and Settings\All Users\Application Data\COMMON FILES\INTUIT
8/20/2008 9:18:08 AM    27316    C:\Documents and Settings\All Users\Application Data\COMMON FILES\INTUIT\QUICKBOOKS
8/20/2008 5:49:24 PM    26822    C:\Documents and Settings\All Users\Application Data\COMMON FILES\INTUIT\QUICKBOOKS\qbupdate
8/20/2008 5:49:24 PM    26822    C:\Documents and Settings\All Users\Application Data\COMMON FILES\INTUIT\QUICKBOOKS\qbupdate\log
8/27/2008 12:21:32 PM    2434    32    C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate

 ====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======


====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{601ED020-FB6C-11D3-87D8-0050DA59922B}
Ipswitch.WsftpBrowserHelper

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}
Browser Address Error Redirector

====== Services ( Services that are Whitelisted are not shown) ======

 Apple Mobile Device (Apple Mobile Device) "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"  - Auto

 Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) C:\WINDOWS\system32\basfipm.exe  - Auto

 Digi RealPort Network Service (DgRpEncx) C:\WINDOWS\system32\dgrpencx.exe  - Auto

 LVSrvLauncher (LVSrvLauncher) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe  - Auto

 NICCONFIGSVC (NICCONFIGSVC) C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe  - Auto

 QBCFMonitorService (QBCFMonitorService) "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe"  - Auto

 Intuit QuickBooks FCS (QBFCService) "C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe"  - Manual

 Windows Defender (WinDefend) "C:\Program Files\Windows Defender\MsMpEng.exe"  - Auto

 Dell Wireless WLAN Tray Service (wltrysvc) C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe  - Auto


====== Running Processes ======

System Idle Process   [0]  
System   [4]  
csrss.exe   [1240]   C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe   [1264]   winlogon.exe
services.exe   [1308]   C:\WINDOWS\system32\services.exe
lsass.exe   [1320]   C:\WINDOWS\system32\lsass.exe
svchost.exe   [1512]   C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe   [1600]   C:\WINDOWS\system32\svchost -k rpcss
svchost.exe   [1836]   C:\WINDOWS\System32\svchost.exe -k netsvcs
Smc.exe   [1984]   "C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe"
svchost.exe   [124]   C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe   [240]   C:\WINDOWS\system32\svchost.exe -k LocalService
ccSvcHst.exe   [660]   "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
WLTRYSVC.EXE   [768]   C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe
BCMWLTRY.EXE   [904]   C:\WINDOWS\System32\bcmwltry.exe
spoolsv.exe   [952]   C:\WINDOWS\system32\spoolsv.exe
scardsvr.exe   [1056]   C:\WINDOWS\System32\SCardSvr.exe
AppleMobileDeviceService.exe   [1992]   "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
BAsfIpM.exe   [316]   C:\WINDOWS\system32\basfipm.exe
mDNSResponder.exe   [452]   "C:\Program Files\Bonjour\mDNSResponder.exe"
dgrpencx.exe   [520]   C:\WINDOWS\system32\dgrpencx.exe
MDM.EXE   [1584]   "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
NicConfigSvc.exe   [1656]   "C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe"
HPZipm12.exe   [1672]   C:\WINDOWS\system32\HPZipm12.exe
QBCFMonitorService.exe   [1748]   "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe"
svchost.exe   [1960]   C:\WINDOWS\system32\svchost.exe -k imgsvc
Rtvscan.exe   [2032]   "C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe"
wmiprvse.exe   [2568]   C:\WINDOWS\system32\wbem\wmiprvse.exe
alg.exe   [2660]   C:\WINDOWS\System32\alg.exe
explorer.exe   [3088]   C:\WINDOWS\Explorer.EXE
SmcGui.exe   [3048]    \\.\pipe\SygateSecurityAgentR41T81093 \\.\pipe\SygateSecurityAgentW18467T81093
ccApp.exe   [2440]   "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
jusched.exe   [3728]   "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
iTunesHelper.exe   [820]   "C:\Program Files\iTunes\iTunesHelper.exe"
igfxpers.exe   [2252]   "C:\WINDOWS\system32\igfxpers.exe"
hkcmd.exe   [1880]   "C:\WINDOWS\system32\hkcmd.exe"
hpztsb09.exe   [2960]   "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe"
hpwuSchd.exe   [3164]   "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
hpcmpmgr.exe   [900]   "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
DVDLauncher.exe   [2400]   "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
tfswctrl.exe   [3348]   "C:\WINDOWS\system32\dla\tfswctrl.exe"
igfxsrvc.exe   [2280]   C:\WINDOWS\system32\igfxsrvc.exe -Embedding
quickset.exe   [3276]   "C:\Program Files\Dell\QuickSet\quickset.exe"
WLTRAY.EXE   [2152]   "C:\WINDOWS\system32\WLTRAY.exe"
Apoint.exe   [1692]   "C:\Program Files\Apoint\Apoint.exe"
ctfmon.exe   [2544]   "C:\WINDOWS\system32\ctfmon.exe"
GoogleToolbarNotifier.exe   [3836]   "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
acrotray.exe   [1856]   "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe"
DLG.exe   [3192]   "C:\Program Files\Digital Line Detect\DLG.exe"
hpqtra08.exe   [3312]   "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"
hidfind.exe   [3788]   "C:\Program Files\Apoint\HidFind.exe"
ApntEx.exe   [1780]   "Apntex.exe"
hpqimzone.exe   [3188]   "C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe" -s
iPodService.exe   [3100]   "C:\Program Files\iPod\bin\iPodService.exe"
rundll32.exe   [3872]   "C:\WINDOWS\system32\rundll32.exe" /d C:\WINDOWS\system32\shell32.dll,Control_RunDLL SYSDM.CPL
msiexec.exe   [2160]   C:\WINDOWS\system32\msiexec.exe /V
wscript.exe   [3256]   "C:\WINDOWS\System32\WScript.exe" "C:\Documents and Settings\lkris\Desktop\FileLister.vbe"
wmiprvse.exe   [3148]   C:\WINDOWS\system32\wbem\wmiprvse.exe

-= TBC =-

billseymour

14 Posts

September 2nd, 2008 19:00

Sure thing...


