Help
My PC Hell Forum
November 22, 2008, 05:59:45 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Moving to New Location Soon! Watch out for notification. 14th Dec 2007.
 
   Home   Help Search Calendar Login Register  
Pages: 1 2 3 [4] 5 6
« previous next »
  Print  
Author Topic: Help  (Read 5340 times)
Kabith
Rising Star
***
Posts: 109



View Profile
« Reply #45 on: March 19, 2008, 06:39:58 AM »
I am terribly sorry for not replying on time because my phone line broke down. Another problem is, HJT is not saving the log file. If it is, please tell me wher to find it. When I click on save log, the log does not even appear.
Logged
Essexboy
Administrator
*****
Posts: 899



View Profile WWW
« Reply #46 on: March 19, 2008, 05:11:21 PM »
The log will be in the same location as the Hijackthis programme - Probably C:\Documents and Settings\Kabith\Desktop\HiJackThis
i.e. on your desktop
Logged
VISTA
XPsp2
Avast (of course)



http://spaces.msn.com/members/essexboymkn/

 If ignorance is bliss  why aren't more people happy?
Kabith
Rising Star
***
Posts: 109



View Profile
« Reply #47 on: March 20, 2008, 07:54:30 AM »
Logfile of TrendMicro HijackThis
C:\Documents and Settings\All Users\Application Data\TEMP : 0F8F5844  (112 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\TEMP : 5C321E34  (115 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\TEMP : 0F8F5844  (112 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\TEMP : 5C321E34  (115 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\WINDOWS\Prefetch\SYSTEM32 : DLIHOST.EXE-03EBDF43.pf  (13222 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
Logged
Kabith
Rising Star
***
Posts: 109



View Profile
« Reply #48 on: March 20, 2008, 09:18:36 AM »
Quote
C:\WINDOWS\Prefetch\SYSTEM32 : DLIHOST.EXE-03EBDF43.pf  (13222 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
Is this the problem? Can I delete it?
Logged
Essexboy
Administrator
*****
Posts: 899



View Profile WWW
« Reply #49 on: March 20, 2008, 04:18:49 PM »
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:
@C:\Documents and Settings\All Users\Application Data\TEMP : 0F8F5844 
@C:\Documents and Settings\All Users\Application Data\TEMP : 5C321E34
@C:\Documents and Settings\All Users\Application Data\TEMP : 0F8F5844 
@C:\Documents and Settings\All Users\Application Data\TEMP : 5C321E34 
@C:\WINDOWS\Prefetch\SYSTEM32 : DLIHOST.EXE-03EBDF43.pf 
@C:\WINDOWS\system32:dlihost.exe
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.

  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Logged
VISTA
XPsp2
Avast (of course)



http://spaces.msn.com/members/essexboymkn/

 If ignorance is bliss  why aren't more people happy?
Kabith
Rising Star
***
Posts: 109



View Profile
« Reply #50 on: March 20, 2008, 11:35:23 PM »
[Custom Input]
< @C:\Documents and Settings\All Users\Application Data\TEMP : 0F8F5844   >
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP : 0F8F5844 .
< @C:\Documents and Settings\All Users\Application Data\TEMP : 5C321E34  >
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP : 5C321E34 .
< @C:\Documents and Settings\All Users\Application Data\TEMP : 0F8F5844   >
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP : 0F8F5844 .
< @C:\Documents and Settings\All Users\Application Data\TEMP : 5C321E34   >
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP : 5C321E34 .
< @C:\WINDOWS\Prefetch\SYSTEM32 : DLIHOST.EXE-03EBDF43.pf   >
Unable to delete ADS C:\WINDOWS\Prefetch\SYSTEM32 : DLIHOST.EXE-03EBDF43.pf .
< @C:\WINDOWS\system32:dlihost.exe >
Unable to delete ADS C:\WINDOWS\system32:dlihost.exe .
 
OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03212008_090428
Logged
Essexboy
Administrator
*****
Posts: 899



View Profile WWW
« Reply #51 on: March 22, 2008, 08:34:35 AM »
Hi Kabith sorry for the delay I had a busy day yesterday

OK that did not kill it lets try HJT again

  • Open HiJackThis
  • Click on Just start the programme 
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "Open ADS Spy.."
  • Click on "Scan"
  • select the following
C:\Documents and Settings\All Users\Application Data\TEMP : 0F8F5844  (112 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\TEMP : 5C321E34  (115 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\TEMP : 0F8F5844  (112 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\TEMP : 5C321E34  (115 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\WINDOWS\Prefetch\SYSTEM32 : DLIHOST.EXE-03EBDF43.pf  (13222 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
  • Click on "Remove selected"

How is your computer running now ?
Logged
VISTA
XPsp2
Avast (of course)



http://spaces.msn.com/members/essexboymkn/

 If ignorance is bliss  why aren't more people happy?
Kabith
Rising Star
***
Posts: 109



View Profile
« Reply #52 on: March 22, 2008, 10:59:40 AM »
Comp is fast, but is there any way I can boost the RAM usage ? My game are terribly slow in high Resolution, especially NFS Pro Street
Logged
Essexboy
Administrator
*****
Posts: 899



View Profile WWW
« Reply #53 on: March 22, 2008, 01:29:54 PM »
Total Physical Memory: 504 MiB (512 MiB recommended)  You need more RAM you are running at the bare limit now 1Gb would be better

Try this site and it will tell you what RAM your system can take

http://www.crucial.com/systemscanner/
Logged
VISTA
XPsp2
Avast (of course)



http://spaces.msn.com/members/essexboymkn/

 If ignorance is bliss  why aren't more people happy?
Kabith
Rising Star
***
Posts: 109



View Profile
« Reply #54 on: March 23, 2008, 06:04:31 AM »
I just upgraded to 1GB RAM. Another thing, I have done what you said. What should I do next?
Logged
Kabith
Rising Star
***
Posts: 109



View Profile
« Reply #55 on: March 23, 2008, 06:07:23 AM »
My comp has slowed down a little.
Logged
Essexboy
Administrator
*****
Posts: 899



View Profile WWW
« Reply #56 on: March 23, 2008, 08:52:21 AM »
Lets have a look at your startups and drivers - see if I can remove a few from there  This will be resolved one way or the other

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt  -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Logged
VISTA
XPsp2
Avast (of course)



http://spaces.msn.com/members/essexboymkn/

 If ignorance is bliss  why aren't more people happy?
Kabith
Rising Star
***
Posts: 109



View Profile
« Reply #57 on: March 24, 2008, 06:16:33 AM »
Deckard's System Scanner v20071014.68
Run by Kabith on 2008-03-24 15:45:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Kabith.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45:35, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Altiris\eXpress\Client Recovery Agent\AeXRSAgt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\MAKTray.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\MAKHKEY.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nakido\nakido.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IDA\ida.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Kabith\Desktop\msgr8us.exe
C:\DOCUME~1\Kabith\LOCALS~1\Temp\nsn2E4.tmp\msgr8us.2008.03.14.02.exe
C:\DOCUME~1\Kabith\LOCALS~1\Temp\GLB307.tmp
C:\Documents and Settings\Kabith\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kabith.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: IDA Bar - {C70E30C7-140A-4166-A2E8-43557E62B41A} - C:\Program Files\IDA\idabar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MAKTray] MAKTray.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Altiris Recovery Solution Agent - Altiris, Inc. - C:\Program Files\Altiris\eXpress\Client Recovery Agent\AeXRSAgt.exe
O23 - Service: Altiris Recovery Solution FAL Stopper - Altiris, Inc. - C:\Program Files\Altiris\eXpress\Client Recovery Agent\AeXFALS.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Logged
Kabith
Rising Star
***
Posts: 109



View Profile
« Reply #58 on: March 24, 2008, 06:16:55 AM »
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nakido - Nakido - C:\Program Files\Nakido\nakido.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10110 bytes

