Unsolved
This post is more than 5 years old
28 Posts
0
1977
July 9th, 2008 15:00
Paypal hacked
My paypal and email adress were both hacked, Im afraid I might have a keylogger. Please help me delete all viruses and whatnot.
This is my computer, I have full authorization.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:45 PM, on 7/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\BYOND\bin\byond.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sharewareisland.com/linktrack.aspx?linktrackid=4205
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ML1HelperStartUp] C:\PROGRA~1\MIDNIG~1\ML1HEL~1.EXE /partner ML1
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\LongLifePC\bm.exe" dm=http://longlifepc.com; ad=http://longlifepc.com
O4 - HKLM\..\Run: [rtasks] C:\Program Files\LongLifePC\rtasks.exe
O4 - HKLM\..\Run: [HP Software Update] C:\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [iseeyou] C:\Program Files\BPK\iseeyou.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.10\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.10\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163107623687
O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} (LaunchUBO.Ulit) - http://www.ultimatebaseballonline.com/myubo/launchubo.OCX
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B56FF813-9B72-439D-BFF3-E722EBAECA8E} (CDISCoverOS Object) - http://rockford.discoverconsole.com/onlinespotlight/OnSpotDiscover.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.18.38/ttinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/virtools/CacheManager.CAB
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe (file missing)
--
End of file - 13271 bytes
0 events found
bamajim
10.4K Posts
0
July 9th, 2008 18:00
1. Go HERE and download File Lister.
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
As the program runs, it will appear that nothing is happening.
When the program is fnished it will produce a log for you C:\Files.txt
Copy and paste the contents of that log in your reply.
You may have to post the results in more than one reply
"The world is what you make of it"
Deathflash
28 Posts
0
July 9th, 2008 19:00
=== Files under "\User\Local Settings\Temp" Last 30 Days======
7/5/2008 11:34:14 PM 1205658 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\28C53F8.dmp
7/5/2008 11:34:10 PM 46114 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\538d_appcompat.txt
7/6/2008 6:57:27 PM 25124 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\AAX1C.tmp
7/5/2008 10:48:33 PM 28062 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\AIM10A.tmp.arf
7/8/2008 1:34:31 PM 28062 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\AIM125.tmp.arf
7/6/2008 5:40:50 PM 28062 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\AIM17.tmp.arf
7/6/2008 6:53:43 PM 28062 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\AIM1A.tmp.arf
7/8/2008 5:40:21 PM 28062 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\AIM1BA.tmp.arf
7/6/2008 8:58:51 PM 28062 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\AIM1E.tmp.arf
7/8/2008 7:38:56 PM 28062 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\AIM237.tmp.arf
7/6/2008 11:56:21 PM 28062 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\AIM4A.tmp.arf
7/4/2008 10:04:14 PM 28062 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\AIM57D.tmp.arf
7/5/2008 12:24:42 AM 28062 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\AIM5BB.tmp.arf
7/2/2008 5:40:29 PM 28062 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\AIM5D.tmp.arf
7/2/2008 7:49:38 PM 28062 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\AIM86.tmp.arf
7/5/2008 12:32:01 PM 28062 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\AIMD.tmp.arf
7/6/2008 10:40:22 PM 28062 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\AIME.tmp.arf
7/8/2008 12:44:00 PM 28062 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\AIMF7.tmp.arf
7/2/2008 5:41:06 PM 263168 0 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\binkw32.dll