+++++++++++++++++++++++++++++++++
+
+ File Lister
+
+ Version 1.0.4
+
+  By bamajim / bamajim.com
+
+++++++++++++++++++++++++++++++++


Report ran on --->>>  9/2/2008 1:18:14 PM

====== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY.exe"
"AppleSyncNotifier"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"ShowLOMControl"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""


====== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"


====== Folders and Files from "%\" and "%\Windows" Created Last 30 Days ======

9/2/2008 1:18:14 PM    2251    32    C:\Files.txt
8/27/2008 12:25:45 PM    2138497024    38    C:\hiberfil.sys
8/27/2008 11:42:26 AM    380175491    C:\WINDOWS\$NtServicePackUninstall$
8/27/2008 11:42:26 AM    2513337    C:\WINDOWS\$NtServicePackUninstall$\spuninst
8/27/2008 11:57:40 AM    716706    C:\WINDOWS\$NtUninstallKB946648$
8/27/2008 11:57:40 AM    621331    C:\WINDOWS\$NtUninstallKB946648$\spuninst
8/14/2008 9:58:13 PM    710419    C:\WINDOWS\$NtUninstallKB946648_0$
8/14/2008 9:58:13 PM    627475    C:\WINDOWS\$NtUninstallKB946648_0$\spuninst
8/27/2008 11:57:52 AM    836738    C:\WINDOWS\$NtUninstallKB950762$
8/27/2008 11:57:52 AM    621683    C:\WINDOWS\$NtUninstallKB950762$\spuninst
8/27/2008 11:58:02 AM    880284    C:\WINDOWS\$NtUninstallKB950974$
8/27/2008 11:58:02 AM    621581    C:\WINDOWS\$NtUninstallKB950974$\spuninst
8/14/2008 9:57:57 PM    870808    C:\WINDOWS\$NtUninstallKB950974_0$
8/14/2008 9:57:57 PM    627608    C:\WINDOWS\$NtUninstallKB950974_0$\spuninst
8/27/2008 11:58:10 AM    1325766    C:\WINDOWS\$NtUninstallKB951066$
8/27/2008 11:58:10 AM    621623    C:\WINDOWS\$NtUninstallKB951066$\spuninst
8/14/2008 9:57:02 PM    1311117    C:\WINDOWS\$NtUninstallKB951066_0$
8/14/2008 9:57:02 PM    627597    C:\WINDOWS\$NtUninstallKB951066_0$\spuninst
8/14/2008 9:57:51 PM    688854    C:\WINDOWS\$NtUninstallKB951072-v2$
8/14/2008 9:57:51 PM    628438    C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst
8/27/2008 11:58:21 AM    907474    C:\WINDOWS\$NtUninstallKB951376$
8/27/2008 11:58:21 AM    622019    C:\WINDOWS\$NtUninstallKB951376$\spuninst
8/27/2008 11:58:30 AM    906765    C:\WINDOWS\$NtUninstallKB951376-v2$
8/27/2008 11:58:30 AM    622206    C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst
8/27/2008 11:58:39 AM    1922232    C:\WINDOWS\$NtUninstallKB951698$
8/27/2008 11:58:39 AM    621609    C:\WINDOWS\$NtUninstallKB951698$\spuninst
8/27/2008 11:58:48 AM    1760343    C:\WINDOWS\$NtUninstallKB951748$
8/27/2008 11:58:48 AM    623222    C:\WINDOWS\$NtUninstallKB951748$\spuninst
8/29/2008 7:28:08 AM    2446823    C:\WINDOWS\$NtUninstallKB951978$
8/29/2008 7:28:08 AM    628199    C:\WINDOWS\$NtUninstallKB951978$\spuninst
8/27/2008 11:59:00 AM    966019    C:\WINDOWS\$NtUninstallKB952287$
8/27/2008 11:59:00 AM    621812    C:\WINDOWS\$NtUninstallKB952287$\spuninst
8/14/2008 9:57:42 PM    959494    C:\WINDOWS\$NtUninstallKB952287_0$
8/14/2008 9:57:42 PM    627718    C:\WINDOWS\$NtUninstallKB952287_0$\spuninst
8/27/2008 11:59:09 AM    707761    C:\WINDOWS\$NtUninstallKB952954$
8/27/2008 11:59:09 AM    621602    C:\WINDOWS\$NtUninstallKB952954$\spuninst
8/14/2008 9:58:19 PM    702031    C:\WINDOWS\$NtUninstallKB952954_0$
8/14/2008 9:58:19 PM    627791    C:\WINDOWS\$NtUninstallKB952954_0$\spuninst
8/14/2008 9:58:06 PM    720257    C:\WINDOWS\$NtUninstallKB953839$
8/14/2008 9:58:06 PM    626049    C:\WINDOWS\$NtUninstallKB953839$\spuninst
8/27/2008 11:51:50 AM    46127    C:\WINDOWS\l2schemas
8/27/2008 12:08:26 PM    2930088    C:\WINDOWS\Prefetch
8/27/2008 12:26:52 PM    1161    C:\WINDOWS\pss
8/27/2008 11:49:17 AM    595270300    C:\WINDOWS\ServicePackFiles
8/27/2008 11:49:17 AM    592135051    C:\WINDOWS\ServicePackFiles\i386
8/27/2008 11:51:41 AM    49218301    C:\WINDOWS\ServicePackFiles\i386\lang
8/27/2008 11:52:14 AM    3135249    C:\WINDOWS\ServicePackFiles\ServicePackCache
8/27/2008 11:52:14 AM    3135249    C:\WINDOWS\ServicePackFiles\ServicePackCache\i386
8/27/2008 10:41:04 AM    19569    32    C:\WINDOWS\003018_.tmp
8/14/2008 9:58:12 PM    213897    32    C:\WINDOWS\KB946648.log
8/14/2008 9:54:06 PM    217519    32    C:\WINDOWS\KB950974.log
8/14/2008 9:56:34 PM    205662    32    C:\WINDOWS\KB951066.log
8/14/2008 9:53:44 PM    33109    32    C:\WINDOWS\KB951072-v2.log
8/28/2008 7:49:07 AM    13851    32    C:\WINDOWS\KB951978.log
8/14/2008 9:57:41 PM    211397    32    C:\WINDOWS\KB952287.log
8/14/2008 9:54:11 PM    218060    32    C:\WINDOWS\KB952954.log
8/14/2008 9:57:14 PM    18295    32    C:\WINDOWS\KB953838-IE7.log
8/14/2008 9:58:05 PM    12792    32    C:\WINDOWS\KB953839.log
8/27/2008 12:23:06 PM    87876    32    C:\WINDOWS\ntbtlog.txt
8/27/2008 10:41:42 AM    32866    0    C:\WINDOWS\slrundll.exe
8/27/2008 12:08:49 PM    187    32    C:\WINDOWS\spupdsvc.log.1.log
8/27/2008 6:38:07 AM    576378    32    C:\WINDOWS\svcpack.log
8/21/2008 6:37:11 AM    0    32    C:\WINDOWS\VPC32.INI
8/27/2008 11:51:49 AM    409088    C:\WINDOWS\system32\bits
8/27/2008 11:51:50 AM    76288    C:\WINDOWS\system32\en
8/27/2008 11:51:50 AM    83456    C:\WINDOWS\system32\scripting
8/27/2008 10:40:53 AM    229376    0    C:\WINDOWS\system32\ati2cqag.dll
8/27/2008 10:40:53 AM    377984    0    C:\WINDOWS\system32\ati2dvaa.dll
