Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

axxt32.dll?

Started by Chromo , Jan 16 2006 12:06 AM

  • Please log in to reply

#1
Chromo
Posted 16 January 2006 - 12:06 AM

Chromo

    Member

  • Member
  • PipPip
  • 20 posts
lately my com. been pretty messed up by spyware/virus, and ive finnaly taken better security measures, so things are getting better. although one big problem im having right now is that many programs, most impotantly inernet explorer will not run, im not sure how big a problem this is though, or if its even spyware/viruses.

its the Internet Explorer has encountered a problem and needs to close. message

the error signature is:

AppName: iexplore.exe AppVer: 6.0.2800.1106 ModName: axxt32.dll
ModVer: 0.0.0.0 Offset: 00003da2

i thought this had somthing to do with the axxt32.dll but im not sure.

heres my hijack this log......

Logfile of HijackThis v1.99.1
Scan saved at 10:04:46 PM, on 1/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\AOL\1136953129\ee\AOLSoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\Searchx.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8.hpwis.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136953129\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflas...in/powerres.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1137266969765
O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
O20 - Winlogon Notify: axxt32 - C:\WINDOWS\SYSTEM32\axxt32.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • 0

Advertisements

#2
Wizard
Posted 16 January 2006 - 05:13 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi Chromo and Welcome to GeekstoGo!


Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click Download Now to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply along with a fresh HijackThis log.

  • 0

#3
Chromo
Posted 16 January 2006 - 02:21 PM

Chromo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
whoa, thats a really good spyware app.