7/5/2008 11:36:03 PM 23868 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\BNe13E.tmp
7/4/2008 9:18:00 PM 2840 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\BNe54C.tmp
7/7/2008 11:43:56 PM 16244 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\BNeEC.tmp
7/7/2008 8:43:51 PM 12818 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\control.xml
7/2/2008 5:41:06 PM 352256 0 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\d2l_Install.exe
7/2/2008 7:02:46 PM 331776 0 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\d2l_PlayD2.exe
7/6/2008 12:33:42 PM 47122 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\DIO10.tmp
7/3/2008 8:59:07 PM 47122 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\DIO166.tmp
7/6/2008 10:37:34 PM 47122 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\DIO2D.tmp
7/5/2008 11:43:23 AM 47122 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\DIO4.tmp
7/2/2008 5:37:43 PM 47122 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\DIO57.tmp
7/2/2008 5:38:03 PM 47122 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\DIO5B.tmp
7/7/2008 2:59:21 PM 47122 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\DIO5D.tmp
7/5/2008 11:44:32 AM 47122 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\DIO6.tmp
7/5/2008 7:05:45 PM 47122 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\DIO65.tmp
7/5/2008 11:39:28 PM 47122 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\DIO7.tmp
7/6/2008 10:39:17 PM 47122 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\DIO8.tmp
7/5/2008 11:39:47 PM 47122 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\DIO9.tmp
7/6/2008 10:39:32 PM 47122 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\DIOC.tmp
7/2/2008 5:37:43 PM 1188 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\hpqddusr.log
7/6/2008 11:19:03 PM 1994 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\IMT27.xml
7/6/2008 11:19:03 PM 426 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\IMT28.xml
7/6/2008 11:19:03 PM 707348 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\IMT29.xml
7/6/2008 11:19:08 PM 1994 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\IMT2A.xml
7/6/2008 11:19:08 PM 426 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\IMT2B.xml
7/6/2008 11:19:08 PM 707348 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\IMT2C.xml
7/6/2008 11:19:13 PM 1994 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\IMT2D.xml
7/6/2008 11:19:13 PM 426 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\IMT2E.xml
7/6/2008 11:19:13 PM 707348 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\IMT2F.xml
7/8/2008 5:44:46 PM 737280 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\irsetup.exe
7/5/2008 4:06:18 PM 208 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\java_install_reg.log
7/2/2008 5:42:21 PM 684 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\jusched.log
7/5/2008 11:43:20 AM 1342 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\MAR2.tmp
7/5/2008 11:43:21 AM 1285 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\MAR3.tmp
7/5/2008 11:39:27 PM 1342 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\MAR4.tmp
7/5/2008 11:39:27 PM 1285 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\MAR5.tmp
7/2/2008 5:37:42 PM 1342 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\MAR55.tmp
7/2/2008 5:37:42 PM 1285 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\MAR56.tmp
7/6/2008 10:39:14 PM 1342 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\MAR6.tmp
7/6/2008 10:39:15 PM 1285 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\MAR7.tmp
7/3/2008 8:59:08 PM 205 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\STS168.tmp
7/6/2008 10:37:36 PM 205 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\STS2E.tmp
7/5/2008 7:12:44 PM 205 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\STS72.tmp
7/6/2008 10:39:43 PM 205 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\STSD.tmp
7/2/2008 5:37:39 PM 1233 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\TWAIN.LOG