8/27/2008 10:40:53 AM    201728    0    C:\WINDOWS\system32\ati2dvag.dll
8/27/2008 10:40:53 AM    870784    0    C:\WINDOWS\system32\ati3d1ag.dll
8/27/2008 10:40:53 AM    1888992    0    C:\WINDOWS\system32\ati3duag.dll
8/27/2008 10:40:54 AM    9728    0    C:\WINDOWS\system32\ativdaxx.ax
8/27/2008 10:40:54 AM    23040    0    C:\WINDOWS\system32\ativmvxx.ax
8/27/2008 10:40:54 AM    32768    0    C:\WINDOWS\system32\ativtmxx.dll
8/27/2008 10:40:55 AM    516768    0    C:\WINDOWS\system32\ativvaxx.dll
8/27/2008 10:40:56 AM    233472    0    C:\WINDOWS\system32\azroles.dll
8/27/2008 10:40:56 AM    7168    0    C:\WINDOWS\system32\bitsprx4.dll
8/27/2008 10:41:08 AM    9728    0    C:\WINDOWS\system32\comsdupd.exe
8/27/2008 10:40:58 AM    12800    0    C:\WINDOWS\system32\credssp.dll
8/27/2008 10:41:00 AM    48640    0    C:\WINDOWS\system32\dhcpqec.dll
8/27/2008 10:41:00 AM    19456    0    C:\WINDOWS\system32\dimsntfy.dll
8/27/2008 10:41:00 AM    39936    0    C:\WINDOWS\system32\dimsroam.dll
8/27/2008 10:41:01 AM    26112    0    C:\WINDOWS\system32\dot3api.dll
8/27/2008 10:41:01 AM    57856    0    C:\WINDOWS\system32\dot3cfg.dll
8/27/2008 10:41:01 AM    9216    0    C:\WINDOWS\system32\dot3dlg.dll
8/27/2008 10:41:01 AM    39936    0    C:\WINDOWS\system32\dot3gpclnt.dll
8/27/2008 10:41:01 AM    56320    0    C:\WINDOWS\system32\dot3msm.dll
8/27/2008 10:41:01 AM    132096    0    C:\WINDOWS\system32\dot3svc.dll
8/27/2008 10:41:01 AM    650752    0    C:\WINDOWS\system32\dot3ui.dll
8/27/2008 10:41:02 AM    30720    0    C:\WINDOWS\system32\eapolqec.dll
8/27/2008 10:41:02 AM    184832    0    C:\WINDOWS\system32\eapp3hst.dll
8/27/2008 10:41:02 AM    126976    0    C:\WINDOWS\system32\eappcfg.dll
8/27/2008 10:41:02 AM    94208    0    C:\WINDOWS\system32\eappgnui.dll
8/27/2008 10:41:02 AM    180224    0    C:\WINDOWS\system32\eapphost.dll
8/27/2008 10:41:02 AM    40960    0    C:\WINDOWS\system32\eappprxy.dll
8/27/2008 10:41:02 AM    59392    0    C:\WINDOWS\system32\eapqec.dll
8/27/2008 10:41:02 AM    33792    0    C:\WINDOWS\system32\eapsvc.dll
8/27/2008 10:41:04 AM    20992    0    C:\WINDOWS\system32\faxpatch.exe
8/27/2008 10:41:06 AM    32285    0    C:\WINDOWS\system32\hsfcisp2.dll
8/27/2008 10:41:15 AM    6144    0    C:\WINDOWS\system32\kbdbhc.dll
8/27/2008 10:41:15 AM    6144    0    C:\WINDOWS\system32\kbdiultn.dll
8/27/2008 10:41:15 AM    6144    0    C:\WINDOWS\system32\kbdnepr.dll
8/27/2008 10:41:16 AM    6144    0    C:\WINDOWS\system32\kbdpash.dll
8/27/2008 10:41:16 AM    61440    0    C:\WINDOWS\system32\kmsvc.dll
8/27/2008 10:41:16 AM    37376    0    C:\WINDOWS\system32\l2gpstore.dll
8/27/2008 10:41:23 AM    184320    0    C:\WINDOWS\system32\microsoft.managementconsole.dll
8/27/2008 10:41:23 AM    397312    0    C:\WINDOWS\system32\mmcex.dll
8/27/2008 10:41:23 AM    106496    0    C:\WINDOWS\system32\mmcfxcommon.dll
8/27/2008 10:41:23 AM    33792    0    C:\WINDOWS\system32\mmcperf.exe
8/27/2008 10:41:30 AM    155136    0    C:\WINDOWS\system32\mssha.dll
8/27/2008 10:41:30 AM    76800    0    C:\WINDOWS\system32\msshavmsg.dll
8/27/2008 10:41:31 AM    1737856    0    C:\WINDOWS\system32\mtxparhd.dll
8/27/2008 10:41:32 AM    30208    0    C:\WINDOWS\system32\napipsec.dll
8/27/2008 10:41:32 AM    193024    0    C:\WINDOWS\system32\napmontr.dll
8/27/2008 10:41:32 AM    176640    0    C:\WINDOWS\system32\napstat.exe
8/27/2008 10:41:36 AM    144384    0    C:\WINDOWS\system32\onex.dll
8/27/2008 10:41:37 AM    412160    0    C:\WINDOWS\system32\photometadatahandler.dll
8/27/2008 10:41:10 AM    974    0    C:\WINDOWS\system32\pid.inf
8/27/2008 10:41:37 AM    150528    0    C:\WINDOWS\system32\qagent.dll
8/27/2008 10:41:37 AM    291328    0    C:\WINDOWS\system32\qagentrt.dll
8/27/2008 10:41:38 AM    62464    0    C:\WINDOWS\system32\qcliprov.dll
8/27/2008 10:41:38 AM    76800    0    C:\WINDOWS\system32\qutil.dll
8/27/2008 10:41:38 AM    61952    0    C:\WINDOWS\system32\rasqec.dll
8/27/2008 10:41:10 AM    9728    0    C:\WINDOWS\system32\rwnh.dll
8/27/2008 12:31:51 PM    60800    32    C:\WINDOWS\system32\S32EVNT1.DLL
8/27/2008 10:41:40 AM    397056    0    C:\WINDOWS\system32\s3gnb.dll
8/27/2008 10:41:41 AM    32768    0    C:\WINDOWS\system32\setupn.exe
8/27/2008 10:41:42 AM    73832    0    C:\WINDOWS\system32\slcoinst.dll
8/27/2008 10:41:42 AM    286792    0    C:\WINDOWS\system32\slextspk.dll
8/27/2008 10:41:42 AM    188508    0    C:\WINDOWS\system32\slgen.dll
8/27/2008 10:41:42 AM    32866    0    C:\WINDOWS\system32\slrundll.exe
8/27/2008 10:41:42 AM    73796    0    C:\WINDOWS\system32\slserv.exe
8/27/2008 10:41:10 AM    10752    0    C:\WINDOWS\system32\smtpapi.dll
8/27/2008 10:41:44 AM    7680    32    C:\WINDOWS\system32\spdwnwxp.exe
8/27/2008 10:41:44 AM    20992    0    C:\WINDOWS\system32\spupdwxp.exe
8/27/2008 12:08:48 PM    257    32    C:\WINDOWS\system32\spupdwxp.log
8/27/2008 10:41:48 AM    50688    0    C:\WINDOWS\system32\tspkg.dll
8/27/2008 10:41:52 AM    712704    0    C:\WINDOWS\system32\windowscodecs.dll
8/27/2008 10:41:52 AM    346112    0    C:\WINDOWS\system32\windowscodecsext.dll
8/27/2008 10:41:53 AM    69120    0    C:\WINDOWS\system32\wlanapi.dll
8/27/2008 10:41:54 AM    276992    0    C:\WINDOWS\system32\wmphoto.dll