********
10:10 AM: | Start of Session, Monday, January 16, 2006 |
10:10 AM: Spy Sweeper started
10:10 AM: Sweep initiated using definitions version 602
10:10 AM: Starting Memory Sweep
10:13 AM: Memory Sweep Complete, Elapsed Time: 00:03:22
10:13 AM: Starting Registry Sweep
10:13 AM: Found Trojan Horse: trojan-downloader-hochladen
10:13 AM: HKLM\system\currentcontrolset\services\i386p\ (11 subtraces) (ID = 1021419)
10:13 AM: Found Adware: ie driver searchx.htm hijack
10:13 AM: HKU\S-1-5-21-365055061-1766232190-1966774039-1003\software\microsoft\internet explorer\main\ || search bar (ID = 127908)
10:13 AM: Registry Sweep Complete, Elapsed Time:00:00:24
10:14 AM: Starting Cookie Sweep
10:14 AM: Found Spy Cookie: sandboxer cookie
10:14 AM: owner@0[2].txt (ID = 3282)
10:14 AM: owner@0[3].txt (ID = 3282)
10:14 AM: Found Spy Cookie: 2o7.net cookie
10:14 AM: [email protected][1].txt (ID = 1958)
10:14 AM: Found Spy Cookie: 247realmedia cookie
10:14 AM: owner@247realmedia[1].txt (ID = 1953)
10:14 AM: owner@2o7[1].txt (ID = 1957)
10:14 AM: owner@2o7[2].txt (ID = 1957)
10:14 AM: owner@2o7[4].txt (ID = 1957)
10:14 AM: Found Spy Cookie: 888 cookie
10:14 AM: owner@888[1].txt (ID = 2019)
10:14 AM: owner@888[2].txt (ID = 2019)
10:14 AM: Found Spy Cookie: websponsors cookie
10:14 AM: [email protected][1].txt (ID = 3665)
10:14 AM: Found Spy Cookie: go.com cookie
10:14 AM: [email protected][1].txt (ID = 2729)
10:14 AM: Found Spy Cookie: abcsearch cookie
10:14 AM: owner@abcsearch[1].txt (ID = 2033)
10:14 AM: Found Spy Cookie: abetterinternet cookie
10:14 AM: owner@abetterinternet[1].txt (ID = 2035)
10:14 AM: Found Spy Cookie: about cookie
10:14 AM: owner@about[1].txt (ID = 2037)
10:14 AM: Found Spy Cookie: yieldmanager cookie
10:14 AM: [email protected][2].txt (ID = 3751)
10:14 AM: [email protected][3].txt (ID = 3751)
10:14 AM: Found Spy Cookie: adecn cookie
10:14 AM: owner@adecn[1].txt (ID = 2063)
10:14 AM: Found Spy Cookie: adknowledge cookie
10:14 AM: owner@adknowledge[1].txt (ID = 2072)
10:14 AM: owner@adknowledge[3].txt (ID = 2072)
10:14 AM: Found Spy Cookie: adlegend cookie
10:14 AM: owner@adlegend[1].txt (ID = 2074)
10:14 AM: Found Spy Cookie: hbmediapro cookie
10:14 AM: [email protected][2].txt (ID = 2768)
10:14 AM: [email protected][3].txt (ID = 2768)
10:14 AM: Found Spy Cookie: specificclick.com cookie
10:14 AM: [email protected][1].txt (ID = 3400)
10:14 AM: [email protected][2].txt (ID = 3400)
10:14 AM: Found Spy Cookie: adprofile cookie
10:14 AM: owner@adprofile[2].txt (ID = 2084)
10:14 AM: Found Spy Cookie: adrevolver cookie
10:14 AM: owner@adrevolver[1].txt (ID = 2088)
10:14 AM: owner@adrevolver[2].txt (ID = 2088)
10:14 AM: owner@adrevolver[4].txt (ID = 2088)
10:14 AM: owner@adrevolver[5].txt (ID = 2088)
10:14 AM: Found Spy Cookie: addynamix cookie
10:14 AM: [email protected][1].txt (ID = 2062)
10:14 AM: Found Spy Cookie: cc214142 cookie
10:14 AM: [email protected][1].txt (ID = 2367)
10:14 AM: Found Spy Cookie: cd freaks cookie
10:14 AM: [email protected][2].txt (ID = 2371)
10:14 AM: Found Spy Cookie: pointroll cookie
10:14 AM: [email protected][1].txt (ID = 3148)
10:14 AM: [email protected][3].txt (ID = 3148)
10:14 AM: Found Spy Cookie: revenue.net cookie
10:14 AM: [email protected][1].txt (ID = 3258)
10:14 AM: Found Spy Cookie: adserver cookie
10:14 AM: owner@adserver[1].txt (ID = 2141)
10:14 AM: Found Spy Cookie: adtech cookie
10:14 AM: owner@adtech[2].txt (ID = 2155)
10:14 AM: Found Spy Cookie: adultfriendfinder cookie
10:14 AM: owner@adultfriendfinder[1].txt (ID = 2165)
10:14 AM: owner@adultfriendfinder[2].txt (ID = 2165)
10:14 AM: Found Spy Cookie: adultrevenueservice cookie
10:14 AM: owner@adultrevenueservice[2].txt (ID = 2167)
10:14 AM: Found Spy Cookie: alt cookie
10:14 AM: owner@alt[2].txt (ID = 2217)
10:14 AM: Found Spy Cookie: anm.co.uk cookie
10:14 AM: [email protected][2].txt (ID = 2223)
10:14 AM: Found Spy Cookie: apmebf cookie
10:14 AM: owner@apmebf[2].txt (ID = 2229)
10:14 AM: Found Spy Cookie: falkag cookie
10:14 AM: [email protected][1].txt (ID = 2650)
10:14 AM: [email protected][2].txt (ID = 2650)
10:14 AM: [email protected][1].txt (ID = 2650)
10:14 AM: Found Spy Cookie: ask cookie
10:14 AM: owner@ask[1].txt (ID = 2245)
10:14 AM: owner@ask[3].txt (ID = 2245)
10:14 AM: Found Spy Cookie: belnk cookie
10:14 AM: [email protected][1].txt (ID = 2293)
10:14 AM: [email protected][3].txt (ID = 2293)
10:14 AM: Found Spy Cookie: atwola cookie
10:14 AM: owner@atwola[1].txt (ID = 2255)
10:14 AM: owner@atwola[2].txt (ID = 2255)
10:14 AM: owner@atwola[3].txt (ID = 2255)
10:14 AM: Found Spy Cookie: azjmp cookie
10:14 AM: owner@azjmp[2].txt (ID = 2270)
10:14 AM: owner@azjmp[3].txt (ID = 2270)
10:14 AM: Found Spy Cookie: a cookie
10:14 AM: owner@a[1].txt (ID = 2027)
10:14 AM: owner@a[2].txt (ID = 2027)
10:14 AM: Found Spy Cookie: banners cookie
10:14 AM: owner@banners[1].txt (ID = 2282)
10:14 AM: Found Spy Cookie: banner cookie
10:14 AM: owner@banner[1].txt (ID = 2276)
10:14 AM: owner@banner[3].txt (ID = 2276)
10:14 AM: owner@belnk[1].txt (ID = 2292)
10:14 AM: owner@belnk[2].txt (ID = 2292)
10:14 AM: Found Spy Cookie: bluestreak cookie
10:14 AM: owner@bluestreak[1].txt (ID = 2314)
10:14 AM: owner@bluestreak[2].txt (ID = 2314)
10:14 AM: Found Spy Cookie: bravenet cookie
10:14 AM: owner@bravenet[2].txt (ID = 2322)
10:14 AM: Found Spy Cookie: bs.serving-sys cookie
10:14 AM: [email protected][1].txt (ID = 2330)
10:14 AM: [email protected][3].txt (ID = 2330)
10:14 AM: Found Spy Cookie: btgrab cookie
10:14 AM: [email protected][2].txt (ID = 2333)
10:14 AM: Found Spy Cookie: burstnet cookie
10:14 AM: owner@burstnet[1].txt (ID = 2336)
10:14 AM: [email protected][1].txt (ID = 1958)
10:14 AM: Found Spy Cookie: barelylegal cookie
10:14 AM: [email protected][2].txt (ID = 2286)
10:14 AM: Found Spy Cookie: gostats cookie
10:14 AM: [email protected][2].txt (ID = 2748)
10:14 AM: [email protected][1].txt (ID = 1958)
10:14 AM: Found Spy Cookie: casalemedia cookie
10:14 AM: owner@casalemedia[1].txt (ID = 2354)
10:14 AM: owner@casalemedia[2].txt (ID = 2354)
10:14 AM: owner@cc214142[2].txt (ID = 2366)
10:14 AM: Found Spy Cookie: ccbill cookie
10:14 AM: owner@ccbill[2].txt (ID = 2369)
10:14 AM: owner@cdfreaks[1].txt (ID = 2370)
10:14 AM: Found Spy Cookie: centrport net cookie
10:14 AM: owner@centrport[1].txt (ID = 2374)
10:14 AM: owner@centrport[3].txt (ID = 2374)
10:14 AM: Found Spy Cookie: cgi-win cookie
10:14 AM: owner@cgi-win[2].txt (ID = 2376)
10:14 AM: Found Spy Cookie: commission junction cookie
10:14 AM: owner@cj[1].txt (ID = 2453)
10:14 AM: owner@cj[2].txt (ID = 2453)
10:14 AM: Found Spy Cookie: cliks cookie
10:14 AM: owner@cliks[1].txt (ID = 2414)
10:14 AM: [email protected][1].txt (ID = 2371)
10:14 AM: Found Spy Cookie: clickzs cookie
10:14 AM: [email protected][2].txt (ID = 2413)
10:14 AM: [email protected][1].txt (ID = 2413)
10:14 AM: Found Spy Cookie: overture cookie
10:14 AM: [email protected][1].txt (ID = 3106)
10:14 AM: [email protected][1].txt (ID = 3106)
10:14 AM: [email protected][1].txt (ID = 3106)
10:14 AM: Found Spy Cookie: dealtime cookie
10:14 AM: owner@dealtime[2].txt (ID = 2505)
10:14 AM: Found Spy Cookie: did-it cookie
10:14 AM: owner@did-it[1].txt (ID = 2523)
10:14 AM: [email protected][1].txt (ID = 2293)
10:14 AM: [email protected][3].txt (ID = 2293)
10:14 AM: Found Spy Cookie: ru4 cookie
10:14 AM: [email protected][1].txt (ID = 3269)
10:14 AM: [email protected][3].txt (ID = 3269)
10:14 AM: Found Spy Cookie: engage cookie
10:14 AM: [email protected][2].txt (ID = 2611)
10:14 AM: [email protected][1].txt (ID = 1958)
10:14 AM: Found Spy Cookie: exitexchange cookie
10:14 AM: owner@exitexchange[1].txt (ID = 2633)
10:14 AM: Found Spy Cookie: fastclick cookie
10:14 AM: owner@fastclick[2].txt (ID = 2651)
10:14 AM: Found Spy Cookie: wegcash cookie
10:14 AM: [email protected][2].txt (ID = 3682)
10:14 AM: Found Spy Cookie: gamespy cookie
10:14 AM: owner@gamespy[1].txt (ID = 2719)
10:14 AM: Found Spy Cookie: go2net.com cookie
10:14 AM: owner@go2net[1].txt (ID = 2730)
10:14 AM: owner@gostats[2].txt (ID = 2747)
10:14 AM: owner@go[1].txt (ID = 2728)
10:14 AM: Found Spy Cookie: humanclick cookie
10:14 AM: [email protected][2].txt (ID = 2810)
10:14 AM: Found Spy Cookie: clickandtrack cookie
10:14 AM: [email protected][1].txt (ID = 2397)
10:14 AM: [email protected][2].txt (ID = 2397)
10:14 AM: Found Spy Cookie: homestore cookie
10:14 AM: owner@homestore[1].txt (ID = 2793)
10:14 AM: Found Spy Cookie: hotlog cookie
10:14 AM: owner@hotlog[2].txt (ID = 2801)
10:14 AM: Found Spy Cookie: hotmatch cookie
10:14 AM: owner@hotmatch[1].txt (ID = 3854)
10:14 AM: Found Spy Cookie: howstuffworks cookie
10:14 AM: owner@howstuffworks[1].txt (ID = 2805)
10:14 AM: Found Spy Cookie: hypertracker.com cookie
10:14 AM: owner@hypertracker[2].txt (ID = 2817)
10:14 AM: Found Spy Cookie: ic-live cookie
10:14 AM: owner@ic-live[1].txt (ID = 2821)
10:14 AM: Found Spy Cookie: internetfuel cookie
10:14 AM: owner@internetfuel[2].txt (ID = 2873)
10:14 AM: Found Spy Cookie: kinghost cookie
10:14 AM: owner@kinghost[1].txt (ID = 2903)
10:14 AM: Found Spy Cookie: kmpads cookie
10:14 AM: owner@kmpads[1].txt (ID = 2909)
10:14 AM: owner@kmpads[2].txt (ID = 2909)
10:14 AM: Found Spy Cookie: domainsponsor cookie
10:14 AM: [email protected][1].txt (ID = 2535)
10:14 AM: Found Spy Cookie: maxserving cookie
10:14 AM: owner@maxserving[1].txt (ID = 2966)
10:14 AM: owner@maxserving[3].txt (ID = 2966)
10:14 AM: Found Spy Cookie: metareward.com cookie
10:14 AM: owner@metareward[2].txt (ID = 2990)
10:14 AM: [email protected][1].txt (ID = 1958)
10:14 AM: Found Spy Cookie: mrskin cookie
10:14 AM: owner@mrskin[2].txt (ID = 3020)
10:14 AM: [email protected][1].txt (ID = 1958)
10:14 AM: Found Spy Cookie: mygeek cookie
10:14 AM: owner@mygeek[1].txt (ID = 3041)
10:14 AM: owner@mygeek[2].txt (ID = 3041)
10:14 AM: Found Spy Cookie: nextag cookie
10:14 AM: owner@nextag[2].txt (ID = 5014)
10:14 AM: owner@nextag[3].txt (ID = 5014)
10:14 AM: Found Spy Cookie: offeroptimizer cookie
10:14 AM: owner@offeroptimizer[2].txt (ID = 3087)
10:14 AM: Found Spy Cookie: oinadserve cookie
10:14 AM: owner@oinadserve[2].txt (ID = 3091)
10:14 AM: Found Spy Cookie: okcounter.com cookie
10:14 AM: owner@okcounter[2].txt (ID = 3093)
10:14 AM: owner@overture[2].txt (ID = 3105)
10:14 AM: [email protected][1].txt (ID = 1958)
10:14 AM: Found Spy Cookie: touchclarity cookie
10:14 AM: [email protected][1].txt (ID = 3567)
10:14 AM: Found Spy Cookie: partypoker cookie
10:14 AM: owner@partypoker[2].txt (ID = 3111)
10:14 AM: owner@partypoker[3].txt (ID = 3111)
10:14 AM: Found Spy Cookie: passion cookie
10:14 AM: owner@passion[1].txt (ID = 3113)
10:14 AM: Found Spy Cookie: paycounter cookie
10:14 AM: owner@paycounter[1].txt (ID = 3115)
10:14 AM: owner@paycounter[2].txt (ID = 3115)
10:14 AM: owner@paycounter[4].txt (ID = 3115)
10:14 AM: Found Spy Cookie: paypopup cookie
10:14 AM: owner@paypopup[2].txt (ID = 3119)
10:14 AM: [email protected][1].txt (ID = 3106)
10:14 AM: [email protected][2].txt (ID = 3106)
10:14 AM: [email protected][1].txt (ID = 2038)
10:14 AM: Found Spy Cookie: valuead cookie
10:14 AM: [email protected][2].txt (ID = 3627)