7/2/2008 5:37:39 PM 4 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\Twain001.Mtx
7/2/2008 5:37:39 PM 156 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\Twunk001.MTX
7/2/2008 5:37:39 PM 0 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\Twunk002.MTX
7/6/2008 11:20:57 PM 181 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\wecerr.txt
7/6/2008 10:39:37 PM 32768 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\~DF1FF4.tmp
7/6/2008 11:10:56 PM 16384 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\~DF3041.tmp
7/5/2008 11:45:07 AM 49152 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\~DF59E2.tmp
7/2/2008 5:37:52 PM 49152 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\~DF6E36.tmp
7/5/2008 12:32:28 PM 65536 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\~DF715A.tmp
7/5/2008 12:32:28 PM 512 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\~DF7167.tmp
7/8/2008 5:46:06 PM 16384 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\~DF7A8A.tmp
7/5/2008 12:32:30 PM 65536 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\~DF7D7E.tmp
7/5/2008 12:32:30 PM 512 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\~DF7D93.tmp
7/5/2008 11:40:06 AM 512 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\~DF8461.tmp
7/5/2008 11:39:40 AM 512 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\~DFB958.tmp
7/5/2008 11:40:08 PM 49152 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\~DFC259.tmp
7/9/2008 4:10:46 PM 16384 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\~DFF2BA.tmp
7/9/2008 4:10:46 PM 512 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\~DFF2CA.tmp
7/4/2008 4:43:50 AM 16384 32 C:\Documents and Settings\Timmy Khan\Local Settings\Temp\~DFF905.tmp
=== Files and Folders under "All Users\Application Data" Last 30 Days======
6/28/2008 2:02:34 AM 0 C:\Documents and Settings\All Users\Application Data\Avg7
=== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======
=== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
ShoppingReport
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}
ShoppingReport
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
ShoppingReport
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
ShoppingReport
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
ShoppingReport
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
ShoppingReport
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{E3578B37-6346-4EC1-A82B-38273A100DCF}
TrendProtect
=== Services ( Services that are Whitelisted are not shown ======
Deathflash
28 Posts
0
July 9th, 2008 19:00
DSBrokerService (DSBrokerService) "C:\Program Files\DellSupport\brkrsvc.exe" - Disabled
Media Center Receiver Service (ehRecvr) C:\WINDOWS\eHome\ehRecvr.exe - Auto
Media Center Scheduler Service (ehSched) C:\WINDOWS\eHome\ehSched.exe - Auto
hpqcxs08 (hpqcxs08) C:\WINDOWS\system32\svchost.exe -k hpdevmgmt - Manual
HP CUE DeviceDiscovery Service (hpqddsvc) C:\WINDOWS\system32\svchost.exe -k hpdevmgmt - Auto
MHN (MHN) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
Net Driver HPZ12 (Net Driver HPZ12) C:\WINDOWS\System32\svchost.exe -k HPZ12 - Auto
Intel NCS NetService (NetSvc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe - Manual
Peer Networking Group Authentication (p2pgasvc) C:\WINDOWS\system32\svchost.exe -k p2psvc - Manual
Peer Networking Identity Manager (p2pimsvc) C:\WINDOWS\system32\svchost.exe -k p2psvc - Manual
Peer Networking (p2psvc) C:\WINDOWS\system32\svchost.exe -k p2psvc - Manual
Peer Name Resolution Protocol (PNRPSvc) C:\WINDOWS\system32\svchost.exe -k p2psvc - Manual
ScsiAccess (ScsiAccess) C:\WINDOWS\system32\ScsiAccess.EXE - Auto
Simple TCP/IP Services (SimpTcp) C:\WINDOWS\system32\tcpsvcs.exe - Auto
Symantec Network Drivers Service (SNDSrvc) "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" - Manual
STOPzilla Service (szserver) C:\Program Files\Common Files\STOPzilla!\SZServer.exe - Auto
=== Running Processes ======
System Idle Process [0]
System [4]