-= TBC =-

bamajim

10.4K Posts

September 2nd, 2008 19:00

billseymour

It will take a couple of runs at this to fix so please be patient

1. Go HERE and download File Lister.
  • Save it to your Desktop
    Rt Click ->> Extract all ->> And extract it to your Desktop
    Additional help on extracting zip files can be found HERE
    Open the File Lister Folder.
    Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
    As the program runs, it will appear that nothing is happening.
    When the program is fnished it will produce a log for you C:\Files.txt






Copy and paste the contents of that log in your reply.

You may have to post the results in more than one reply












 


 


"The world is what you make of it"




billseymour

14 Posts

September 2nd, 2008 19:00

-= And even more =-

8/14/2008 6:51:36 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn496.tmp
8/14/2008 6:51:36 AM    153    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn497.tmp
8/14/2008 6:51:36 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn498.tmp
8/19/2008 7:03:00 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn499.tmp
8/22/2008 6:53:59 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn49A.tmp
8/21/2008 6:38:45 AM    156    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn49B.tmp
8/21/2008 6:38:45 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn49C.tmp
8/14/2008 6:51:36 AM    156    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn49D.tmp
8/14/2008 6:51:36 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn49E.tmp
8/26/2008 7:24:27 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn49F.tmp
8/28/2008 8:12:52 AM    149    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4A0.tmp
8/21/2008 6:38:46 AM    149    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4A1.tmp
8/14/2008 6:51:36 AM    149    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4A2.tmp
8/14/2008 6:51:36 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4A3.tmp
8/21/2008 6:38:46 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4A4.tmp
8/22/2008 6:53:59 AM    156    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4A5.tmp
8/22/2008 6:53:59 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4A6.tmp
8/28/2008 8:12:52 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4A7.tmp
8/29/2008 7:46:37 AM    149    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4A8.tmp
8/19/2008 7:03:11 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4A9.tmp
8/19/2008 7:03:11 AM    216586    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4AA.tmp
8/19/2008 7:03:11 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4AB.tmp
8/19/2008 7:03:11 AM    176    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4AC.tmp
8/19/2008 7:03:11 AM    1063047    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4AD.tmp
8/29/2008 7:46:37 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4AE.tmp
8/22/2008 6:54:00 AM    149    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4AF.tmp
8/22/2008 6:54:00 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4B0.tmp
8/26/2008 7:24:27 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4B1.tmp
8/26/2008 7:24:27 AM    97    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4B2.tmp
8/14/2008 6:51:49 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4B3.tmp
8/14/2008 6:51:49 AM    216011    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4B4.tmp
8/14/2008 6:51:49 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4B5.tmp
8/14/2008 6:51:49 AM    176    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4B6.tmp
8/14/2008 6:51:49 AM    1061275    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4B7.tmp
8/21/2008 6:38:54 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4B8.tmp
8/21/2008 6:38:54 AM    216651    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4B9.tmp
8/21/2008 6:38:54 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4BA.tmp
8/21/2008 6:38:54 AM    176    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4BB.tmp
8/21/2008 6:38:54 AM    1063765    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4BC.tmp
8/26/2008 7:24:27 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4BD.tmp
8/30/2008 7:58:08 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4BE.tmp
8/28/2008 8:12:52 AM    156    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4BF.tmp
8/28/2008 8:12:52 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4C0.tmp
8/29/2008 7:46:37 AM    156    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4C2.tmp
8/26/2008 7:24:27 AM    156    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4C3.tmp
8/26/2008 7:24:27 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4C4.tmp
8/29/2008 7:46:37 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4C5.tmp
8/30/2008 7:58:08 AM    156    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4C7.tmp
8/28/2008 8:12:52 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4C8.tmp
8/28/2008 8:12:52 AM    153    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4C9.tmp
8/26/2008 7:24:28 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4CA.tmp
8/26/2008 7:24:28 AM    153    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4CB.tmp
8/26/2008 7:24:28 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4CC.tmp
8/28/2008 8:12:52 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4CD.tmp
8/30/2008 7:58:08 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4CE.tmp
8/29/2008 7:46:37 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4D0.tmp
8/29/2008 7:46:37 AM    153    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4D1.tmp
8/29/2008 7:46:37 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4D2.tmp
8/28/2008 8:12:52 AM    4578    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4D3.tmp
8/28/2008 8:12:52 AM    175    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4D4.tmp
8/28/2008 8:12:52 AM    1232    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4D5.tmp
8/30/2008 7:58:08 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4D9.tmp
8/30/2008 7:58:08 AM    153    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4DA.tmp
8/30/2008 7:58:08 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4DB.tmp
8/29/2008 7:46:45 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4DD.tmp
8/29/2008 7:46:45 AM    217163    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4DE.tmp
8/29/2008 7:46:45 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4DF.tmp
8/29/2008 7:46:45 AM    176    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4E0.tmp
8/29/2008 7:46:45 AM    1068885    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4E1.tmp
8/30/2008 7:58:15 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4EA.tmp
8/30/2008 7:58:15 AM    217171    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4EB.tmp
8/30/2008 7:58:15 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4EC.tmp
8/30/2008 7:58:15 AM    176    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4ED.tmp
8/30/2008 7:58:15 AM    1068885    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn4EE.tmp
8/23/2008 6:27:27 AM    149    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn82B.tmp
8/23/2008 6:27:27 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn82C.tmp
8/23/2008 6:27:27 AM    156    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn830.tmp
8/23/2008 6:27:27 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn831.tmp
8/23/2008 6:27:27 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn837.tmp
8/23/2008 6:27:27 AM    153    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn838.tmp
8/23/2008 6:27:27 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn839.tmp
8/23/2008 6:27:41 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn87E.tmp
8/23/2008 6:27:41 AM    216713    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn87F.tmp
8/23/2008 6:27:41 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn880.tmp
8/23/2008 6:27:41 AM    176    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn881.tmp
8/23/2008 6:27:41 AM    1065157    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn882.tmp
8/10/2008 5:45:50 PM    1783340    32    C:\Documents and Settings\lkris\Local Settings\Temp\scw1208.tmp
8/27/2008 10:17:44 AM    5580554    32    C:\Documents and Settings\lkris\Local Settings\Temp\SEP_INST.LOG
8/27/2008 10:22:14 AM    4659    32    C:\Documents and Settings\lkris\Local Settings\Temp\SNDunin.log
8/27/2008 12:21:27 PM    1262    32    C:\Documents and Settings\lkris\Local Settings\Temp\srtUnin.log
8/27/2008 10:23:53 AM    73373    32    C:\Documents and Settings\lkris\Local Settings\Temp\SYMEVENT.LOG
9/2/2008 11:54:46 AM    16384    32    C:\Documents and Settings\lkris\Local Settings\Temp\~DF2C1E.tmp
8/31/2008 8:09:00 AM    16384    32    C:\Documents and Settings\lkris\Local Settings\Temp\~DF9ECB.tmp