10:14 AM: Found Spy Cookie: pricegrabber cookie
10:14 AM: owner@pricegrabber[2].txt (ID = 3185)
10:14 AM: Found Spy Cookie: qksrv cookie
10:14 AM: owner@qksrv[2].txt (ID = 3213)
10:14 AM: Found Spy Cookie: qsrch cookie
10:14 AM: owner@qsrch[2].txt (ID = 3215)
10:14 AM: Found Spy Cookie: questionmarket cookie
10:14 AM: owner@questionmarket[1].txt (ID = 3217)
10:14 AM: owner@questionmarket[3].txt (ID = 3217)
10:14 AM: Found Spy Cookie: realmedia cookie
10:14 AM: owner@realmedia[1].txt (ID = 3235)
10:14 AM: owner@realmedia[2].txt (ID = 3235)
10:14 AM: [email protected][2].txt (ID = 3627)
10:14 AM: Found Spy Cookie: reunion cookie
10:14 AM: owner@reunion[2].txt (ID = 3255)
10:14 AM: owner@reunion[3].txt (ID = 3255)
10:14 AM: owner@revenue[1].txt (ID = 3257)
10:14 AM: owner@revenue[2].txt (ID = 3257)
10:14 AM: Found Spy Cookie: rn11 cookie
10:14 AM: owner@rn11[2].txt (ID = 3261)
10:14 AM: Found Spy Cookie: adjuggler cookie
10:14 AM: [email protected][1].txt (ID = 2071)
10:14 AM: Found Spy Cookie: search123 cookie
10:14 AM: owner@search123[1].txt (ID = 3305)
10:14 AM: Found Spy Cookie: techtarget cookie
10:14 AM: [email protected][1].txt (ID = 3500)
10:14 AM: Found Spy Cookie: server.iad.liveperson cookie
10:14 AM: [email protected][2].txt (ID = 3341)
10:14 AM: Found Spy Cookie: web-stat cookie
10:14 AM: [email protected][1].txt (ID = 3649)
10:14 AM: Found Spy Cookie: serving-sys cookie
10:14 AM: owner@serving-sys[1].txt (ID = 3343)
10:14 AM: owner@serving-sys[2].txt (ID = 3343)
10:14 AM: Found Spy Cookie: adbureau cookie
10:14 AM: [email protected][2].txt (ID = 2060)
10:14 AM: Found Spy Cookie: socalcoeds.com cookie
10:14 AM: owner@socalcoeds[2].txt (ID = 3393)
10:14 AM: [email protected][1].txt (ID = 1958)
10:14 AM: Found Spy Cookie: spylog cookie
10:14 AM: owner@spylog[1].txt (ID = 3415)
10:14 AM: owner@spylog[2].txt (ID = 3415)
10:14 AM: [email protected][1].txt (ID = 2506)
10:14 AM: Found Spy Cookie: onestat.com cookie
10:14 AM: [email protected][2].txt (ID = 3098)
10:14 AM: Found Spy Cookie: statcounter cookie
10:14 AM: owner@statcounter[1].txt (ID = 3447)
10:14 AM: owner@statcounter[2].txt (ID = 3447)
10:14 AM: Found Spy Cookie: reliablestats cookie
10:14 AM: [email protected][1].txt (ID = 3254)
10:14 AM: [email protected][3].txt (ID = 3254)
10:14 AM: Found Spy Cookie: stiffycash cookie
10:14 AM: owner@stiffycash[2].txt (ID = 3459)
10:14 AM: Found Spy Cookie: stlyrics cookie
10:14 AM: owner@stlyrics[1].txt (ID = 3461)
10:14 AM: Found Spy Cookie: tickle cookie
10:14 AM: owner@tickle[1].txt (ID = 3529)
10:14 AM: Found Spy Cookie: tradedoubler cookie
10:14 AM: owner@tradedoubler[1].txt (ID = 3575)
10:14 AM: owner@tradedoubler[2].txt (ID = 3575)
10:14 AM: Found Spy Cookie: trafficmp cookie
10:14 AM: owner@trafficmp[1].txt (ID = 3581)
10:14 AM: owner@trafficmp[2].txt (ID = 3581)
10:14 AM: Found Spy Cookie: tribalfusion cookie
10:14 AM: owner@tribalfusion[1].txt (ID = 3589)
10:14 AM: owner@tribalfusion[2].txt (ID = 3589)
10:14 AM: Found Spy Cookie: tripod cookie
10:14 AM: owner@tripod[1].txt (ID = 3591)
10:14 AM: owner@tripod[2].txt (ID = 3591)
10:14 AM: owner@valuead[2].txt (ID = 3626)
10:14 AM: Found Spy Cookie: realtracker cookie
10:14 AM: [email protected][2].txt (ID = 3242)
10:14 AM: Found Spy Cookie: webpower cookie
10:14 AM: owner@webpower[1].txt (ID = 3660)
10:14 AM: owner@webpower[3].txt (ID = 3660)
10:14 AM: Found Spy Cookie: adshooter cookie
10:14 AM: [email protected][1].txt (ID = 2150)
10:14 AM: Found Spy Cookie: burstbeacon cookie
10:14 AM: [email protected][2].txt (ID = 2335)
10:14 AM: Found Spy Cookie: clickads cookie
10:14 AM: [email protected][1].txt (ID = 4643)
10:14 AM: Found Spy Cookie: freepassbucks cookie
10:14 AM: [email protected][1].txt (ID = 2702)
10:14 AM: Found Spy Cookie: pollstar cookie
10:14 AM: [email protected][2].txt (ID = 3152)
10:14 AM: [email protected][2].txt (ID = 3186)
10:14 AM: Found Spy Cookie: redzip cookie
10:14 AM: [email protected][1].txt (ID = 3250)
10:14 AM: [email protected][2].txt (ID = 3462)
10:14 AM: Found Spy Cookie: www.stocking-maniacs cookie
10:14 AM: [email protected][2].txt (ID = 3709)
10:14 AM: Found Spy Cookie: superlogy cookie
10:14 AM: [email protected][2].txt (ID = 3470)
10:14 AM: Found Spy Cookie: upspiral cookie
10:14 AM: [email protected][1].txt (ID = 3615)
10:14 AM: Found Spy Cookie: winantiviruspro cookie
10:14 AM: [email protected][2].txt (ID = 3690)
10:14 AM: Found Spy Cookie: xxx69 cookie
10:14 AM: [email protected][1].txt (ID = 3732)
10:14 AM: Found Spy Cookie: xiti cookie
10:14 AM: owner@xiti[1].txt (ID = 3717)
10:14 AM: Found Spy Cookie: xmatch cookie
10:14 AM: owner@xmatch[2].txt (ID = 3719)
10:14 AM: Found Spy Cookie: xren_cj cookie
10:14 AM: owner@xren_cj[1].txt (ID = 3723)
10:14 AM: Found Spy Cookie: xxxcounter cookie
10:14 AM: owner@xxxcounter[1].txt (ID = 3733)
10:14 AM: Found Spy Cookie: yadro cookie
10:14 AM: owner@yadro[1].txt (ID = 3743)
10:14 AM: owner@yieldmanager[1].txt (ID = 3749)
10:14 AM: owner@yieldmanager[3].txt (ID = 3749)
10:14 AM: [email protected][1].txt (ID = 2142)
10:14 AM: [email protected][2].txt (ID = 2142)
10:14 AM: Found Spy Cookie: zedo cookie
10:14 AM: owner@zedo[1].txt (ID = 3762)
10:14 AM: owner@zedo[2].txt (ID = 3762)
10:14 AM: Cookie Sweep Complete, Elapsed Time: 00:00:12
10:14 AM: Starting File Sweep
10:14 AM: Found Adware: bullguard popup ad
10:14 AM: c:\windows\temp\bullguard (ID = -2147476409)
10:14 AM: Found Adware: bookedspace
10:14 AM: c:\windows\cfgmgr52 (88 subtraces) (ID = -2147479590)
10:14 AM: Found Adware: networkessentials
10:14 AM: c:\windows\system32\upd (1 subtraces) (ID = -2147480530)
10:14 AM: Found Trojan Horse: trojan-downloader-procounter.biz
10:14 AM: a0003006.exe (ID = 202700)
10:14 AM: Found Adware: spysheriff
10:14 AM: a0002823.dll (ID = 218019)
10:15 AM: Found Adware: begin2search
10:15 AM: vh e233.ico (ID = 51074)
10:15 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\uninstall\remove pj64 v1.3beta1&2.reg". The system cannot find the path specified
10:15 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\uninstall\remove pj64 v1.3.reg". The system cannot find the path specified
10:15 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\instopl.bat". The system cannot find the path specified
10:15 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\mameopl.sys". The system cannot find the path specified
10:15 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\saveswap.exe". The system cannot find the path specified
10:15 AM: Found Adware: cws_ns3
10:15 AM: ofvhc.dat (ID = 56286)
10:15 AM: Found Trojan Horse: trojan-backdoor-5sec
10:15 AM: a0002889.exe (ID = 232865)
10:15 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\rcp_d3d.ini". The system cannot find the path specified
10:15 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\gremlin.ini". The system cannot find the path specified
10:15 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\plugin\jabo_dsound.dll". The system cannot find the path specified
10:15 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\tgbdual\tgb.ini". The system cannot find the path specified
10:16 AM: Found Adware: spysheriff fakealert
10:16 AM: secure32.html (ID = 184319)
10:17 AM: Found Adware: locators toolbar
10:17 AM: lctappend.txt (ID = 65692)
10:18 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\plugin\audiohle.dll". The system cannot find the path specified
10:18 AM: Found Adware: coolwebsearch (cws)
10:18 AM: griverlcs.dll (ID = 54163)
10:18 AM: griverlcb.dll (ID = 54162)
10:20 AM: Found Adware: ist surf accuracy
10:20 AM: bfc8cb80-189a-423a-81fb-c12c4d (ID = 115677)
10:20 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.03\ip.bin". The system cannot find the path specified
10:20 AM: Found Adware: cydoor peer-to-peer dependency
10:20 AM: cd_clint.dll (ID = 57300)
10:20 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\readme.txt". The system cannot find the path specified
10:20 AM: cdb5c67c-ebb5-4175-a4f1-8a017d (ID = 94928)
10:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\uninstall\registry location info.txt". The system cannot find the path specified
10:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\bug reporting\readme.txt". The system cannot find the path specified
10:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\ba-023b\gba.bios". The system cannot find the path specified
10:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\ba-023b\pong_fighter_v1.1\pongfighter.gif". The system cannot find the path specified
10:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\uninstall\readme.txt". The system cannot find the path specified
10:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\game compatibility\whatsnew.txt". The system cannot find the path specified
10:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\mame32.cnt". The system cannot find the path specified
10:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\cheat codes\readme.txt". The system cannot find the path specified
10:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\nrage's input plugin\manual.html". The system cannot find the path specified
10:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\smygb02\sgb02jp.exe". The system cannot find the path specified
10:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\h110309p\hgb.ini". The system cannot find the path specified
10:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\rew12stx\rew.ini". The system cannot find the path specified
10:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\smygb02\Évé¦éóâtâhâïâ_\sgb02jp.exe". The system cannot find the path specified
10:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\cheat codes\whatsnew.txt". The system cannot find the path specified
10:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\dreamgba2_5\gba.bios". The system cannot find the path specified
10:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\visualboyadbance0.9\gba.bios". The system cannot find the path specified
10:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\nrage's input plugin\readme.html". The system cannot find the path specified
10:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\plugin specs\plugin spec history.txt". The system cannot find the path specified
10:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\plugin specs\gfx #1.3.h". The system cannot find the path specified
10:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\save\-¦+¦+¦ -»-++¦+¦++.mpk". The system cannot find the path specified
10:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\visualboyadbance0.9\readme.txt". The system cannot find the path specified
10:21 AM: Found Adware: exact cashback/bargain buddy
10:21 AM: logo.gif (ID = 52264)
10:21 AM: Found Adware: cws-aboutblank
10:21 AM: 57951862 (ID = 54941)
10:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a\nemujp07a.lzh". The system cannot find the path specified
10:21 AM: 53342402 (ID = 54941)
10:21 AM: Found Adware: mediamotor - popuppers
10:21 AM: a0003108.exe (ID = 186213)