smss.exe [736] \SystemRoot\System32\smss.exe
csrss.exe [788] C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe [812] winlogon.exe
services.exe [856] C:\WINDOWS\system32\services.exe
lsass.exe [868] C:\WINDOWS\system32\lsass.exe
svchost.exe [1076] C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe [1144] C:\WINDOWS\system32\svchost -k rpcss
svchost.exe [1244] C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe [1356] C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe [1496] C:\WINDOWS\system32\svchost.exe -k LocalService
spoolsv.exe [1648] C:\WINDOWS\system32\spoolsv.exe
explorer.exe [508] C:\WINDOWS\Explorer.EXE
ehtray.exe [620] "C:\WINDOWS\ehome\ehtray.exe"
hkcmd.exe [636] "C:\WINDOWS\system32\hkcmd.exe"
igfxpers.exe [644] "C:\WINDOWS\system32\igfxpers.exe"
stsystra.exe [676] "C:\WINDOWS\stsystra.exe"
issch.exe [784] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
apdproxy.exe [832] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
tfswctrl.exe [144] "C:\WINDOWS\system32\dla\tfswctrl.exe"
qttask.exe [1020] "C:\Program Files\QuickTime\qttask.exe" -atboottime
VerizonServicepoint.exe [1320] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe"
hpwuSchd2.exe [1368] "C:\HP\HP Software Update\HPWuSchd2.exe"
ehRecvr.exe [1468] C:\WINDOWS\eHome\ehRecvr.exe
ehSched.exe [1524] C:\WINDOWS\eHome\ehSched.exe
jusched.exe [1692] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
svchost.exe [1708] C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
ctfmon.exe [1760] "C:\WINDOWS\system32\ctfmon.exe"
KodakCCS.exe [1788] C:\WINDOWS\system32\drivers\KodakCCS.exe
btdna.exe [1816] "C:\Program Files\DNA\btdna.exe"
LEXBCES.EXE [1844] C:\WINDOWS\system32\LEXBCES.EXE
hpqtra08.exe [1992] "C:\HP\Digital Imaging\bin\hpqtra08.exe"
iexplore.exe [452] "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
svchost.exe [1264] C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe [1436] C:\WINDOWS\System32\svchost.exe -k HPZ12
ScsiAccess.EXE [1608] C:\WINDOWS\system32\ScsiAccess.EXE
tcpsvcs.exe [756] C:\WINDOWS\system32\tcpsvcs.exe
svchost.exe [1732] C:\WINDOWS\system32\svchost.exe -k imgsvc
dllhost.exe [2300] C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
alg.exe [3076] C:\WINDOWS\System32\alg.exe
ehmsas.exe [3488] C:\WINDOWS\eHome\ehmsas.exe -Embedding
hpqste08.exe [3884] "C:\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Deskjet F4100 series#1212949220" -Startup
byond.exe [684] "C:\Program Files\BYOND\bin\byond.exe"
usnsvc.exe [3868] "C:\Program Files\MSN Messenger\usnsvc.exe"
igfxsrvc.exe [2560] C:\WINDOWS\system32\igfxsrvc.exe -Embedding
Athan.exe [2104] "C:\Program Files\Athan\Athan.exe"
realsched.exe [2868] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -restart
msnmsgr.exe [2288] "C:\Program Files\MSN Messenger\msnmsgr.exe"
iexplore.exe [11164] "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
wscript.exe [6004] "C:\WINDOWS\System32\WScript.exe" "C:\Documents and Settings\Timmy Khan\Desktop\FileLister.vbe"
wmiprvse.exe [3052] C:\WINDOWS\system32\wbem\wmiprvse.exe
wmiprvse.exe [8880] C:\WINDOWS\system32\wbem\wmiprvse.exe
=== Uninstall List From Registry ======
USB MassStorage CardReader
3D Groove Playback Engine
Adobe Flash Player ActiveX
Adobe Shockwave Player
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
Athan Basic 3.3
Build Your Own Net Dream (remove only)
CleanUp!
HijackThis 2.0.2
HP Imaging Device Functions 8.0
HP Solution Center 8.0
HP Customer Participation Program 8.0
HTML TOOLS Toolbar (remove only)
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Intel(R) 537EP V9x DF PCI Modem
High Definition Audio Driver Package - KB835221
Windows XP Hotfix - KB873339
Security Update for Windows XP (KB883939)
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885354
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows Genuine Advantage Validation Tool (KB892130)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Windows XP Media Center Edition 2005 KB895198