 

-= TBC =-

billseymour

14 Posts

September 2nd, 2008 19:00

-= This one should do it =-

 

====== Uninstall List From Registry ======

Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player ActiveX
Dell Wireless WLAN Card
Conexant D110 MDC V.92 Modem
Digi Device Discovery
HijackThis 2.0.2
HP Document Viewer 5.3
HP Imaging Device Functions 5.3
HP Image Zone 5.3
HP Solution Center & Imaging Support Tools 5.3
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Broadcom ASF Management Applications
Broadcom Advanced Control Suite 2
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Security Update for Step By Step Interactive Training (KB898458)
Microsoft Base Smart Card Cryptographic Service Provider Package
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Internet Explorer 7 (KB928090)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Internet Explorer 7 (KB938127)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941569)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB953839)
Logitech Legacy USB Camera Driver Package
LiveUpdate 3.3 (Symantec Corporation)
Logitech QuickCam Driver Package
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
MSN
Microsoft National Language Support Downlevel APIs
SHARP AR-C170 Series PCL5c Printer Driver
Macromedia Flash Player 8
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Windows Media Format 11 runtime
Windows Media Player 11
Workstation Security Banner Service
Ipswitch WS_FTP Pro
Microsoft User-Mode Driver Framework Feature Pack 1.0
Apple Software Update
PhotoGallery
CP_Package_Variety1
QuickTime
Destinations
Sonic Update Manager
MSXML 6.0 Parser (KB933579)
WD Diagnostics
AiO_Scan
Sonic DLA
hp deskjet 5100
HP Software Update
DocumentViewer
AutoUpdate
1400_Help
CP_Package_Variety3
Google Earth
Internal Network Card Power Management
Sonic_PrimoSDK
Google Toolbar for Internet Explorer
CP_Panorama1Config
Broadcom ASF Management Applications
1400
Unload
Google Toolbar for Firefox
TrayApp
InstantShareDevices
WebFldrs XP
MVision
Apple Mobile Device Support
CP_CalendarTemplates1
MSXML 4.0 SP2 (KB927978)
Quicken 2008
URL Assistant
NetWaiting
Bonjour
FullDPAppQFolder
GdiplusUpgrade
NewCopy
RandMap
WebReg
CP_Package_Basic1
SupportSoft Assisted Service
HP PSC & OfficeJet 5.3.B
DeviceFunctionQFolder
Broadcom Advanced Control Suite 2
SkinsHP1
eSupportQFolder
PowerDVD 5.1
DocProc
Java 2 Runtime Environment, SE v1.4.2_03
MSXML 4.0 SP2 Parser and SDK
Symantec Endpoint Protection
AiOSoftware
DivX
DocumentViewerQFolder
ProductContext
CP_AtenaShokunin1Config
Modem Helper
Intel(R) Graphics Media Accelerator Driver for Mobile
DivX Player
QuickBooks Premier Edition 2008
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Professional Edition 2003
Readme
Sonic RecordNow! Plus
SHU Client Install Package
Radioshack USB-to-Serial cable
ALPS Touch Pad Driver
Windows Defender
ScannerCopy
CueTour
DeviceManagementQFolder
Adobe Acrobat and Reader 6.0.6 Update
Adobe Acrobat 6.0.1 Standard
Adobe Reader 8.1.1
Adobe Reader 8.1.2
DivX Converter
PanoStandAlone
Microsoft .NET Framework 2.0 Service Pack 1
DivX Web Player
CP_Package_Variety2
BufferChm
Microsoft Office Outlook 2003 with Business Contact Manager Update
Logitech Audio Echo Cancellation Component
MSXML 4.0 SP2 (KB936181)
Scan
QuickSet
1400Trb
Microsoft Outlook Personal Folders Backup
Safari
Microsoft .NET Framework 1.1
Fax
AnswerWorks 5.0 English Runtime
Search Assist
HPProductAssistant
Digital Line Detect
SolutionCenter
Logitech Video Enumerator
iTunes
Status

======== Other Info ========

TOTAL PHYSICAL RAM: 2138 MB

 

 

 

 

 

billseymour

14 Posts

September 2nd, 2008 19:00

-= Continuation =-

====== Files under "\Administrator\Startup" Last 30 Days======


====== Files under "\All Users\Startup" Last 30 Days======

8/27/2008 2:07:02 PM    1824    32    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
8/27/2008 2:07:02 PM    493    32    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
8/27/2008 2:07:02 PM    1808    32    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
8/27/2008 2:07:02 PM    798    32    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
8/27/2008 2:07:02 PM    2109    32    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

====== Folders under "\Program Files" Last 30 Days======

9/2/2008 11:20:20 AM    409025    C:\Program Files\Trend Micro
9/2/2008 11:20:20 AM    409025    C:\Program Files\Trend Micro\HijackThis
8/21/2008 9:20:11 AM    4797090    C:\Program Files\Windows Defender