10:22 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.03\dreamemu.ini". The system cannot find the path specified
10:22 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\winkawaks.ini". The system cannot find the path specified
10:22 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\defaultkeyscps.ini". The system cannot find the path specified
10:22 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\h110309p.zip". The system cannot find the path specified
10:22 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\sample_ini_files.zip". The system cannot find the path specified
10:22 AM: mpska.log (ID = 56717)
10:22 AM: wumbr.txt (ID = 56717)
10:22 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\dega.txt". The system cannot find the path specified
10:22 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a\â[âïâ_~1.sra". The system cannot find the path specified
10:22 AM: Found Adware: trojan-downloader-exfol
10:22 AM: a0002817.exe (ID = 205698)
10:23 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\readme.txt". The system cannot find the path specified
10:23 AM: Found Adware: cas
10:23 AM: a0005865.exe (ID = 215845)
10:23 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\readme.txt". The system cannot find the path specified
10:23 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\kailleraclient.dll". The system cannot find the path specified
10:23 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\nmamex2\kailleraclient.dll". The system cannot find the path specified
10:23 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\defaultkeysmvs.ini". The system cannot find the path specified
10:23 AM: Found Trojan Horse: trojan-backdoor-satellite
10:23 AM: a0002845.exe (ID = 217726)
10:23 AM: Found Trojan Horse: trojan-backdoor-securemulti
10:23 AM: a0002999.exe (ID = 211843)
10:23 AM: a0003005.exe (ID = 211843)
10:23 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\ba-023b\readme.txt". The system cannot find the path specified
10:23 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\pca\pca.dll". The system cannot find the path specified
10:23 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.02\dreamemu.ini". The system cannot find the path specified
10:23 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a\readme.txt". The system cannot find the path specified
10:24 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\kailleraclient.dll". The system cannot find the path specified
10:24 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\vgba1.0r\vgba.html". The system cannot find the path specified
10:24 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\tgbdual.zip". The system cannot find the path specified
10:24 AM: Found Adware: 180search assistant/zango
10:24 AM: salm_gdf.dat (ID = 93789)
10:24 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\whatsnew32.txt". The system cannot find the path specified
10:24 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\plugin\basic audio plugin.dll". The system cannot find the path specified
10:24 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.03\éfü[é¦é¦ü[ü(ü@lemonedû=.txt". The system cannot find the path specified
10:24 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\faq.txt". The system cannot find the path specified
10:24 AM: Found Adware: ieplugin
10:24 AM: odbcinst(22).ini:twouk (ID = 63390)
10:24 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\smygb02\Évé¦éóâtâhâïâ_\ô·û{îoë+âpâbâ`é+é-éóé-üb.txt". The system cannot find the path specified
10:25 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\uninstall\remove pj64 v1.2.reg". The system cannot find the path specified
10:25 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\uninstall\remove pj64 v1.2beta.reg". The system cannot find the path specified
10:25 AM: Found Trojan Horse: trojan_downloader_harnig
10:25 AM: a0003058.exe (ID = 217730)
10:25 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\smygb02.zip". The system cannot find the path specified
10:25 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\plugin\basic keyboard plugin.dll". The system cannot find the path specified
10:25 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b\docs\compat.txt". The system cannot find the path specified
10:25 AM: Found Adware: safeguard protect
10:25 AM: sfg.lib (ID = 193695)
10:25 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\ba-023b\boycottadvance.ini". The system cannot find the path specified
10:25 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\rew12stx.zip". The system cannot find the path specified
10:25 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64.zip". The system cannot find the path specified
10:26 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\plugin\zilmar_audio.dll". The system cannot find the path specified
10:26 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\tr64_ogl.ini". The system cannot find the path specified
10:26 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\hebowin\hebowin.ini". The system cannot find the path specified
10:26 AM: odbcinst(21).ini:twouk (ID = 63390)
10:26 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\visualboyadbance0.9\vba_jpn.dll". The system cannot find the path specified
10:26 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\defaultwinkawaksini.zip". The system cannot find the path specified
10:26 AM: ofrxx.txt (ID = 56717)
10:26 AM: Found Trojan Horse: komforochka smtp relay
10:26 AM: a0002832.exe (ID = 202812)
10:26 AM: Found Trojan Horse: trojan-downloader-infectedhost
10:26 AM: a0002833.dll (ID = 201334)
10:27 AM: a0002839.exe (ID = 219801)
10:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\visualboyadbance0.9\vba_jpn_0.9.zip". The system cannot find the path specified
10:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.03\1st_read.bin". The system cannot find the path specified
10:27 AM: Found Trojan Horse: trojan-downloader-fakemsn
10:27 AM: msn.dll (ID = 80501)
10:27 AM: a0003004.exe (ID = 217730)
10:27 AM: a0003112.exe (ID = 217682)
10:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b\plugins\audiohle_demo.dll". The system cannot find the path specified
10:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\whatsnew.txt". The system cannot find the path specified
10:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\save\the legend of zelda.sra". The system cannot find the path specified
10:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\whatsnew.txt". The system cannot find the path specified
10:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\zlib.dll". The system cannot find the path specified
10:28 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\info2". The system cannot find the path specified
10:28 AM: gwejr.log (ID = 56717)
10:28 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\plugin\audiohle2.dll". The system cannot find the path specified
10:28 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\advanced_users.txt". The system cannot find the path specified
10:28 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\b64_inp.dll". The system cannot find the path specified
10:28 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\no sound.dll". The system cannot find the path specified
10:28 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\basic keyboard plugin.dll". The system cannot find the path specified
10:28 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\cfb.dll". The system cannot find the path specified
10:28 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a\exe.exe". The system cannot find the path specified
10:28 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\plugin\no sound.dll". The system cannot find the path specified
10:28 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\zlib.dll". The system cannot find the path specified
10:28 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\plugin\no sound.dll". The system cannot find the path specified
10:28 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b.zip". The system cannot find the path specified
10:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a\nemu64.ini". The system cannot find the path specified
10:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a\video.exe". The system cannot find the path specified
10:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a\input.exe". The system cannot find the path specified
10:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a\audio.exe". The system cannot find the path specified
10:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\game compatibility\readme.txt". The system cannot find the path specified
10:29 AM: a0002818.exe (ID = 217676)
10:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.03\plugins\lrdcndi8.dll". The system cannot find the path specified
10:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\plugin\audiohle.dll". The system cannot find the path specified
10:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\plugin\jabo_dinput.dll". The system cannot find the path specified
10:29 AM: a0002821.dll (ID = 218017)
10:29 AM: a0002822.dll (ID = 218018)
10:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\igbabeta8b.zip". The system cannot find the path specified
10:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\tr64_wip5_666.zip". The system cannot find the path specified
10:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\tr64_audio_dummy.dll". The system cannot find the path specified
10:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\visualboy\vboy1412j.zip". The system cannot find the path specified
10:29 AM: a0002825.exe (ID = 218022)
10:29 AM: Found Trojan Horse: trojan-downloader-badgirls
10:29 AM: a0003040.exe (ID = 194546)
10:29 AM: Found Adware: purityscan
10:29 AM: 057d975c-8e2b-4325-9498-174f82 (ID = 73158)
10:30 AM: Found Adware: clkoptimizer
10:30 AM: tm41413.exe (ID = 198156)
10:30 AM: a0003115.dll (ID = 220754)
10:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\tr64_adaptoid.dll". The system cannot find the path specified
10:30 AM: a0006352.dll (ID = 54941)
10:30 AM: Found Adware: rsync
10:30 AM: installerv36.exe (ID = 74214)
10:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\plugin\1964ogl.dll". The system cannot find the path specified
10:30 AM: a0003724.exe (ID = 217698)
10:31 AM: a0006445.dll (ID = 54941)
10:31 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\basic audio plugin.dll". The system cannot find the path specified
10:31 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\plugin\jabo_opengl.dll". The system cannot find the path specified
10:31 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\plugin\nrage_dinput8.dll". The system cannot find the path specified
10:31 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\nmamex2\zlib.dll". The system cannot find the path specified
10:31 AM: tm50818.exe (ID = 198156)
10:31 AM: tm45548.exe (ID = 198156)
10:31 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\translations\readme.txt". The system cannot find the path specified
10:31 AM: 5387b8f6-00ad-44d0-b011-9c99ad (ID = 50571)