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Step By Step Interactive Training (KB898458)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Update for Windows XP (KB904942)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Security Update for Windows XP (KB916281)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922616)
LimeWire 4.18.3
Loader
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Messenger Plus! Live
Microsoft .NET Framework 2.0
MyMouse 4.3
Microsoft National Language Support Downlevel APIs
Intel(R) PRO Network Connections Drivers
PVRLoader
QuickTime
Verizon Servicepoint 1.3.21
RealPlayer
Get ShopperReports
ShopperReports
Silkroad
SpaceMonger 2.1.1
Switch Uninstall
VideoLAN VLC media player 0.8.6h
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
Notifier
aspi
Macromedia Flash Player
LeadTool
AIO_Scan
Windows Installer Clean Up
ESSPCD
HLPPDOCK
Scan
WebReg
ijji Auto Installer
Google Toolbar for Internet Explorer
HP Deskjet All-In-One Software 8.0
Java(TM) 6 Update 6
Windows Media Player 10
WebFldrs XP
Internet Explorer Default Page
CR2
ESSCAM
Norton Security Scan
ESSvpot
Windows Movie Maker 2.0
Windows Live Messenger
Dell Driver Reset Tool
AOLIcon
ESSBrwr
DJ_AIO_ProductContext
PCDADDIN
eSupportQFolder
HPProductAssistant
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
PCDLNCH
Microsoft Plus! Digital Media Edition Installer
CustomerResearchQFolder
Microsoft .NET Framework 2.0
MSXML 4.0 SP2 Parser and SDK
HLPIndex
Workspace Macro Pro 6.5
F4100
Modem Helper
Intel(R) PROSet for Wired Connections
ESShelp
Intel(R) Graphics Media Accelerator Driver
ESSCT
ESSini
Microsoft Office XP Professional with FrontPage
ESSgui
MarketResearch
Status
Destinations
CCHelp
ESScore
DJ_AIO_Software
Radioshack USB-to-Serial cable
SFR2
SolutionCenter
Copy
ESSvpaht
ESSANUP
DeviceManagementQFolder
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
F4100_Help
ESSCDBK
CCScore
DivX Web Player
Apple Software Update
BufferChm
SFR
PCDrdsho
Toolbox
PCDHELP
ESSTUTOR
ESSAdpt
Trend Micro TrendProtect for Internet Explorer
ccCommon
Google Toolbar for Internet Explorer
DJ_AIO_Software_min
UnloadSupport
HP Photosmart Essential
32 Bit HP CIO Components Installer
HLPCCTR
OTtBP
ESSPDock
TrayApp
Deathflash
28 Posts
0
July 9th, 2008 19:00
+++++++++++++++++++++++++++++++++
+
+ File Lister
+
+ Version 1.0.3
+
+ By bamajim@bamajim.com
+
+++++++++++++++++++++++++++++++++
Report ran on --->>> 7/9/2008 4:12:29 PM
=== Values under HKLM\~\Run ======
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SigmatelSysTrayApp"="stsystra.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ML1HelperStartUp"="C:\\PROGRA~1\\MIDNIG~1\\ML1HEL~1.EXE /partner ML1"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"VerizonServicepoint.exe"="C:\\Program Files\\Verizon\\Servicepoint\\VerizonServicepoint.exe"
"NWEReboot"=""
"FaxCenterServer"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
"Salestart"="\"C:\\Program Files\\Common Files\\LongLifePC\\bm.exe\" dm=http://longlifepc.com; ad=http://longlifepc.com"
"rtasks"="C:\\Program Files\\LongLifePC\\rtasks.exe"
"HP Software Update"="C:\\HP\\HP Software Update\\HPWuSchd2.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_06\\bin\\jusched.exe\""
"iseeyou"="C:\\Program Files\\BPK\\iseeyou.exe"
"Athan"="C:\\Program Files\\Athan\\Athan.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""
=== Values under HKCU\~\Run ======
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"BitTorrent DNA"="\"C:\\Program Files\\DNA\\btdna.exe\""
=== Folders and Files from "%\" and "%\Windows" Created Last 30 Days ======
7/9/2008 4:12:29 PM 0 32 C:\Files.txt
7/5/2008 4:06:23 PM 0 C:\WINDOWS\.jagex_cache_32
7/8/2008 7:42:56 PM 5019 C:\WINDOWS\LastGood
7/8/2008 7:42:56 PM 5019 C:\WINDOWS\LastGood\Downloaded Program Files
7/5/2008 9:32:29 AM 169582 C:\WINDOWS\system32\system32
6/10/2008 4:37:31 PM 372736 32 C:\WINDOWS\system32\IJL_11.DLL
6/20/2008 12:55:56 AM 135168 32 C:\WINDOWS\system32\java.exe
6/20/2008 12:55:56 AM 135168 32 C:\WINDOWS\system32\javaw.exe
6/20/2008 12:55:56 AM 139264 32 C:\WINDOWS\system32\javaws.exe