====== Files under "\System32\Drivers" Last 30 Days======

8/27/2008 10:40:49 AM    4255    0    C:\WINDOWS\system32\drivers\adv01nt5.dll
8/27/2008 10:40:49 AM    3967    0    C:\WINDOWS\system32\drivers\adv02nt5.dll
8/27/2008 10:40:49 AM    3615    0    C:\WINDOWS\system32\drivers\adv05nt5.dll
8/27/2008 10:40:49 AM    3647    0    C:\WINDOWS\system32\drivers\adv07nt5.dll
8/27/2008 10:40:49 AM    3135    0    C:\WINDOWS\system32\drivers\adv08nt5.dll
8/27/2008 10:40:49 AM    3711    0    C:\WINDOWS\system32\drivers\adv09nt5.dll
8/27/2008 10:40:49 AM    3775    0    C:\WINDOWS\system32\drivers\adv11nt5.dll
8/27/2008 10:40:52 AM    56623    0    C:\WINDOWS\system32\drivers\ati1btxx.sys
8/27/2008 10:40:52 AM    11615    0    C:\WINDOWS\system32\drivers\ati1mdxx.sys
8/27/2008 10:40:52 AM    12047    0    C:\WINDOWS\system32\drivers\ati1pdxx.sys
8/27/2008 10:40:52 AM    30671    0    C:\WINDOWS\system32\drivers\ati1raxx.sys
8/27/2008 10:40:52 AM    63663    0    C:\WINDOWS\system32\drivers\ati1rvxx.sys
8/27/2008 10:40:52 AM    26367    0    C:\WINDOWS\system32\drivers\ati1snxx.sys
8/27/2008 10:40:52 AM    21343    0    C:\WINDOWS\system32\drivers\ati1ttxx.sys
8/27/2008 10:40:52 AM    36463    0    C:\WINDOWS\system32\drivers\ati1tuxx.sys
8/27/2008 10:40:53 AM    29455    0    C:\WINDOWS\system32\drivers\ati1xbxx.sys
8/27/2008 10:40:53 AM    34735    0    C:\WINDOWS\system32\drivers\ati1xsxx.sys
8/27/2008 10:40:53 AM    327040    0    C:\WINDOWS\system32\drivers\ati2mtaa.sys
8/27/2008 10:40:53 AM    701440    0    C:\WINDOWS\system32\drivers\ati2mtag.sys
8/27/2008 10:40:54 AM    57856    0    C:\WINDOWS\system32\drivers\atinbtxx.sys
8/27/2008 10:40:54 AM    13824    0    C:\WINDOWS\system32\drivers\atinmdxx.sys
8/27/2008 10:40:54 AM    14336    0    C:\WINDOWS\system32\drivers\atinpdxx.sys
8/27/2008 10:40:54 AM    52224    0    C:\WINDOWS\system32\drivers\atinraxx.sys
8/27/2008 10:40:54 AM    104960    0    C:\WINDOWS\system32\drivers\atinrvxx.sys
8/27/2008 10:40:54 AM    28672    0    C:\WINDOWS\system32\drivers\atinsnxx.sys
8/27/2008 10:40:54 AM    13824    0    C:\WINDOWS\system32\drivers\atinttxx.sys
8/27/2008 10:40:54 AM    73216    0    C:\WINDOWS\system32\drivers\atintuxx.sys
8/27/2008 10:40:54 AM    31744    0    C:\WINDOWS\system32\drivers\atinxbxx.sys
8/27/2008 10:40:54 AM    63488    0    C:\WINDOWS\system32\drivers\atinxsxx.sys
8/27/2008 10:40:54 AM    64352    0    C:\WINDOWS\system32\drivers\ativmc20.cod
8/27/2008 10:40:55 AM    21183    0    C:\WINDOWS\system32\drivers\atv01nt5.dll
8/27/2008 10:40:55 AM    11359    0    C:\WINDOWS\system32\drivers\atv02nt5.dll
8/27/2008 10:40:55 AM    25471    0    C:\WINDOWS\system32\drivers\atv04nt5.dll
8/27/2008 10:40:55 AM    14143    0    C:\WINDOWS\system32\drivers\atv06nt5.dll
8/27/2008 10:40:55 AM    17279    0    C:\WINDOWS\system32\drivers\atv10nt5.dll
8/27/2008 10:40:56 AM    17024    0    C:\WINDOWS\system32\drivers\bthenum.sys
8/27/2008 10:40:56 AM    37888    0    C:\WINDOWS\system32\drivers\bthmodem.sys
8/27/2008 10:40:56 AM    101120    0    C:\WINDOWS\system32\drivers\bthpan.sys
8/27/2008 10:40:56 AM    36480    0    C:\WINDOWS\system32\drivers\bthprint.sys
8/27/2008 10:40:56 AM    18944    0    C:\WINDOWS\system32\drivers\bthusb.sys
8/27/2008 10:40:57 AM    15423    0    C:\WINDOWS\system32\drivers\ch7xxnt5.dll
8/27/2008 10:40:59 AM    129045    0    C:\WINDOWS\system32\drivers\cxthsfs2.cty
8/27/2008 10:41:05 AM    46464    0    C:\WINDOWS\system32\drivers\gagp30kx.sys
8/27/2008 10:41:05 AM    144384    0    C:\WINDOWS\system32\drivers\hdaudbus.sys
8/27/2008 10:41:06 AM    25600    0    C:\WINDOWS\system32\drivers\hidbth.sys
8/27/2008 10:41:06 AM    19200    0    C:\WINDOWS\system32\drivers\hidir.sys
8/27/2008 10:41:06 AM    220032    0    C:\WINDOWS\system32\drivers\hsfbs2s2.sys
8/27/2008 10:41:06 AM    685056    0    C:\WINDOWS\system32\drivers\hsfcxts2.sys
8/27/2008 10:41:06 AM    1041536    0    C:\WINDOWS\system32\drivers\hsfdpsp2.sys
8/27/2008 10:41:08 AM    46592    0    C:\WINDOWS\system32\drivers\irbus.sys
8/27/2008 10:41:31 AM    126686    0    C:\WINDOWS\system32\drivers\mtlmnt5.sys
8/27/2008 10:41:31 AM    1309184    0    C:\WINDOWS\system32\drivers\mtlstrm.sys
8/27/2008 10:41:31 AM    452736    0    C:\WINDOWS\system32\drivers\mtxparhm.sys
8/27/2008 10:41:31 AM    12672    0    C:\WINDOWS\system32\drivers\mutohpen.sys
8/27/2008 10:41:33 AM    67866    0    C:\WINDOWS\system32\drivers\netwlan5.img
8/27/2008 10:41:34 AM    180360    0    C:\WINDOWS\system32\drivers\ntmtlfax.sys
8/27/2008 10:41:39 AM    13776    0    C:\WINDOWS\system32\drivers\recagent.sys
8/27/2008 10:41:39 AM    59136    0    C:\WINDOWS\system32\drivers\rfcomm.sys
8/27/2008 10:41:39 AM    30592    0    C:\WINDOWS\system32\drivers\rndismpx.sys
8/27/2008 10:41:40 AM    166912    0    C:\WINDOWS\system32\drivers\s3gnbm.sys
8/27/2008 10:41:41 AM    10240    0    C:\WINDOWS\system32\drivers\sffp_mmc.sys
8/27/2008 10:41:42 AM    3901    0    C:\WINDOWS\system32\drivers\siint5.dll
8/27/2008 10:41:42 AM    129535    0    C:\WINDOWS\system32\drivers\slnt7554.sys
8/27/2008 10:41:42 AM    404990    0    C:\WINDOWS\system32\drivers\slntamr.sys
8/27/2008 10:41:42 AM    95424    0    C:\WINDOWS\system32\drivers\slnthal.sys
8/27/2008 10:41:42 AM    13240    0    C:\WINDOWS\system32\drivers\slwdmsup.sys
8/27/2008 10:41:42 AM    5888    0    C:\WINDOWS\system32\drivers\smbali.sys
8/27/2008 12:31:51 PM    10563    32    C:\WINDOWS\system32\drivers\SYMEVENT.CAT
8/27/2008 12:31:51 PM    805    32    C:\WINDOWS\system32\drivers\SYMEVENT.INF
8/27/2008 12:31:51 PM    123952    32    C:\WINDOWS\system32\drivers\SYMEVENT.SYS
8/27/2008 12:32:36 PM    91520    32    C:\WINDOWS\system32\drivers\SysPlant.sys
8/27/2008 10:41:48 AM    44672    0    C:\WINDOWS\system32\drivers\uagp35.sys
8/27/2008 10:41:50 AM    12800    0    C:\WINDOWS\system32\drivers\usb8023x.sys
8/27/2008 10:41:50 AM    121984    0    C:\WINDOWS\system32\drivers\usbvideo.sys
8/27/2008 10:41:50 AM    11325    0    C:\WINDOWS\system32\drivers\vchnt5.dll
8/27/2008 10:41:51 AM    14208    0    C:\WINDOWS\system32\drivers\wacompen.sys
8/27/2008 10:41:51 AM    11807    0    C:\WINDOWS\system32\drivers\wadv07nt.sys
8/27/2008 10:41:51 AM    11295    0    C:\WINDOWS\system32\drivers\wadv08nt.sys
8/27/2008 10:41:51 AM    11871    0    C:\WINDOWS\system32\drivers\wadv09nt.sys
8/27/2008 10:41:51 AM    11935    0    C:\WINDOWS\system32\drivers\wadv11nt.sys
8/27/2008 10:41:51 AM    22271    0    C:\WINDOWS\system32\drivers\watv06nt.sys
8/27/2008 10:41:51 AM    25471    0    C:\WINDOWS\system32\drivers\watv10nt.sys