10:31 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\dreamgba2_5\gbasaver.dat". The system cannot find the path specified
10:32 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.03.zip". The system cannot find the path specified
10:32 AM: a0002819.dll (ID = 218015)
10:32 AM: Found Adware: azsearch toolbar
10:32 AM: a0002850.dll (ID = 134099)
10:32 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\ba-023b.zip". The system cannot find the path specified
10:32 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\dreamgba2_5\dreamgba_readmec.htm". The system cannot find the path specified
10:32 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamer002b.zip". The system cannot find the path specified
10:32 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\tgbdual\tgb_dual.exe". The system cannot find the path specified
10:32 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\tgbdual\docs\gbddk.txt". The system cannot find the path specified
10:32 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\tgbdual\docs\netplay.txt". The system cannot find the path specified
10:32 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\dreamgba2_5\dreamgba_readmee.htm". The system cannot find the path specified
10:32 AM: a0002737.exe (ID = 217730)
10:32 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\tgbdual\docs\history.txt". The system cannot find the path specified
10:33 AM: kb824146.log:bxsii (ID = 56717)
10:33 AM: a0002849.dll (ID = 210149)
10:33 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\dist.txt". The system cannot find the path specified
10:33 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\plugin\noote_di.txt". The system cannot find the path specified
10:33 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\visualboyadvance-0.9a.zip". The system cannot find the path specified
10:33 AM: a0002820.dll (ID = 218016)
10:33 AM: odbcinst(19).ini:twouk (ID = 63390)
10:33 AM: odbcinst(2).ini:twouk (ID = 63390)
10:33 AM: odbcinst(18).ini:twouk (ID = 63390)
10:34 AM: odbcinst(16).ini:twouk (ID = 63390)
10:34 AM: odbcinst(15).ini:twouk (ID = 63390)
10:34 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\pca\readme.txt". The system cannot find the path specified
10:34 AM: odbcinst(14).ini:twouk (ID = 63390)
10:34 AM: tool3[1].txt (ID = 232853)
10:34 AM: tm38277.exe (ID = 198156)
10:34 AM: odbcinst(13).ini:twouk (ID = 63390)
10:34 AM: odbcinst(12).ini:twouk (ID = 63390)
10:35 AM: Found Adware: whenu savenow
10:35 AM: 84ce87cf-3a23-41d8-bf90-9787b2 (ID = 127161)
10:35 AM: Found Adware: whenu searchbar/pricebandit
10:35 AM: 843db6eb-645e-44d8-bac1-8d2923 (ID = 129805)
10:35 AM: 026c1219-d86f-4f61-8240-be57ad (ID = 129801)
10:36 AM: odbcinst(11).ini:twouk (ID = 63390)
10:36 AM: odbcinst(10).ini:twouk (ID = 63390)
10:36 AM: odbcinst(9).ini:twouk (ID = 63390)
10:36 AM: odbcinst(8).ini:twouk (ID = 63390)
10:36 AM: a0002713.exe (ID = 232865)
10:36 AM: a0002735.exe (ID = 194546)
10:36 AM: odbcinst(7).ini:twouk (ID = 63390)
10:36 AM: a0002736.exe (ID = 194546)
10:36 AM: 782449bf-9f96-4b31-ab8f-c13db5 (ID = 129799)
10:36 AM: a0003111.dll (ID = 148640)
10:36 AM: Found Trojan Horse: trojan-downloader-hebeeaac
10:36 AM: a0003722.exe (ID = 217732)
10:37 AM: a0002738.exe (ID = 202700)
10:37 AM: Found Trojan Horse: trojan-backdoor-core.psyche-evolution.com
10:37 AM: a0006144.dll (ID = 217328)
10:37 AM: ztoolbar[1].xml (ID = 50365)
10:37 AM: f8b3c6fd-32ac-473f-ae0e-8206aa (ID = 52239)
10:37 AM: e2038bf8-8570-410d-a54d-38ecc9 (ID = 52237)
10:37 AM: a0006312.exe (ID = 54941)
10:37 AM: Found Trojan Horse: trojan-downloader-silly
10:37 AM: a0002836.dll (ID = 80929)
10:37 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\readme32.txt". The system cannot find the path specified
10:37 AM: a0003113.exe (ID = 217698)
10:37 AM: a0002830.exe (ID = 203593)
10:37 AM: a0002834.exe (ID = 203593)
10:37 AM: Found Trojan Horse: trojan-downloader-vxiframe
10:37 AM: a0002840.exe (ID = 107123)
10:37 AM: a0006145.dll (ID = 217525)
10:37 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\mameopl.inf". The system cannot find the path specified
10:37 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\snap\bkground.bmp". The system cannot find the path specified
10:38 AM: Found Trojan Horse: trojan-downloader-burgostar
10:38 AM: a0003114.exe (ID = 233131)
10:38 AM: Found Adware: icannnews
10:38 AM: installer.exe (ID = 115471)
10:39 AM: fcf941dc-5a32-4854-a826-d4666e (ID = 52238)
10:40 AM: a0003110.exe (ID = 202700)
10:40 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\rew12stx\rew.exe". The system cannot find the path specified
10:41 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\project64.rdb". The system cannot find the path specified
10:41 AM: Found Adware: members area dialer
10:41 AM: a0003723.exe (ID = 217679)
10:41 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\plugin\readme.txt". The system cannot find the path specified
10:41 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b\copying.txt". The system cannot find the path specified
10:41 AM: Found Adware: sicro dialer
10:41 AM: switchagreement.txt (ID = 76024)
10:41 AM: a0002841.exe (ID = 204548)
10:41 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b\info.txt". The system cannot find the path specified
10:41 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b\readme.txt". The system cannot find the path specified
10:41 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b\docs\localization.txt". The system cannot find the path specified
10:41 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b\docs\debugger.txt". The system cannot find the path specified
10:41 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b\docs\changes.txt". The system cannot find the path specified
10:41 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b\input\adaptoid.din". The system cannot find the path specified
10:42 AM: setupzmp.dll (ID = 55525)
10:42 AM: 4180969a-7a52-4944-9002-bc504d (ID = 93789)
10:43 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\visualboyadbance0.9\visualboyadvance0.9.exe". The system cannot find the path specified
10:43 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\visualboyadbance0.9\visualboyadvance0.9.rpt". The system cannot find the path specified
10:43 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\1964.ini". The system cannot find the path specified
10:43 AM: b7277ba0-ee72-4f61-861e-2c21e5 (ID = 129770)
10:43 AM: Found Adware: webrebates
10:43 AM: 23ee1960-2351-4175-b5b2-75fb4f (ID = 119871)
10:44 AM: a0002842.exe (ID = 107123)
10:45 AM: a0003007.exe (ID = 210321)
10:45 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\saves\crysta~1.sav". The system cannot find the path specified
10:45 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\shots\thesim~2_000.png". The system cannot find the path specified
10:45 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\saves\desert~1.sav". The system cannot find the path specified
10:45 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\shots\bigwar~1_000.png". The system cannot find the path specified
10:45 AM: a0003109.ocx (ID = 186211)
10:45 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\saves\dreame~1.sav". The system cannot find the path specified
10:45 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\rew12stx\rew.txt". The system cannot find the path specified
10:45 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\saves\kineti~1.sav". The system cannot find the path specified
10:45 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\smygb02\readmec.txt". The system cannot find the path specified
10:45 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\saves\lastbi~1.sav". The system cannot find the path specified
10:45 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\smygb02\readmee.txt". The system cannot find the path specified
10:45 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\saves\lunar(~1.sav". The system cannot find the path specified
10:45 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\tgbdual\docs\par.txt". The system cannot find the path specified
10:45 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\saves\magica~1.sav". The system cannot find the path specified
10:45 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\visualboy\faq.txt". The system cannot find the path specified
10:45 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\saves\shadam~1.sav". The system cannot find the path specified
10:45 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\visualboy\readme.txt". The system cannot find the path specified
10:45 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\support.htm". The system cannot find the path specified
10:45 AM: a0003002.exe (ID = 194546)
10:46 AM: Found Trojan Horse: trojan-downloader-asdbiz.biz
10:46 AM: a0003725.exe (ID = 80237)
10:46 AM: b9046ee8-7411-4241-869e-a21c48 (ID = 161460)
10:46 AM: q810833.log:jifbp (ID = 56717)
10:46 AM: Found Adware: trojan-downloader-evko.biz
10:46 AM: a0002843.exe (ID = 217733)
10:46 AM: a0002844.exe (ID = 197844)
10:46 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.03\dreamemu_800x600.bmp". The system cannot find the path specified
10:46 AM: a0002714.exe (ID = 217730)
10:46 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\tgbdual\docs\copying-2.0.txt". The system cannot find the path specified
10:47 AM: Found Adware: quicklink search toolbar
10:47 AM: 4784222c-08c4-4c48-bac2-3efe3d (ID = 73425)
10:47 AM: Found Trojan Horse: trojan-backdoor-haxdoor
10:47 AM: a0002846.exe (ID = 192965)
10:47 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\19xx.lst". The system cannot find the path specified
10:47 AM: Found Adware: superlogy search hijacker
10:47 AM: a0002709.exe (ID = 205426)
10:48 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\tgbdual\docs\readme.txt". The system cannot find the path specified
10:48 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\hebowin\readme.txt". The system cannot find the path specified
10:48 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\neoragex.zip". The system cannot find the path specified
10:48 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\dreamgbc\readme_c.txt". The system cannot find the path specified
10:48 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\dreamgbc\readme_e.txt". The system cannot find the path specified
10:48 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\avsp.lst". The system cannot find the path specified
10:48 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\dstlk.lst". The system cannot find the path specified
10:48 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\msh.lst". The system cannot find the path specified
10:48 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\mshvsf.lst". The system cannot find the path specified
10:48 AM: a0002848.exe (ID = 209695)
10:48 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\pca.zip". The system cannot find the path specified
10:49 AM: a0003056.exe (ID = 194546)
10:50 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\nmamex2\readme.txt". The
  • 0