6/20/2008 12:55:32 AM 6341 32 C:\WINDOWS\system32\jupdate-1.6.0_06-b02.log
6/10/2008 4:37:32 PM 124688 32 C:\WINDOWS\system32\MSWINSCK.OCX
=== Files under "\Administrator\Startup" Last 30 Days======
=== Files under "\All Users\Startup" Last 30 Days======
=== Folders under "\Program Files" Last 30 Days======
6/10/2008 5:11:16 PM 263237590 C:\Program Files\BPK
6/10/2008 5:17:29 PM 260652098 C:\Program Files\BPK\dt
7/1/2008 2:05:12 PM 376546 C:\Program Files\DNA
7/1/2008 2:05:12 PM 54592 C:\Program Files\DNA\plugins
7/2/2008 7:06:42 PM 20992 C:\Program Files\MagicISO
7/9/2008 11:38:49 AM 2375308781 C:\Program Files\Silkroad
7/9/2008 12:12:45 PM 13380 C:\Program Files\Silkroad\RD
7/9/2008 11:42:39 AM 783 C:\Program Files\Silkroad\Setting
7/9/2008 11:44:11 AM 0 C:\Program Files\Silkroad\temppath
7/9/2008 12:33:30 PM 409512 C:\Program Files\Trend Micro
7/9/2008 12:33:30 PM 409512 C:\Program Files\Trend Micro\HijackThis
7/1/2008 7:29:48 PM 33187174 C:\Program Files\VideoLAN
7/1/2008 7:29:48 PM 33187174 C:\Program Files\VideoLAN\VLC
7/1/2008 7:29:59 PM 299486 C:\Program Files\VideoLAN\VLC\http
7/1/2008 7:29:59 PM 53761 C:\Program Files\VideoLAN\VLC\http\dialogs
7/1/2008 7:29:59 PM 7549 C:\Program Files\VideoLAN\VLC\http\images
7/1/2008 7:29:59 PM 79748 C:\Program Files\VideoLAN\VLC\http\js
7/1/2008 7:29:59 PM 38532 C:\Program Files\VideoLAN\VLC\http\old
7/1/2008 7:29:59 PM 7714 C:\Program Files\VideoLAN\VLC\http\old\admin
7/1/2008 7:29:59 PM 15410 C:\Program Files\VideoLAN\VLC\http\old\vlm
7/1/2008 7:29:59 PM 20216 C:\Program Files\VideoLAN\VLC\http\requests
7/1/2008 7:29:55 PM 7247614 C:\Program Files\VideoLAN\VLC\locale
7/1/2008 7:29:55 PM 755 C:\Program Files\VideoLAN\VLC\locale\af
7/1/2008 7:29:55 PM 755 C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES
7/1/2008 7:29:55 PM 281953 C:\Program Files\VideoLAN\VLC\locale\ar
7/1/2008 7:29:55 PM 281953 C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES
7/1/2008 7:29:55 PM 219602 C:\Program Files\VideoLAN\VLC\locale\ca
7/1/2008 7:29:55 PM 219602 C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES
7/1/2008 7:29:55 PM 667 C:\Program Files\VideoLAN\VLC\locale\co
7/1/2008 7:29:55 PM 667 C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES
7/1/2008 7:29:56 PM 71792 C:\Program Files\VideoLAN\VLC\locale\cs
7/1/2008 7:29:56 PM 71792 C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES
7/1/2008 7:29:56 PM 89678 C:\Program Files\VideoLAN\VLC\locale\da
7/1/2008 7:29:56 PM 89678 C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES
7/1/2008 7:29:56 PM 354263 C:\Program Files\VideoLAN\VLC\locale\de
7/1/2008 7:29:56 PM 354263 C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES
7/1/2008 7:29:56 PM 35886 C:\Program Files\VideoLAN\VLC\locale\en_GB
7/1/2008 7:29:56 PM 35886 C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES
7/1/2008 7:29:56 PM 346236 C:\Program Files\VideoLAN\VLC\locale\es
7/1/2008 7:29:56 PM 346236 C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES
7/1/2008 7:29:56 PM 36167 C:\Program Files\VideoLAN\VLC\locale\eu
7/1/2008 7:29:56 PM 36167 C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES
7/1/2008 7:29:56 PM 175164 C:\Program Files\VideoLAN\VLC\locale\fa
7/1/2008 7:29:57 PM 175164 C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES
7/1/2008 7:29:57 PM 347961 C:\Program Files\VideoLAN\VLC\locale\fr
7/1/2008 7:29:57 PM 347961 C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES
7/1/2008 7:29:57 PM 65813 C:\Program Files\VideoLAN\VLC\locale\fur
7/1/2008 7:29:57 PM 65813 C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES
7/1/2008 7:29:57 PM 333534 C:\Program Files\VideoLAN\VLC\locale\gl
7/1/2008 7:29:57 PM 333534 C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES
7/1/2008 7:29:57 PM 76327 C:\Program Files\VideoLAN\VLC\locale\he
7/1/2008 7:29:57 PM 76327 C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES
7/1/2008 7:29:57 PM 5638 C:\Program Files\VideoLAN\VLC\locale\hi
7/1/2008 7:29:57 PM 5638 C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES
7/1/2008 7:29:57 PM 278234 C:\Program Files\VideoLAN\VLC\locale\hu
7/1/2008 7:29:57 PM 278234 C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES
7/1/2008 7:29:57 PM 268696 C:\Program Files\VideoLAN\VLC\locale\it
7/1/2008 7:29:57 PM 268696 C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES
7/1/2008 7:29:57 PM 82114 C:\Program Files\VideoLAN\VLC\locale\ja
7/1/2008 7:29:57 PM 82114 C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES
7/1/2008 7:29:57 PM 81519 C:\Program Files\VideoLAN\VLC\locale\ka
7/1/2008 7:29:57 PM 81519 C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES
7/1/2008 7:29:57 PM 48624 C:\Program Files\VideoLAN\VLC\locale\ko
7/1/2008 7:29:57 PM 48624 C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES
7/1/2008 7:29:57 PM 1572 C:\Program Files\VideoLAN\VLC\locale\lt
7/1/2008 7:29:57 PM 1572 C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES
7/1/2008 7:29:57 PM 11158 C:\Program Files\VideoLAN\VLC\locale\lv
7/1/2008 7:29:57 PM 11158 C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES
7/1/2008 7:29:57 PM 354708 C:\Program Files\VideoLAN\VLC\locale\ms
7/1/2008 7:29:57 PM 354708 C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES
7/1/2008 7:29:57 PM 7699 C:\Program Files\VideoLAN\VLC\locale\nb
7/1/2008 7:29:57 PM 7699 C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES
7/1/2008 7:29:57 PM 573092 C:\Program Files\VideoLAN\VLC\locale\ne
7/1/2008 7:29:57 PM 573092 C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES
7/1/2008 7:29:57 PM 118748 C:\Program Files\VideoLAN\VLC\locale\nl
7/1/2008 7:29:57 PM 118748 C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES
7/1/2008 7:29:57 PM 8746 C:\Program Files\VideoLAN\VLC\locale\nn
7/1/2008 7:29:57 PM 8746 C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES
7/1/2008 7:29:57 PM 32076 C:\Program Files\VideoLAN\VLC\locale\oc
7/1/2008 7:29:57 PM 32076 C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES
7/1/2008 7:29:57 PM 2531 C:\Program Files\VideoLAN\VLC\locale\pa
7/1/2008 7:29:57 PM 2531 C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES
7/1/2008 7:29:57 PM 225237 C:\Program Files\VideoLAN\VLC\locale\pl
7/1/2008 7:29:57 PM 225237 C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES
7/1/2008 7:29:57 PM 78724 C:\Program Files\VideoLAN\VLC\locale\pt_BR
7/1/2008 7:29:57 PM 78724 C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES
7/1/2008 7:29:57 PM 305870 C:\Program Files\VideoLAN\VLC\locale\ro
7/1/2008 7:29:57 PM 305870 C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES
7/1/2008 7:29:57 PM 430746 C:\Program Files\VideoLAN\VLC\locale\ru
7/1/2008 7:29:57 PM 430746 C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES
7/1/2008 7:29:57 PM 396520 C:\Program Files\VideoLAN\VLC\locale\sk
7/1/2008 7:29:58 PM 396520 C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES
7/1/2008 7:29:58 PM 345969 C:\Program Files\VideoLAN\VLC\locale\sl
7/1/2008 7:29:58 PM 345969 C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES
7/1/2008 7:29:58 PM 1329 C:\Program Files\VideoLAN\VLC\locale\sq
7/1/2008 7:29:58 PM 1329 C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES
7/1/2008 7:29:58 PM 468224 C:\Program Files\VideoLAN\VLC\locale\sr
7/1/2008 7:29:58 PM 468224 C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES
7/1/2008 7:29:58 PM 213278 C:\Program Files\VideoLAN\VLC\locale\sv
7/1/2008 7:29:58 PM 213278 C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES
7/1/2008 7:29:58 PM 116561 C:\Program Files\VideoLAN\VLC\locale\th
7/1/2008 7:29:58 PM 116561 C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES
7/1/2008 7:29:58 PM 60619 C:\Program Files\VideoLAN\VLC\locale\tr
7/1/2008 7:29:58 PM 60619 C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES
7/1/2008 7:29:58 PM 196694 C:\Program Files\VideoLAN\VLC\locale\zh_CN
7/1/2008 7:29:58 PM 196694 C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES
7/1/2008 7:29:58 PM 96890 C:\Program Files\VideoLAN\VLC\locale\zh_TW
7/1/2008 7:29:59 PM 96890 C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES
7/1/2008 7:29:59 PM 545053 C:\Program Files\VideoLAN\VLC\osdmenu
7/1/2008 7:29:59 PM 233475 C:\Program Files\VideoLAN\VLC\osdmenu\default
7/1/2008 7:29:59 PM 98458 C:\Program Files\VideoLAN\VLC\osdmenu\default\selected
7/1/2008 7:29:59 PM 99031 C:\Program Files\VideoLAN\VLC\osdmenu\default\selection
7/1/2008 7:29:59 PM 23886 C:\Program Files\VideoLAN\VLC\osdmenu\default\volume
7/1/2008 7:29:59 PM 308379 C:\Program Files\VideoLAN\VLC\osdmenu\dvd
7/1/2008 7:29:59 PM 149923 C:\Program Files\VideoLAN\VLC\osdmenu\dvd\selected
7/1/2008 7:29:59 PM 135036 C:\Program Files\VideoLAN\VLC\osdmenu\dvd\selection
7/1/2008 7:29:59 PM 11808 C:\Program Files\VideoLAN\VLC\osdmenu\dvd\unselect
7/1/2008 7:29:59 PM 11612 C:\Program Files\VideoLAN\VLC\osdmenu\dvd\volume
7/1/2008 7:29:48 PM 20816896 C:\Program Files\VideoLAN\VLC\plugins
7/1/2008 7:29:59 PM 487055 C:\Program Files\VideoLAN\VLC\skins
7/1/2008 7:29:59 PM 320855 C:\Program Files\VideoLAN\VLC\skins\fonts
=== Files under "\System32\Drivers" Last 30 Days======
Deathflash
28 Posts
0
July 9th, 2008 22:00
I have some bad news. There was a keylogger on my computer, and I even talked to him on notepad. He did something and now when he took full control of my computer, I couldnt log in.
Error:
Windows could not start because the following fole is missing or corrupt
/system32/hal.dll
Please reinstall a copy of the above file.
what do i do know? I have disconnected my internet conection to keep him out, but now I cannot get in.
bamajim
10.4K Posts
0
July 10th, 2008 11:00
Deathflash
and I even talked to him on notepad.
How did that go? That's a new one on me.
Do you have a copy of th XP OS (Operating System) disk that came with your PC?
"The world is what you make of it"
Deathflash
28 Posts
0
July 10th, 2008 14:00
Well,
When I got on, he had opened notepad and was actually typing. I probably downloaded something pretty stupid, and it was one of those things where you can control a computer, with yours being the server, isnt it called like VLC or something.
I don't have the OS disk, never got it with my computer. Is there any way I can buy it? Or is there any other way?
He was probably watching when I signed into paypal...and my email which he hacked. For some reason, he gave me back my passwords for the email. I've changed EVERY password I've had so atleast Im in the clear...but what the heck did he do that corrupted my OS?
bamajim
10.4K Posts
0
July 10th, 2008 15:00
You did download a remote access program. And we can clean the PC, but first we need to get you back on.
See if you can boot into Safe mode. If you can then reply. If not, without the OS disk, follow the instructions at theis LINK
"The world is what you make of it"
Deathflash
28 Posts
0
July 10th, 2008 19:00
Bamajim,
I cannot go into safe mode, because the error wont let me in.
And on that link, it won't tell me how to fix it without the OS disk...guess I need to find a way to get it?
Any advice on how I can get the disk for free?
bamajim
10.4K Posts
0
July 10th, 2008 19:00
DeathFlash
Borrow a copy of XP from someone you know, then follow the instrcutions at the link provided to extract the file from the disk.
"The world is what you make of it"
Deathflash
28 Posts
0
August 8th, 2008 15:00
Well, I got my computer up and running again. What do you need now?
bamajim
10.4K Posts
0
August 10th, 2008 23:00
DeathFlash
Are you able to get into Safe Mode now?
And did you uninstall that remote program?
"The world is what you make of it"
Deathflash
28 Posts
0
August 11th, 2008 19:00
Yes, I am able to go into safemode but I get an error 769 when I try to log into my internet.
Now, I re-OSed my whole system, deleted everything and installed a new Media Edition OS SP3 on it. So I guess that the remote software is gone. But I looked in my system, and there was nothing pertaining to an Ethernet port, except on thats there with a question mark next to them.
By the way, this dosn't help at all since theres an ethernet, with a question mark next to it:
http://support.microsoft.com/kb/316395