-- Files created between 2008-02-24 and 2008-03-24 -----------------------------

2008-03-24 15:40:01         0 dr-h----- C:\Documents and Settings\Kabith\Recent
2008-03-23 18:54:46         0 d-------- C:\613040c204bcd11cf7b0
2008-03-23 18:28:01         0 d-------- C:\Program Files\EsetOnlineScanner
2008-03-20 17:19:01         0 d-------- C:\Program Files\Trend Micro
2008-03-20 17:06:34         0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-20 16:04:55         0 d-------- C:\Program Files\Bonjour
2008-03-20 15:47:25         0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-16 18:53:20         0 d-------- C:\New Folder
2008-03-15 15:03:46         0 d-------- C:\WINDOWS\ERUNT
2008-03-15 14:50:52         0 d-------- C:\Documents and Settings\Kabith\%systemdrive%
2008-03-15 14:08:33         0 d-------- C:\Program Files\EasyCapture
2008-03-13 18:04:02         0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-13 18:03:55      4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-13 18:03:48     11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-03-13 18:03:28         0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-03-13 18:02:47         0 d-------- C:\WINDOWS\Internet Logs
2008-03-04 17:31:30         0 d-------- C:\Program Files\EULAlyzer
2008-03-03 16:21:38         0 d-------- C:\Program Files\EA GAMES
2008-03-03 12:22:19         0 d-------- C:\Program Files\Windows Installer Clean Up
2008-03-03 10:12:06         0 d-------- C:\Program Files\Croteam
2008-03-02 20:39:53     68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-02 20:39:53     98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-02 20:39:53     80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-02 20:39:53     73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-02 20:03:01         0 d-------- C:\NoLopBackups
2008-03-02 17:10:59         0 d-------- C:\Program Files\MSECACHE
2008-03-02 16:43:58         0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-02 16:14:02         0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-01 11:25:58         0 d-------- C:\Documents and Settings\All Users\Application Data\active move body safe
2008-03-01 11:25:21         0 d-------- C:\Program Files\Help Army Debug
2008-03-01 11:25:20         0 d-------- C:\Documents and Settings\Kabith\Application Data\Help Army Debug
2008-02-29 19:29:40         0 d-------- C:\Program Files\GameSpy Arcade
2008-02-29 19:07:37    223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-02-29 19:07:36         0 d-------- C:\Program Files\DAEMON Tools
2008-02-29 19:04:16    664064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-29 19:04:15     96256 --a------ C:\WINDOWS\system32\drivers\sptd5901.sys
2008-02-29 13:03:43        10 --a------ C:\WINDOWS\popcinfo.dat
2008-02-29 12:15:49         0 d-------- C:\Program Files\Zuma Deluxe
2008-02-27 13:11:30         0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-02-26 19:03:47         0 d-------- C:\Program Files\Yahoo!
2008-02-26 16:59:04         0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-26 16:58:58         0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-26 16:58:58         0 d-------- C:\Documents and Settings\Kabith\Application Data\SUPERAntiSpyware.com
2008-02-26 16:29:29         0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-26 16:11:24         0 d-------- C:\Documents and Settings\All Users\Application Data\Arovax
2008-02-25 13:04:33         0 d-------- C:\Program Files\Common Files\EasyInfo