#4
Wizard
Posted 16 January 2006 - 07:30 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
I have to agree with ya there,Spy Sweeper is an excellent program.

Apparently the log got cut off,so if you will,check Spy Sweeper for Updates and run another scan.

Save the log just as before and post it along with a fresh HijackThis log.
  • 0

#5
Chromo
Posted 17 January 2006 - 08:40 AM

Chromo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
********
11:37 PM: | Start of Session, Monday, January 16, 2006 |
11:37 PM: Spy Sweeper started
11:37 PM: Sweep initiated using definitions version 602
11:37 PM: Starting Memory Sweep
11:39 PM: Memory Sweep Complete, Elapsed Time: 00:02:25
11:39 PM: Starting Registry Sweep
11:39 PM: Registry Sweep Complete, Elapsed Time:00:00:14
11:40 PM: Starting Cookie Sweep
11:40 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:40 PM: Starting File Sweep
11:40 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\uninstall\remove pj64 v1.3beta1&2.reg". The system cannot find the path specified
11:40 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\uninstall\remove pj64 v1.3.reg". The system cannot find the path specified
11:40 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\instopl.bat". The system cannot find the path specified
11:40 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\mameopl.sys". The system cannot find the path specified
11:41 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\saveswap.exe". The system cannot find the path specified
11:41 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\rcp_d3d.ini". The system cannot find the path specified
11:41 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\gremlin.ini". The system cannot find the path specified
11:41 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\plugin\jabo_dsound.dll". The system cannot find the path specified
11:41 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\tgbdual\tgb.ini". The system cannot find the path specified
11:42 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\plugin\audiohle.dll". The system cannot find the path specified
11:43 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.03\ip.bin". The system cannot find the path specified
11:44 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\readme.txt". The system cannot find the path specified
11:44 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\uninstall\registry location info.txt". The system cannot find the path specified
11:44 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\bug reporting\readme.txt". The system cannot find the path specified
11:44 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\ba-023b\gba.bios". The system cannot find the path specified
11:44 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\ba-023b\pong_fighter_v1.1\pongfighter.gif". The system cannot find the path specified
11:44 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\uninstall\readme.txt". The system cannot find the path specified
11:44 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\game compatibility\whatsnew.txt". The system cannot find the path specified
11:44 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\mame32.cnt". The system cannot find the path specified
11:44 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\cheat codes\readme.txt". The system cannot find the path specified
11:44 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\nrage's input plugin\manual.html". The system cannot find the path specified
11:44 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\smygb02\sgb02jp.exe". The system cannot find the path specified
11:44 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\h110309p\hgb.ini". The system cannot find the path specified
11:44 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\rew12stx\rew.ini". The system cannot find the path specified
11:44 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\smygb02\Évé¦éóâtâhâïâ_\sgb02jp.exe". The system cannot find the path specified
11:44 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\cheat codes\whatsnew.txt". The system cannot find the path specified
11:44 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\dreamgba2_5\gba.bios". The system cannot find the path specified
11:44 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\visualboyadbance0.9\gba.bios". The system cannot find the path specified
11:44 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\nrage's input plugin\readme.html". The system cannot find the path specified
11:44 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\plugin specs\plugin spec history.txt". The system cannot find the path specified
11:44 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\plugin specs\gfx #1.3.h". The system cannot find the path specified
11:44 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\save\-¦+¦+¦ -»-++¦+¦++.mpk". The system cannot find the path specified
11:44 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\visualboyadbance0.9\readme.txt". The system cannot find the path specified
11:45 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a\nemujp07a.lzh". The system cannot find the path specified
11:45 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.03\dreamemu.ini". The system cannot find the path specified
11:45 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\winkawaks.ini". The system cannot find the path specified
11:45 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\defaultkeyscps.ini". The system cannot find the path specified
11:45 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\h110309p.zip". The system cannot find the path specified
11:45 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\sample_ini_files.zip". The system cannot find the path specified
11:46 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\dega.txt". The system cannot find the path specified
11:46 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a\â[âïâ_~1.sra". The system cannot find the path specified
11:46 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\readme.txt". The system cannot find the path specified
11:47 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\readme.txt". The system cannot find the path specified
11:47 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\kailleraclient.dll". The system cannot find the path specified
11:47 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\nmamex2\kailleraclient.dll". The system cannot find the path specified
11:47 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\defaultkeysmvs.ini". The system cannot find the path specified
11:47 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\ba-023b\readme.txt". The system cannot find the path specified
11:47 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\pca\pca.dll". The system cannot find the path specified
11:47 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.02\dreamemu.ini". The system cannot find the path specified
11:47 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a\readme.txt". The system cannot find the path specified
11:47 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\kailleraclient.dll". The system cannot find the path specified
11:48 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\vgba1.0r\vgba.html". The system cannot find the path specified
11:48 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\tgbdual.zip". The system cannot find the path specified
11:48 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\whatsnew32.txt". The system cannot find the path specified
11:48 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\plugin\basic audio plugin.dll". The system cannot find the path specified
11:48 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.03\éfü[é¦é¦ü[ü(ü@lemonedû=.txt". The system cannot find the path specified
11:48 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\faq.txt". The system cannot find the path specified
11:49 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\smygb02\Évé¦éóâtâhâïâ_\ô·û{îoë+âpâbâ`é+é-éóé-üb.txt". The system cannot find the path specified
11:49 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\uninstall\remove pj64 v1.2.reg". The system cannot find the path specified
11:49 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\uninstall\remove pj64 v1.2beta.reg". The system cannot find the path specified
11:49 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\smygb02.zip". The system cannot find the path specified
11:49 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\plugin\basic keyboard plugin.dll". The system cannot find the path specified
11:49 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b\docs\compat.txt". The system cannot find the path specified
11:49 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\ba-023b\boycottadvance.ini". The system cannot find the path specified
11:49 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\rew12stx.zip". The system cannot find the path specified
11:50 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64.zip". The system cannot find the path specified
11:50 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\plugin\zilmar_audio.dll". The system cannot find the path specified
11:50 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\tr64_ogl.ini". The system cannot find the path specified
11:50 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\hebowin\hebowin.ini". The system cannot find the path specified
11:50 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\visualboyadbance0.9\vba_jpn.dll". The system cannot find the path specified
11:51 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\defaultwinkawaksini.zip". The system cannot find the path specified
11:52 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\visualboyadbance0.9\vba_jpn_0.9.zip". The system cannot find the path specified
11:52 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.03\1st_read.bin". The system cannot find the path specified
11:52 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b\plugins\audiohle_demo.dll". The system cannot find the path specified
11:52 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\whatsnew.txt". The system cannot find the path specified
11:52 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\save\the legend of zelda.sra". The system cannot find the path specified
11:52 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\whatsnew.txt". The system cannot find the path specified
11:52 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\zlib.dll". The system cannot find the path specified
11:53 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\info2". The system cannot find the path specified
11:53 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\plugin\audiohle2.dll". The system cannot find the path specified
11:53 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\advanced_users.txt". The system cannot find the path specified
11:53 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\b64_inp.dll". The system cannot find the path specified
11:53 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\no sound.dll". The system cannot find the path specified
11:53 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\basic keyboard plugin.dll". The system cannot find the path specified
11:53 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\cfb.dll". The system cannot find the path specified
11:53 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a\exe.exe". The system cannot find the path specified
11:53 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\plugin\no sound.dll". The system cannot find the path specified
11:54 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\zlib.dll". The system cannot find the path specified
11:54 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\plugin\no sound.dll". The system cannot find the path specified
11:54 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b.zip". The system cannot find the path specified
11:54 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a\nemu64.ini". The system cannot find the path specified
11:54 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a\video.exe". The system cannot find the path specified
11:54 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a\input.exe". The system cannot find the path specified
11:54 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a\audio.exe". The system cannot find the path specified
11:54 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\game compatibility\readme.txt". The system cannot find the path specified
11:54 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.03\plugins\lrdcndi8.dll". The system cannot find the path specified
11:54 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\plugin\audiohle.dll". The system cannot find the path specified
11:55 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\plugin\jabo_dinput.dll". The system cannot find the path specified
11:55 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\igbabeta8b.zip". The system cannot find the path specified
11:55 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\tr64_wip5_666.zip". The system cannot find the path specified
11:55 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\tr64_audio_dummy.dll". The system cannot find the path specified
11:55 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\visualboy\vboy1412j.zip". The system cannot find the path specified
11:56 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\tr64_adaptoid.dll". The system cannot find the path specified
11:57 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\plugin\1964ogl.dll". The system cannot find the path specified
11:57 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\basic audio plugin.dll". The system cannot find the path specified
11:57 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\plugin\jabo_opengl.dll". The system cannot find the path specified
11:57 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\plugin\nrage_dinput8.dll". The system cannot find the path specified
11:57 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\nmamex2\zlib.dll". The system cannot find the path specified
11:57 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\translations\readme.txt". The system cannot find the path specified
11:58 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\dreamgba2_5\gbasaver.dat". The system cannot find the path specified
11:58 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.03.zip". The system cannot find the path specified
11:59 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\ba-023b.zip". The system cannot find the path specified
11:59 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\dreamgba2_5\dreamgba_readmec.htm". The system cannot find the path specified
11:59 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamer002b.zip". The system cannot find the path specified
11:59 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\tgbdual\tgb_dual.exe". The system cannot find the path specified
11:59 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\tgbdual\docs\gbddk.txt". The system cannot find the path specified
11:59 PM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\tgbdual\docs\netplay.txt". The system cannot find the path specified
12:00 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\dreamgba2_5\dreamgba_readmee.htm". The system cannot find the path specified
12:00 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\tgbdual\docs\history.txt". The system cannot find the path specified
12:00 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\dist.txt". The system cannot find the path specified
12:00 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\plugin\noote_di.txt". The system cannot find the path specified
12:01 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\visualboyadvance-0.9a.zip". The system cannot find the path specified
12:02 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\pca\readme.txt". The system cannot find the path specified
12:07 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\readme32.txt". The system cannot find the path specified
12:08 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\mameopl.inf". The system cannot find the path specified
12:08 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\snap\bkground.bmp". The system cannot find the path specified
12:12 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\rew12stx\rew.exe". The system cannot find the path specified
12:12 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\project64.rdb". The system cannot find the path specified
12:12 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\plugin\readme.txt". The system cannot find the path specified
12:12 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b\copying.txt". The system cannot find the path specified
12:13 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b\info.txt". The system cannot find the path specified
12:13 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b\readme.txt". The system cannot find the path specified
12:13 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b\docs\localization.txt". The system cannot find the path specified
12:13 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b\docs\debugger.txt". The system cannot find the path specified
12:13 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b\docs\changes.txt". The system cannot find the path specified
12:13 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b\input\adaptoid.din". The system cannot find the path specified
12:15 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\visualboyadbance0.9\visualboyadvance0.9.exe". The system cannot find the path specified
12:15 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\visualboyadbance0.9\visualboyadvance0.9.rpt". The system cannot find the path specified
12:15 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\1964.ini". The system cannot find the path specified
12:18 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\saves\crysta~1.sav". The system cannot find the path specified
12:18 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\shots\thesim~2_000.png". The system cannot find the path specified
12:18 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\saves\desert~1.sav". The system cannot find the path specified
12:18 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\shots\bigwar~1_000.png". The system cannot find the path specified
12:18 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\saves\dreame~1.sav". The system cannot find the path specified
12:18 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\rew12stx\rew.txt". The system cannot find the path specified
12:18 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\saves\kineti~1.sav". The system cannot find the path specified
12:18 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\smygb02\readmec.txt". The system cannot find the path specified
12:18 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\saves\lastbi~1.sav". The system cannot find the path specified
12:18 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\smygb02\readmee.txt". The system cannot find the path specified
12:18 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\saves\lunar(~1.sav". The system cannot find the path specified
12:18 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\tgbdual\docs\par.txt". The system cannot find the path specified
12:18 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\saves\magica~1.sav". The system cannot find the path specified
12:18 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\visualboy\faq.txt". The system cannot find the path specified
12:18 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\saves\shadam~1.sav". The system cannot find the path specified
12:18 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\visualboy\readme.txt". The system cannot find the path specified
12:19 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\support.htm". The system cannot find the path specified
12:20 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.03\dreamemu_800x600.bmp". The system cannot find the path specified
12:20 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\tgbdual\docs\copying-2.0.txt". The system cannot find the path specified
12:21 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\19xx.lst". The system cannot find the path specified
12:22 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\tgbdual\docs\readme.txt". The system cannot find the path specified
12:22 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\hebowin\readme.txt". The system cannot find the path specified
12:22 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\neoragex.zip". The system cannot find the path specified
12:22 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\dreamgbc\readme_c.txt". The system cannot find the path specified
12:22 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\dreamgbc\readme_e.txt". The system cannot find the path specified
12:22 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\avsp.lst". The system cannot find the path specified
12:22 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\dstlk.lst". The system cannot find the path specified
12:22 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\msh.lst". The system cannot find the path specified
12:22 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\mshvsf.lst". The system cannot find the path specified
12:22 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\pca.zip". The system cannot find the path specified
12:25 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\nmamex2\readme.txt". The system cannot find the path specified
12:25 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a.zip". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\visualboy.zip". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\ba-023b\pong_fighter_v1.1\pongfighter.htm". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\dega.exe". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\nmamex2\object.txt". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\lang\swedish.lng". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\lang\russian.lng". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\lang\greek.lng". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\lang\serbian.lng". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\nmamex2\kaillera.txt". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\lang\korean.lng". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\lang\chinese(simp).lng". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.02.zip". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\midas.txt". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\nmamex2.zip". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\dreamgbc\dreamgbc.exe". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\1964cheatcode.dat". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\plugin\rcp_d3d.dll". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a\nemu07ajp.exe". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\save\kirby64.sra". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\rcp_d3d.dll". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\nmamex2\midas11.dll". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\midas11.dll". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\spf2t.lst". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.03\readme.txt". The system cannot find the path specified
12:27 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.03\plugins\ô·û{îoû=.txt". The system cannot find the path specified
12:28 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\vgba v1.0.zip". The system cannot find the path specified
12:28 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.03\plugins\readme-lrdcndi8.txt". The system cannot find the path specified
12:28 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\dreamgba2_5.zip". The system cannot find the path specified
12:28 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64beta.zip". The system cannot find the path specified
12:28 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b\plugins\plugins_readme.txt". The system cannot find the path specified
12:28 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\nmamex2\snap\bkground.bmp". The system cannot find the path specified
12:28 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\visualboyadbance0.9\copyright.txt". The system cannot find the path specified
12:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\lang\german.lng". The system cannot find the path specified
12:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\lang\italian.lng". The system cannot find the path specified
12:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\lang\chinese(big5).lng". The system cannot find the path specified
12:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108.zip". The system cannot find the path specified
12:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9.zip". The system cannot find the path specified
12:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b\docs\credits.txt". The system cannot find the path specified
12:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\translations\whatsnew.txt". The system cannot find the path specified
12:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\whatsnew.txt". The system cannot find the path specified
12:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b\daedalus.ini". The system cannot find the path specified
12:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\plugin\noote_di.dll". The system cannot find the path specified
12:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\plugin\sjrinput.dll". The system cannot find the path specified
12:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\plugin\jabo_direct3d.dll". The system cannot find the path specified
12:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\plugin\rsp.dll". The system cannot find the path specified
12:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a\video.dll". The system cannot find the path specified
12:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a\audio.dll". The system cannot find the path specified
12:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\tr64_audio_u0.dll". The system cannot find the path specified
12:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\tr64_inp.dll". The system cannot find the path specified
12:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\tr64_audio.dll". The system cannot find the path specified
12:29 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\jabodirect3d.dll". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\tr64_audio_u1.dll". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\romcmp.exe". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\zip32.dll". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\i gba\igba.exe". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\dreamgba2_5\dgbacfg.exe". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a\âhâëéª~1.sav". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\nmamex2\nmamex2.cfg". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\nmamex2\nmx2cfg\guiback.cfg". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\batcirj.lst". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\sfa.lst". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\sfa2.lst". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\sfa3.lst". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\csclubj.lst". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\ssf2.lst". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\vsav.lst". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\xmcota.lst". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\xmvsf.lst". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\cybotsj.lst". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\h110309p\hgb.exe". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\project64.lng". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\nmamex2\nmx2cfg\gameback.cfg". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\nmamex2\jukebox.txt". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\lang\japanese.lng". The system cannot find the path specified
12:30 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\lang\catalan.lng". The system cannot find the path specified
12:31 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\ddtod.lst". The system cannot find the path specified
12:31 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\ecofghtr.lst". The system cannot find the path specified
12:31 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\tracklst\ringdest.lst". The system cannot find the path specified
12:31 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\lang\brazilian portuguese.lng". The system cannot find the path specified
12:31 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\nmamex2\nmx2cfg\games.cfg". The system cannot find the path specified
12:31 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\lang\english.lng". The system cannot find the path specified
12:31 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\lang\french.lng". The system cannot find the path specified
12:31 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\docs\readme.txt". The system cannot find the path specified
12:31 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gg\dega108\saves\bigwar~1.sav". The system cannot find the path specified
12:31 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\pca\pca.exe". The system cannot find the path specified
12:32 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\ba-023b\pong_fighter_v1.1\pong fighter v1.1.gba". The system cannot find the path specified
12:32 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\nmamex2\whatsnew.txt". The system cannot find the path specified
12:32 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\dreamgbc2000finalbeta5.zip". The system cannot find the path specified
12:33 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\lang\hebrew.lng". The system cannot find the path specified
12:33 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\lang\spanish.lng". The system cannot find the path specified
12:33 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\lang\l33t.lng". The system cannot find the path specified
12:33 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\audiohle.dll". The system cannot find the path specified
12:33 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\smygb02\Évé¦éóâtâhâïâ_\sgb02jp.lzh". The system cannot find the path specified
12:33 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.02\readme.txt". The system cannot find the path specified
12:33 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\i gba\readme.html". The system cannot find the path specified
12:34 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\hebowin\hebowin.exe". The system cannot find the path specified
12:34 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\dreamgba2_5\dreamgba.exe". The system cannot find the path specified
12:34 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\project64.cht". The system cannot find the path specified
12:37 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\1964_071\1964.exe". The system cannot find the path specified
12:38 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.03\stars.srec". The system cannot find the path specified
12:39 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\winkawaks138\winkawaks.exe". The system cannot find the path specified
12:40 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\hebowin.zip". The system cannot find the path specified
12:40 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\project64\project64.exe". The system cannot find the path specified
12:42 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc2\darius force (j).zst". The system cannot find the path specified
12:42 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\mame32.hlp". The system cannot find the path specified
12:45 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a\nemu.exe". The system cannot find the path specified
12:46 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\daedalus_0.07b\daedalus.exe". The system cannot find the path specified
12:46 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc2\r-type 3 (u).zst". The system cannot find the path specified
12:47 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\plugin\tr64_ogl.dll". The system cannot find the path specified
12:47 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\video.dll". The system cannot find the path specified
12:47 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\ba-023b\boycottadvance.exe". The system cannot find the path specified
12:47 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.02\dreamemu.exe". The system cannot find the path specified
12:49 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\visualboy\visualboy.exe". The system cannot find the path specified
12:49 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\sound.dll". The system cannot find the path specified
12:49 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.03\dreamemu_dbgr.exe". The system cannot find the path specified
12:50 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.03\dreamemu.exe". The system cannot find the path specified
12:50 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\gremlin64\gremlin64 beta.exe". The system cannot find the path specified
12:50 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\64\nemu07a\input.dll". The system cannot find the path specified
12:50 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\vgba1.0r\vgba.exe". The system cannot find the path specified
12:54 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\nmamex2\nmamex2.exe". The system cannot find the path specified
12:54 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc2\bs f-zero 2 (j).smc". The system cannot find the path specified
12:54 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\megadrive\dgen\dgen.exe". The system cannot find the path specified
12:55 AM: Warning: Failed to open file "c:\recycler\
  • 0