====== Files under "\User\Local Settings\Temp" Last 30 Days======

8/26/2008 6:08:12 PM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\.tt15.tmp
8/26/2008 6:08:12 PM    1002    32    C:\Documents and Settings\lkris\Local Settings\Temp\.tt15.tmp.vbs
8/26/2008 7:15:34 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\.tt16.tmp
8/26/2008 7:15:34 AM    1002    32    C:\Documents and Settings\lkris\Local Settings\Temp\.tt16.tmp.vbs
8/27/2008 9:47:28 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\.tt18.tmp
8/27/2008 9:47:28 AM    1002    32    C:\Documents and Settings\lkris\Local Settings\Temp\.tt18.tmp.vbs
8/27/2008 6:34:05 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\.tt27.tmp
8/27/2008 6:34:05 AM    1002    32    C:\Documents and Settings\lkris\Local Settings\Temp\.tt27.tmp.vbs
8/26/2008 7:46:02 AM    1612772    32    C:\Documents and Settings\lkris\Local Settings\Temp\.tt4DD.tmp
8/26/2008 7:46:02 AM    1612772    32    C:\Documents and Settings\lkris\Local Settings\Temp\.tt4DD.tmp.exe
8/26/2008 7:56:03 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\.tt4E4.tmp
8/26/2008 8:06:04 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\.tt4E6.tmp
8/26/2008 8:16:06 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\.tt4E8.tmp
8/26/2008 8:26:08 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\.tt4EA.tmp
8/26/2008 6:00:48 PM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\.ttF.tmp
8/26/2008 6:00:48 PM    1002    32    C:\Documents and Settings\lkris\Local Settings\Temp\.ttF.tmp.vbs
8/14/2008 7:02:08 AM    36302    32    C:\Documents and Settings\lkris\Local Settings\Temp\1f67_appcompat.txt
8/21/2008 1:22:32 PM    36302    32    C:\Documents and Settings\lkris\Local Settings\Temp\3faa_appcompat.txt
8/21/2008 6:43:47 AM    36302    32    C:\Documents and Settings\lkris\Local Settings\Temp\67ff_appcompat.txt
8/14/2008 9:56:05 PM    36302    32    C:\Documents and Settings\lkris\Local Settings\Temp\6ec1_appcompat.txt
8/20/2008 8:22:41 PM    36302    32    C:\Documents and Settings\lkris\Local Settings\Temp\87e2_appcompat.txt
8/17/2008 8:40:44 PM    36302    32    C:\Documents and Settings\lkris\Local Settings\Temp\972f_appcompat.txt
8/15/2008 8:55:53 AM    36302    32    C:\Documents and Settings\lkris\Local Settings\Temp\a4d3_appcompat.txt
8/20/2008 6:46:52 AM    36302    32    C:\Documents and Settings\lkris\Local Settings\Temp\c771_appcompat.txt
8/17/2008 8:19:12 AM    36302    32    C:\Documents and Settings\lkris\Local Settings\Temp\cee5_appcompat.txt
8/19/2008 7:05:14 AM    36302    32    C:\Documents and Settings\lkris\Local Settings\Temp\e1ee_appcompat.txt
8/16/2008 7:56:48 PM    36302    32    C:\Documents and Settings\lkris\Local Settings\Temp\ed7d_appcompat.txt
8/27/2008 11:37:58 AM    596    32    C:\Documents and Settings\lkris\Local Settings\Temp\hpzcoi00.log
8/27/2008 11:38:10 AM    596    32    C:\Documents and Settings\lkris\Local Settings\Temp\hpzcoi01.log
8/27/2008 11:38:10 AM    596    32    C:\Documents and Settings\lkris\Local Settings\Temp\hpzcoi02.log
8/26/2008 6:08:05 PM    533    32    C:\Documents and Settings\lkris\Local Settings\Temp\pcf13.tmp
8/27/2008 12:26:47 PM    533    32    C:\Documents and Settings\lkris\Local Settings\Temp\pcf16.tmp
8/30/2008 9:26:53 AM    533    32    C:\Documents and Settings\lkris\Local Settings\Temp\pcf17.tmp
8/27/2008 2:17:52 PM    533    32    C:\Documents and Settings\lkris\Local Settings\Temp\pcf2.tmp
8/9/2008 9:42:14 AM    533    32    C:\Documents and Settings\lkris\Local Settings\Temp\pcf3.tmp
8/31/2008 8:08:40 AM    533    32    C:\Documents and Settings\lkris\Local Settings\Temp\pcf5.tmp
8/26/2008 6:00:31 PM    533    32    C:\Documents and Settings\lkris\Local Settings\Temp\pcf6.tmp
8/8/2008 6:57:02 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn3C4.tmp
8/5/2008 6:36:54 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn3C7.tmp
8/5/2008 6:36:54 AM    153    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn3E6.tmp
8/5/2008 6:36:54 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn3E7.tmp
8/7/2008 6:42:15 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn3F3.tmp
8/6/2008 6:04:02 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn3F6.tmp
8/5/2008 6:36:54 AM    156    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn3FB.tmp
8/5/2008 6:36:54 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn3FC.tmp
8/6/2008 6:04:02 AM    153    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn402.tmp
8/6/2008 6:04:02 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn40D.tmp
8/7/2008 6:42:15 AM    153    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn40E.tmp
8/5/2008 6:36:57 AM    0    32    C:\Documents and Settings\lkris\Local Settings\Temp\qfn416.tmp

 

-= TBC =-

billseymour

14 Posts

September 2nd, 2008 20:00

Looks like the oembios entry comes back again...

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:26 PM, on 9/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dgrpencx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\oembios.exe,
O1 - Hosts: 69.25.74.37 MAIL007 #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 69.25.75.197 BE057 #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 69.25.75.197 BE057.mail.lan #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 69.25.75.251 MAIL091.mail.lan #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 69.25.75.251 MAIL091 #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 69.25.75.245 MAIL005 #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 69.25.75.245 MAIL005.mail.lan #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 64.95.72.204 BE034 #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 64.95.72.204 BE034.mail.lan #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 69.25.75.242 MAIL092 #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 69.25.75.242 MAIL092.mail.lan #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 69.25.75.243 MAIL093 #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 69.25.75.243 MAIL093.mail.lan #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 66.150.196.21 MAIL021 #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 66.150.196.21 MAIL021.mail.lan #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 66.150.196.22 MAIL022 #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 66.150.196.22 MAIL022.mail.lan #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 66.150.196.23 MAIL023 #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 66.150.196.23 MAIL023.mail.lan #Exchange Hosting 02/06/08 10:24:41
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gsslinc.local
O17 - HKLM\Software\..\Telephony: DomainName = gsslinc.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gsslinc.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gsslinc.local
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Digi RealPort Network Service (DgRpEncx) - Digi International Inc. - C:\WINDOWS\system32\dgrpencx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12767 bytes
 

bamajim

10.4K Posts

September 2nd, 2008 20:00

billseymour

1. *NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!

Download CCleaner from here to clean temp files from your computer.


  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced." deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.

2. Rerun Hijackthis (scan only) and place checks beside the following entry
  • F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,

Close all other open windows except Hijackthis and Select " Fix checked"

Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log














 


 


"The world is what you make of it"




bamajim

10.4K Posts

September 2nd, 2008 23:00

billseymour

No worries. Step2

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    If an update is found, it will download and install the latest version.
    Once the program has loaded, select " Perform Quick Scan", then click Scan.
    The scan may take some time to finish,so please be patient.
    When the scan is complete, click OK, then Show Results to view the results.
    Make sure that everything is checked, and click Remove Selected.
    When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    Copy&Paste the entire report in your next reply.










Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.













 


 


"The world is what you make of it"




billseymour

14 Posts

September 4th, 2008 16:00

Sorry for the slow response, I was OOP yesterday.

 

Here's the logfile.

 

Malwarebytes' Anti-Malware 1.26
Database version: 1112
Windows 5.1.2600 Service Pack 3

9/4/2008 10:08:36 AM
mbam-log-2008-09-04 (10-08-35).txt

Scan type: Quick Scan
Objects scanned: 79115
Time elapsed: 27 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\sysproc64 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\sysproc64\sysproc32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysproc64\sysproc32.sys.cla (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysproc64\sysproc86.sys (Trojan.Agent) -> Quarantined and deleted successfully.
 

bamajim

10.4K Posts

September 5th, 2008 12:00

billseymour

Rerun Hiajckthis and post a fresh Hijackthis log






 


 


"The world is what you make of it"




billseymour

14 Posts

September 6th, 2008 23:00

I'm out of the office until Wednesday or Thursday, I'll run another HijackThis when I get back in... A second run through mbam with the full scan option came out clean though, so it's likely clean now.

 

Bill

billseymour

14 Posts

September 12th, 2008 15:00

And here's what should be the last of it... The new HijackThis log:

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:24 AM, on 9/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dgrpencx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 69.25.74.37 MAIL007 #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 69.25.75.197 BE057 #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 69.25.75.197 BE057.mail.lan #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 69.25.75.251 MAIL091.mail.lan #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 69.25.75.251 MAIL091 #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 69.25.75.245 MAIL005 #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 69.25.75.245 MAIL005.mail.lan #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 64.95.72.204 BE034 #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 64.95.72.204 BE034.mail.lan #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 69.25.75.242 MAIL092 #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 69.25.75.242 MAIL092.mail.lan #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 69.25.75.243 MAIL093 #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 69.25.75.243 MAIL093.mail.lan #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 66.150.196.21 MAIL021 #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 66.150.196.21 MAIL021.mail.lan #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 66.150.196.22 MAIL022 #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 66.150.196.22 MAIL022.mail.lan #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 66.150.196.23 MAIL023 #Exchange Hosting 02/06/08 10:24:41
O1 - Hosts: 66.150.196.23 MAIL023.mail.lan #Exchange Hosting 02/06/08 10:24:41
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gsslinc.local
O17 - HKLM\Software\..\Telephony: DomainName = gsslinc.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gsslinc.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gsslinc.local
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Digi RealPort Network Service (DgRpEncx) - Digi International Inc. - C:\WINDOWS\system32\dgrpencx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12691 bytes

bamajim

10.4K Posts

September 15th, 2008 11:00

billseymour

Just a little clean up

1. Rerun Hijackthis (scan only) and place checks beside the following entries
  • O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)

Close all other open windows except Hijackthis and Select " Fix checked"

Close Hijackthis ->> Reboot your PC

You may now remove/delete/uninstall the tools we used to clean your PC

Now that your log is clean

There are some final notes:

  • Lets create a clean System Restore point
    the instructions are here

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of
    Java Runtime Environment (JRE) 6.u7.
    Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    Click the " Download" button to the right.
    Check the box that says: " Accept License Agreement".
    The page will refresh.
    Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    Close any programs you may have running - especially your web browser.
    Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    Click the Remove or Change/Remove button.
    Repeat as many times as necessary to remove each Java versions.
    Reboot your computer once all Java components are removed.
    Then from your desktop double-click on jre-6u7-windowsi586-p.exe to install the newest version.













Update your Anti Virus Software

Use and maintain a Firewall

Visit Microsoft's Windows Update Site Frequently for critical updates

Backup your Important Documents and Files on a regular basis
  • To a disc or a USB key, not your Hardrive

You may want to read this article" So how did I get infected in the first place" by Tony Klein

surf safe








































 


 


"The world is what you make of it"




Was this post helpful?

View All

No Events found!

Top