-- Find3M Report ---------------------------------------------------------------

2008-03-24 15:41:44         0 d-------- C:\Program Files\IDA
2008-03-24 15:38:26         0 d-------- C:\Program Files\Nakido
2008-03-24 10:40:40    274432 --a------ C:\WINDOWS\hudeft
2008-03-24 10:40:40   4747264 --a------ C:\WINDOWS\hklmsys
2008-03-24 10:40:40     53248 --a------ C:\WINDOWS\hklmseq
2008-03-24 10:40:40     24576 --a------ C:\WINDOWS\hklmsam
2008-03-24 10:40:39  27648000 --a------ C:\WINDOWS\hklmsoft
2008-03-23 18:39:00         0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-23 15:51:07         0 d-------- C:\Program Files\SpywareBlaster
2008-03-21 19:15:42         0 d-------- C:\Documents and Settings\Kabith\Application Data\Adobe
2008-03-20 18:38:45         0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-03-20 16:04:52         0 d-------- C:\Program Files\Common Files\Adobe
2008-03-20 15:47:25         0 d-------- C:\Program Files\Common Files
2008-03-14 16:01:16         0 d-------- C:\Program Files\Common Files\HP
2008-03-13 20:30:37         0 d-------- C:\Documents and Settings\Kabith\Application Data\LimeWire
2008-03-03 10:11:46         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-26 18:06:51         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-21 16:07:24         0 d-------- C:\Documents and Settings\Kabith\Application Data\WinPatrol
2008-02-21 16:06:11         0 d-------- C:\Program Files\BillP Studios
2008-02-20 17:14:21         0 d-------- C:\Documents and Settings\Kabith\Application Data\Image Zone Express
2008-02-20 16:45:54    102364 --a------ C:\WINDOWS\hpqins13.dat
2008-02-20 14:22:22         0 d-------- C:\Documents and Settings\Kabith\Application Data\Macromedia
2008-02-20 14:22:19      1138 --a------ C:\WINDOWS\mozver.dat
2008-02-19 19:00:16         0 d-------- C:\Documents and Settings\Kabith\Application Data\ESET
2008-02-19 18:33:34         0 d-------- C:\Program Files\TubeSucker
2008-02-19 15:54:31         0 d-------- C:\Program Files\Schanz Interactive
2008-02-13 21:36:47         0 d-------- C:\Program Files\FLV Player
2008-02-11 16:51:52         0 d-------- C:\Program Files\Windows Live Safety Center
2008-02-11 16:11:28         0 d-------- C:\Documents and Settings\Kabith\Application Data\MxBoost
2008-02-11 15:57:25         0 d-------- C:\Program Files\SiteAdvisor
2008-02-11 15:55:34         0 d-------- C:\Program Files\Maxthon2
2008-02-11 09:39:26    253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-11 09:39:18    237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-08 16:54:27         0 d-------- C:\Program Files\InterActual
2008-02-08 16:48:05         0 d-------- C:\Program Files\AirStrike II
2008-02-08 16:39:25         0 d-------- C:\Program Files\Nokia
2008-02-08 16:34:45         0 d-------- C:\Program Files\Common Files\Nokia
2008-02-08 13:53:46    110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-07 15:58:30         0 d-------- C:\Program Files\LimeWire
2008-02-06 16:34:21     50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-02-05 21:11:42         0 d-------- C:\Program Files\Picasa2
2008-02-05 21:01:51         0 d-------- C:\Program Files\Google
2008-02-05 21:00:19    673792 --a------ C:\WINDOWS\is-MTM2I.exe <Not Verified; ; Inno Setup>
2008-02-05 08:48:04     77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2007-12-24 02:22:32         0 -rahs---- C:\MSDOS.SYS
2007-12-24 02:22:32         0 -rahs---- C:\IO.SYS


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [29/06/2004 15:36 C:\WINDOWS\AGRSMMSG.exe]
"MAKTray"="MAKTray.exe" [28/08/2004 06:37 C:\WINDOWS\MAKTray.exe]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [21/11/2003 00:31]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [30/03/2007 21:12]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [20/09/2005 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20/09/2005 09:32]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [21/12/2007 08:21]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 17:30]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 17:30]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 17:30]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 17:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:26]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [13/01/2008 13:29:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Internet Download Accelerator"=C:\Program Files\IDA\ida.exe -autorun
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"ManagerMore"=C:\DOCUME~1\Kabith\APPLIC~1\HELPAR~1\datemathaxis.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"AEXRSAgtEXE"=C:\Program Files\Altiris\eXpress\Client Recovery Agent\AeXRSAgt.exe -Logon
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{939cb78b-b199-11dc-920b-806d6172696f}]
AutoRun\command- D:\setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2563DA26-40A7-A641-3235-308CA13E866F}]
C:\WINDOWS\system32:dlihost.exe



-- End of Deckard's System Scanner: finished at 2008-03-24 15:45:58 ------------
Logged
Kabith
Rising Star
***
Posts: 109



View Profile
« Reply #59 on: March 24, 2008, 07:04:21 AM »
extra.txt is not coming
Logged
Pages: 1 2 3 [4] 5 6
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC Valid XHTML 1.0! Valid CSS!