#6
Chromo
Posted 17 January 2006 - 08:47 AM

Chromo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
it seems to be to big.... i can try to post the rest of it.

12:55 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\dreamgbc\ccfg.exe". The system cannot find the path specified
12:55 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\dreamgbc\dreamgbc loader.exe". The system cannot find the path specified
12:56 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\visualboy\vboy1412j\vboy1412j.exe". The system cannot find the path specified
12:56 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\tgbdual\devices\tgbr_dll.dll". The system cannot find the path specified
12:56 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gb\smygb02\smygb.exe". The system cannot find the path specified
12:56 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\dc\dreamemu 0.03\s3m\e-79014.s3m". The system cannot find the path specified
1:01 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\mame\mame32b-037b9\mame32.exe". The system cannot find the path specified
1:01 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc2\r-type 3 (u).smc". The system cannot find the path specified
1:01 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc2\chrono trigger (u).smc". The system cannot find the path specified
1:02 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc2\darius force (j).smc". The system cannot find the path specified
1:10 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc2\chrono trigger (u).srm". The system cannot find the path specified
1:10 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc2\star fox competition - weekend edition (u).srm". The system cannot find the path specified
1:10 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc2\ultima vii - the black gate (u).srm". The system cannot find the path specified
1:12 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc2\pocky & rocky 2 (us) (6254).smc". The system cannot find the path specified
1:12 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc2\run saber (u).smc". The system cannot find the path specified
1:12 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc2\metal marines (e).smc". The system cannot find the path specified
1:12 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc2\raiden trad (u).smc". The system cannot find the path specified
1:12 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc2\darius twin (e).smc". The system cannot find the path specified
1:12 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc2\star fox competition - weekend edition (u).smc". The system cannot find the path specified
1:15 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc2\ultima vii - the black gate (u).smc". The system cannot find the path specified
1:15 AM: Warning: Failed to open file "c:\recycler\5-21-1391513437-1676214903-602830706-1003\dc1\gba\dreamgba2_5\rom". The system cannot find the path specified
1:22 AM: Warning: Unhandled Archive Type
1:23 AM: File Sweep Complete, Elapsed Time: 01:43:51
1:23 AM: Full Sweep has completed. Elapsed time 01:46:49
1:23 AM: Traces Found: 0

i think thats all of it........


Logfile of HijackThis v1.99.1
Scan saved at 6:46:32 AM, on 1/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\AOL\1136953129\ee\AOLSoftware.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8.hpwis.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136953129\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflas...in/powerres.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1137266969765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1137444175281
O20 - Winlogon Notify: axxt32 - axxt32.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • 0

#7
Wizard
Posted 17 January 2006 - 03:58 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Looks like that did the trick for the most part.

Lets see what else is in there.


Download WinPFind:
http://www.bleepingc...es/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

Once you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab

Make Sure "Normal Startup-load all device drivers and services" has a green tick by it

Click Apply->Close->Follow the Prompts to Restart

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates

Post back with a fresh HijackThis log and the reports from WinPFind and Panda
  • 0

#8
Chromo
Posted 19 January 2006 - 09:13 AM

Chromo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
heres the winpfind scan, as for the panda scan, i started the scan but got the error message buffer overflow twice.




»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
PEC2 6/17/2005 7:24:10 PM 35030 C:\c.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 8/22/2004 4:04:56 PM 69120 C:\WINDOWS\daemon.dll
UPX! 12/26/2004 3:42:36 PM 24197 C:\WINDOWS\setfgi.dll
UPX! 12/17/2004 7:04:02 PM 24197 C:\WINDOWS\ssysprs.dll
aspack 5/13/2005 8:25:00 PM 196096 C:\WINDOWS\sys2419390.exe
aspack 5/9/2005 2:49:54 PM 196096 C:\WINDOWS\sys4848687.exe

Checking %System% folder...
SAHAgent 10/22/2005 9:06:58 AM 32 C:\WINDOWS\SYSTEM32\28ic7gv3.ini
SAHAgent 10/22/2005 9:06:58 AM 32 C:\WINDOWS\SYSTEM32\abasa5jrp.ini
SAHAgent 2/28/2003 8:26:36 AM 69027 C:\WINDOWS\SYSTEM32\clsid.log
aspack 3/18/2005 4:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2 8/29/2002 4:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 12/7/2005 9:05:52 AM 573952 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 12/7/2005 9:05:52 AM 573952 C:\WINDOWS\SYSTEM32\DivX.dll
PTech 8/20/2004 3:56:24 PM 59914 C:\WINDOWS\SYSTEM32\igfxhcsy.lhp
PTech 8/29/2005 1:27:12 PM 520968 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 1/4/2006 7:41:02 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 1/4/2006 7:41:02 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/3/2004 11:56:36 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
UPX! 1/29/2003 1:10:06 AM 7168 C:\WINDOWS\SYSTEM32\ogg.dll
Umonitor 8/3/2004 11:56:44 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 3/11/2003 8:25:54 AM 313856 C:\WINDOWS\SYSTEM32\ThriXXX000089.dll
UPX! 3/11/2003 8:25:54 AM 18432 C:\WINDOWS\SYSTEM32\ThriXXX000089SOUNDDX3.dll
UPX! 3/11/2003 2:56:36 AM 23040 C:\WINDOWS\SYSTEM32\ThriXXX010104Z.dll
UPX! 3/11/2003 2:56:52 AM 51200 C:\WINDOWS\SYSTEM32\ThriXXX010205PNG.dll
UPX! 3/11/2003 2:56:24 AM 56832 C:\WINDOWS\SYSTEM32\ThriXXX015003JP2.dll
UPX! 1/29/2003 1:10:06 AM 46592 C:\WINDOWS\SYSTEM32\vorbis.dll
winsync 8/29/2002 4:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Umonitor 8/29/2002 4:00:00 AM 631808 C:\WINDOWS\SYSTEM32\_005999_.tmp.dll

Checking %System%\Drivers folder and sub-folders...
UPX! 1/16/2006 9:21:52 AM 752608 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 1/16/2006 9:21:52 AM 752608 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 1/16/2006 9:21:52 AM 752608 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 1/16/2006 9:21:52 AM 752608 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PTech 8/3/2004 9:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/18/2006 7:48:00 PM S 2048 C:\WINDOWS\bootstat.dat
1/15/2006 8:43:54 PM RH 15 C:\WINDOWS\error89$.sys
12/7/2005 7:20:50 AM H 24 C:\WINDOWS\pzJ2l
1/17/2006 8:52:04 PM H 54156 C:\WINDOWS\QTFont.qfn
1/16/2006 1:01:00 PM H 25200 C:\WINDOWS\Help\mplayer2.GID
1/16/2006 12:15:46 PM H 0 C:\WINDOWS\inf\oem27.inf
12/31/2005 9:14:52 PM H 0 C:\WINDOWS\inf\oem40.inf
1/16/2006 8:17:00 PM RHS 286777 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_12.cab
11/30/2005 8:17:10 PM S 21633 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
12/1/2005 4:12:48 PM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
1/2/2006 3:09:36 PM S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat
1/18/2006 7:47:48 PM H 8192 C:\WINDOWS\system32\config\default.LOG
1/18/2006 7:48:24 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
1/18/2006 7:48:02 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
1/18/2006 7:49:46 PM H 73728 C:\WINDOWS\system32\config\software.LOG
1/18/2006 7:48:10 PM H 937984 C:\WINDOWS\system32\config\system.LOG
1/16/2006 1:37:38 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
1/16/2006 3:01:58 PM S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
1/16/2006 3:01:58 PM S 144 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
12/31/2005 6:33:46 PM RHS 4256 C:\WINDOWS\system32\drivers\HP_DF216A-ABA S4300NX NA210_YW_Pres_QMXK320_E33NAheRED4 _4_I P4SD-LA _SASUSTeK Computer INC._VRev 1.xx_B3.06_T030508_WXH1_L409_M504_J120_7Intel_8Pentium 4_92.4_1104C8023_N10EC8139_P_Z11C1044E_K_A808624D5_U808624D2_G80862572.MRK
12/31/2005 9:08:08 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\6cb53062-9bbb-4b16-9fbf-e0e483c2b59a
12/31/2005 9:08:08 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
12/31/2005 6:09:00 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\014a6e47-9d20-4981-a436-7237dbb5a307
12/31/2005 6:09:00 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\0d6c9397-ca47-4ad4-a0ce-b967c2bf5ddd
12/31/2005 6:09:00 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\36b0b96f-7542-48b1-9fe6-96fcf5b45637
12/31/2005 6:09:00 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\4694f395-49c1-4004-95b8-af71ae978473
12/31/2005 6:09:00 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\4954a6f4-9fb4-4224-a93b-5f88679a3bf6
12/31/2005 6:09:00 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\73e42a94-41ab-4541-a377-03313a0225be
12/31/2005 6:09:00 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\7c4da840-f2b1-4e94-9b4a-af56ef53bc40
12/31/2005 6:09:02 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\bd8c80e2-2d09-4907-be61-8dabd81203e0
12/31/2005 6:09:02 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\c21df015-7f20-40c8-bfa0-753016175c03
12/31/2005 6:09:02 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\cc8b3ad8-85c3-451e-a555-e6127dad815c
12/31/2005 6:09:02 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
1/18/2006 7:46:46 PM H 6 C:\WINDOWS\Tasks\SA.DAT
12/31/2005 6:25:24 PM HS 113 C:\WINDOWS\Temp\History\History.IE5\desktop.ini
12/31/2005 6:25:24 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
12/31/2005 6:25:24 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0J7SYKRI\desktop.ini
12/31/2005 6:25:24 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\6DQDGVSJ\desktop.ini
12/31/2005 6:25:24 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GK7RU2CK\desktop.ini
12/31/2005 6:25:24 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\XGTT0CCZ\desktop.ini

Checking for CPL files...
Microsoft Corporation 8/3/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/3/2004 11:56:58 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
11/11/1999 8:11:00 PM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 8/20/2004 3:53:06 PM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/24/2005 7:30:52 PM 14336 C:\WINDOWS\SYSTEM32\infocardcpl.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Realtek Semiconductor Corp. 2/17/2004 5:49:14 AM 14193152 C:\WINDOWS\SYSTEM32\DRVSTORE\Alcxwdm_cfb7d3fc0ab7f7a3133a6c25509eaf3479108975\ALSNDMGR.CPL
Intel Corporation 3/11/2003 4:18:48 PM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\igfxcpl.cpl
Realtek Semiconductor Corp. 3/11/2003 4:21:40 PM 3554304 C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\ALSNDMGR.CPL
Realtek Semiconductor Corp. 3/11/2003 4:21:40 PM 3554304 C:\WINDOWS\SYSTEM32\ReinstallBackups\0010\DriverFiles\ALSNDMGR.CPL
Realtek Semiconductor Corp. 3/11/2003 4:21:40 PM 3554304 C:\WINDOWS\SYSTEM32\ReinstallBackups\0014\DriverFiles\ALSNDMGR.CPL

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
4/10/2003 1:49:46 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
4/9/2003 6:41:42 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
12/23/2005 12:42:16 PM 1359 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
4/10/2003 1:49:46 AM HS 84 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
4/9/2003 6:41:42 PM HS 62 C:\Documents and Settings\Owner\Application Data\desktop.ini
12/6/2005 9:32:04 PM 80 C:\Documents and Settings\Owner\Application Data\diggtray.data
12/31/2005 5:42:22 PM 1850843 C:\Documents and Settings\Owner\Application Data\Install.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG7\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG7\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
Yahoo! Companion BHO = C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion : C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion : C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Recguard C:\WINDOWS\SMINST\RECGUARD.EXE
PS2 C:\WINDOWS\system32\ps2.exe
AVG7_CC C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
CTRegRun C:\WINDOWS\CTRegRun.EXE
hpsysdrv c:\windows\system\hpsysdrv.exe
HostManager C:\Program Files\Common Files\AOL\1136953129\ee\AOLSoftware.exe
Error Nuker C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
AlcxMonitor ALCXMNTR.EXE
IgfxTray C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NVIEW rundll32.exe nview.dll,nViewLoadHook
Yahoo! Pager C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
Aim6 "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\axxt32
= axxt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/18/2006 8:00:57 PM




and hijack this



Logfile of HijackThis v1.99.1
Scan saved at 7:12:33 AM, on 1/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\CTRegRun.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Creative\Product Registration\English\InetReg.exe
C:\Program Files\Common Files\AOL\1136953129\ee\AOLSoftware.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8.hpwis.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136953129\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflas...in/powerres.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1137266969765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1137444175281
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: axxt32 - axxt32.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • 0

#9
Wizard
Posted 19 January 2006 - 03:43 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Download this program:

Submit Files Packer
http://www.safer-net...g/files/sfp.zip

Highlight the entries listed below in bold and right-click,then select Copy.


C:\c.exe
C:\WINDOWS\error89$.sys
C:\WINDOWS\pzJ2l
C:\WINDOWS\sys2419390.exe
C:\WINDOWS\sys4848687.exe
C:\WINDOWS\SYSTEM32\clsid.log
C:\WINDOWS\SYSTEM32\ThriXXX000089.dll
C:\WINDOWS\SYSTEM32\ThriXXX000089SOUNDDX3.dll
C:\WINDOWS\SYSTEM32\ThriXXX010104Z.dll
C:\WINDOWS\SYSTEM32\ThriXXX010205PNG.dll
C:\WINDOWS\SYSTEM32\ThriXXX015003JP2.dll
C:\WINDOWS\SYSTEM32\_005999_.tmp.dll
C:\Documents and Settings\Owner\Application Data\Install.dat


Then start the file packer program and right click in the white box and select paste to paste the copied file names in the field.

Then press the Continue button.

I will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.

Rename this file to yourmembername.cab (for example Monster.cab).

Then go to:
http://www.atribune....mit-malware.php
and fill in the required fields and browse to this file on your desktop. Finally click on the Send File button.


You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts and wait for the tool to finish running.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.
  • 0

#10
Chromo
Posted 19 January 2006 - 05:28 PM

Chromo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
i tried sending the .cab file but it said the file was above 5mb. but it says its only 2.51 mb on my com.
  • 0

Advertisements

#11
Wizard
Posted 20 January 2006 - 07:45 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
I got all the files,go ahead with the Apropos fix and please be sure that fix has finished before restarting.
  • 0

#12
Chromo
Posted 20 January 2006 - 06:39 PM

Chromo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\Owner\Desktop\aproposfix

************

Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!

Finished!




Logfile of HijackThis v1.99.1
Scan saved at 4:39:34 PM, on 1/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\CTRegRun.EXE
C:\Program Files\Creative\Product Registration\English\InetReg.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\AOL\1136953129\ee\AOLSoftware.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8.hpwis.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136953129\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflas...in/powerres.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1137266969765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1137444175281
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: axxt32 - axxt32.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • 0

#13
Wizard
Posted 21 January 2006 - 07:08 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\c.exe
    C:\WINDOWS\error89$.sys
    C:\WINDOWS\pzJ2l
    C:\WINDOWS\sys2419390.exe
    C:\WINDOWS\sys4848687.exe
    C:\WINDOWS\SYSTEM32\clsid.log
    C:\WINDOWS\SYSTEM32\ThriXXX000089.dll
    C:\WINDOWS\SYSTEM32\ThriXXX000089SOUNDDX3.dll
    C:\WINDOWS\SYSTEM32\ThriXXX010104Z.dll
    C:\WINDOWS\SYSTEM32\ThriXXX010205PNG.dll
    C:\WINDOWS\SYSTEM32\ThriXXX015003JP2.dll
    C:\WINDOWS\SYSTEM32\_005999_.tmp.dll
    C:\Documents and Settings\Owner\Application Data\Install.dat

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Select Delete on Reboot
  • then Click on the All Files button.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


Restart in Safe Mode-> Let me see a HijackThis Start Up log.

Open HijackThis and Click the "Open Misc Tools Section" tab.

Select Generate StartUpList log and make sure that both Boxes beside it are checked:

Put a check by:
List all minor sections(Full)
and
List Empty Sections(Complete)

It will produce a NotePad Page,I need you to copy the entire contents of that page to the next reply.
  • 0

#14
Chromo
Posted 21 January 2006 - 12:58 PM

Chromo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
StartupList report, 1/21/2006, 10:53:06 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE
PS2 = C:\WINDOWS\system32\ps2.exe
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
CTRegRun = C:\WINDOWS\CTRegRun.EXE
hpsysdrv = c:\windows\system\hpsysdrv.exe
HostManager = C:\Program Files\Common Files\AOL\1136953129\ee\AOLSoftware.exe
Error Nuker = C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
AlcxMonitor = ALCXMNTR.EXE
IgfxTray = C:\WINDOWS\system32\igfxtray.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

NVIEW = rundll32.exe nview.dll,nViewLoadHook
Yahoo! Pager = C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
Aim6 = "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Screamer Radio sleeptimer.job
Screamer Radio.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[FXPluginCtl Object]
InProcServer32 = C:\WINDOWS\System32\FXPlugin.dll
CODEBASE = http://www.powerflas...in/powerres.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.micr...922/wmv9VCM.CAB

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.micros...b?1137266969765

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\muweb.dll
CODEBASE = http://update.micros...b?1137444175281

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoft...free/asinst.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD K7 Processor Driver: System32\DRIVERS\amdk7.sys (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Update interface wA6: \??\C:\WINDOWS\System32\avAw6.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (autostart)
AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (autostart)
AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
TCPIP Kernel32: \??\C:\WINDOWS\System32\axxt32.sys (autostart)
TCPIP Kernel: \??\C:\WINDOWS\System32\axxt64.sys (system)
Belkin 802.11 Network Adapter Driver: System32\DRIVERS\bcmwl5.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
MAC Bridge: System32\DRIVERS\bridge.sys (manual start)
MAC Bridge Miniport: System32\DRIVERS\bridge.sys (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Creative Service for CDROM Access: C:\WINDOWS\System32\CTSvcCDA.EXE (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
fasttx2k: System32\DRIVERS\fasttx2k.sys (system)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
ialm: System32\DRIVERS\ialmnt5.sys (manual start)
InstallDriver Table Manager: C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: \SystemRoot\System32\DRIVERS\intelide.sys (disabled)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPodService: C:\Program Files\iPod\bin\iPodService.exe (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Jukebox3: System32\DRIVERS\ctpdusb.sys (manual start)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
LT Modem Driver: System32\DRIVERS\ltmdmnt.sys (manual start)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NVIDIA nForce AGP Bus Filter: System32\DRIVERS\nv_agp.sys (system)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Texas Instruments OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
Pcdr Helper Driver: \??\C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
PfModNT: \??\C:\WINDOWS\System32\drivers\PfModNT.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
PS2: System32\DRIVERS\PS2.sys (manual start)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start)
S3Psddr: System32\DRIVERS\s3gnbm.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiS315: System32\DRIVERS\sisgrp.sys (manual start)
SiS AGP Filter: System32\DRIVERS\SISAGPX.sys (system)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
SSI: system32\Drivers\SSI.SYS (system)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
Webroot Spy Sweeper Engine: C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{E7A3D552-D1EE-4DFD-8C00-152351E065BE} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system)
ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel® Graphics Platform (SoftBIOS) Driver: system32\drivers\ialmsbw.sys (manual start)
Intel® Graphics Chipset (KCH) Driver: system32\drivers\ialmkchw.sys (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 33,660 bytes
Report generated in 0.266 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

#15
Wizard
Posted 22 January 2006 - 11:54 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
I need to see 2 files from your system'

Go Here

Upload these 2 files
C:\WINDOWS\System32\axxt32.sys

C:\WINDOWS\System32\axxt64.sys


Let me know when you get them uploaded.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP