Computer Hope
Microsoft => Microsoft Windows => Windows XP => Topic started by: TonyP on September 10, 2012, 10:53:43 AM
-
I updated and ran spybot and it reported that it couldn't remove all of the threats- Babylon tool bar was mentioned. It said to reboot and it would run during start-up.
However now I get the above message in a pop-up window. My PC won't reboot fully as it is not possible to delete the window carrying the above warning( c:\windows\system32\command.com the parameter is incorrect) .
Luckily I have an old laptop with modem software still installed and working which has enabled me to get on line and join the forum.
Any help would be extremely grateful.
I have already rebooted in safe mode and tried to restore to an earlier working version. But this failed and the same annoying pop-up occurred.
I have an old HP desk top PC running XP. Ram is 512 . CD drive works. It has windows service pack, AVAST Home edition, Malware Bytes (not updated) and superspy antispyware-updated earlier today.
-
I am going tp provide you with some web links that deal with your issue.The 1st one is from a member of the "spybot " team and appears on the spybot forum;
hello,
I think that md usa spybot fans did diagnose the symptoms of this issue correctly.
But there appears to be an issue with the command.com and/or the cmd.exe on the affected computers.
Let's try another approach to eliminate the symptoms of this issue:
boot the computer normally
when the first error messages about the command.com appear open the taskmanager with ctrl+alt+del and then choosing the taskmanager
terminate the explorer.exe
then choose file - new task
enter the path to Spybot S&D (default: c:\Program Files\Spybot - Search & Destroy\SpybotSD.exe) to start Spybot S&D
switch to advanced mode
navigate to tools - system startup
click the export button and save the startup report file to a location you can easily find later
remove all Spybotdelete entries from the startup list
within Spybot S&D (Processlist) terminate the remaining instances of command.com and cmd.exe (ntvdm.exe) and close the error message windows if they are still present ( you can mark multiple entries while holding the shift and/or ctrl key and terminate them together)
from the Taskmanager choose File - new task and enter explorer to restart the explorer
attach the startup report file you saved ealier to your next post
We will require the startup report file to diagnose the cause of this issue. We may also require a complete log file later.
__________________
born in the shadow to die in the shadow, that is the fate of the shinobi
Spybot S&D Downloads
Please help us improve Spybot and download our distributed testing client.
This 2nd one is from another tech support forum that deals specifically with this error (which seems to be emanating from the spybot software) and deals with the issue as it affects win xp.
http://forums.techguy.org/windows-xp/999197-solved-getting-error-c-windows.html
Please try these suggested solutions and post back as to your results. truenorth
-
Hi Truenorth, thanks for your time and help. Much appreciated. Here is the SB log file
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-11-04 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-04-04 Includes\Adware.sbi
2012-09-03 Includes\AdwareC.sbi
2010-08-13 Includes\Cookies.sbi
2010-12-14 Includes\Dialer.sbi
2011-11-29 Includes\DialerC.sbi
2012-01-31 Includes\HeavyDuty.sbi
2012-06-19 Includes\Hijackers.sbi
2012-07-31 Includes\HijackersC.sbi
2010-09-15 Includes\iPhone.sbi
2012-03-13 Includes\Keyloggers.sbi
2012-03-13 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2012-08-28 Includes\Malware.sbi
2012-09-04 Includes\MalwareC.sbi
2011-02-24 Includes\PUPS.sbi
2012-08-21 Includes\PUPSC.sbi
2010-01-25 Includes\Revision.sbi
2012-06-19 Includes\Security.sbi
2011-12-13 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2012-09-05 Includes\Spyware.sbi
2012-09-04 Includes\SpywareC.sbi
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi
2012-09-04 Includes\TrojansC-02.sbi
2012-08-30 Includes\TrojansC-03.sbi
2012-08-28 Includes\TrojansC-04.sbi
2012-08-31 Includes\TrojansC-05.sbi
2012-08-27 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB2572066)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB2604042)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB2656378)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB953295)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB979904)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Service Pack 3
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Security Update (KB2656353)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Security Update (KB2656370)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Security Update (KB979906)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player: Security Update for Windows Media Player (KB2378111)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player: Security Update for Windows Media Player (KB954155)
/ Windows Media Player: Security Update for Windows Media Player (KB973540)
/ Windows Media Player: Security Update for Windows Media Player (KB973540)
/ Windows Media Player: Security Update for Windows Media Player (KB975558)
/ Windows Media Player: Security Update for Windows Media Player (KB978695)
/ Windows Media Player 10: Update for Windows Media Player 10 (KB913800)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2360131)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2416400)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2482017)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2497640)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2530548)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2544521)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2559049)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2586448)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2618444)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2647516)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2675157)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2699988)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2722913)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127-v2)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB982381)
/ Windows XP / SP10: Security Update for Microsoft Windows (KB2564958)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB2079403)
/ Windows XP / SP4: Security Update for Windows XP (KB2115168)
/ Windows XP / SP4: Security Update for Windows XP (KB2121546)
/ Windows XP / SP4: Update for Windows XP (KB2141007)
/ Windows XP / SP4: Hotfix for Windows XP (KB2158563)
/ Windows XP / SP4: Security Update for Windows XP (KB2229593)
/ Windows XP / SP4: Security Update for Windows XP (KB2259922)
/ Windows XP / SP4: Security Update for Windows XP (KB2279986)
/ Windows XP / SP4: Security Update for Windows XP (KB2286198)
/ Windows XP / SP4: Security Update for Windows XP (KB2296011)
/ Windows XP / SP4: Security Update for Windows XP (KB2296199)
/ Windows XP / SP4: Update for Windows XP (KB2345886)
/ Windows XP / SP4: Security Update for Windows XP (KB2347290)
/ Windows XP / SP4: Security Update for Windows XP (KB2360937)
/ Windows XP / SP4: Security Update for Windows XP (KB2387149)
/ Windows XP / SP4: Security Update for Windows XP (KB2393802)
/ Windows XP / SP4: Security Update for Windows XP (KB2412687)
/ Windows XP / SP4: Security Update for Windows XP (KB2419632)
/ Windows XP / SP4: Security Update for Windows XP (KB2423089)
/ Windows XP / SP4: Security Update for Windows XP (KB2436673)
/ Windows XP / SP4: Security Update for Windows XP (KB2440591)
/ Windows XP / SP4: Security Update for Windows XP (KB2443105)
/ Windows XP / SP4: Hotfix for Windows XP (KB2443685)
/ Windows XP / SP4: Update for Windows XP (KB2467659)
/ Windows XP / SP4: Security Update for Windows XP (KB2476490)
/ Windows XP / SP4: Security Update for Windows XP (KB2476687)
/ Windows XP / SP4: Security Update for Windows XP (KB2478960)
/ Windows XP / SP4: Security Update for Windows XP (KB2478971)
/ Windows XP / SP4: Security Update for Windows XP (KB2479628)
/ Windows XP / SP4: Security Update for Windows XP (KB2481109)
/ Windows XP / SP4: Security Update for Windows XP (KB2483185)
/ Windows XP / SP4: Security Update for Windows XP (KB2485376)
/ Windows XP / SP4: Security Update for Windows XP (KB2485663)
/ Windows XP / SP4: Security Update for Windows XP (KB2491683)
/ Windows XP / SP4: Security Update for Windows XP (KB2503658)
/ Windows XP / SP4: Security Update for Windows XP (KB2503665)
/ Windows XP / SP4: Security Update for Windows XP (KB2506212)
/ Windows XP / SP4: Security Update for Windows XP (KB2506223)
/ Windows XP / SP4: Security Update for Windows XP (KB2507618)
/ Windows XP / SP4: Security Update for Windows XP (KB2507938)
/ Windows XP / SP4: Security Update for Windows XP (KB2508272)
/ Windows XP / SP4: Security Update for Windows XP (KB2508429)
/ Windows XP / SP4: Security Update for Windows XP (KB2509553)
/ Windows XP / SP4: Security Update for Windows XP (KB2510581)
/ Windows XP / SP4: Security Update for Windows XP (KB2511455)
/ Windows XP / SP4: Security Update for Windows XP (KB2524375)
/ Windows XP / SP4: Security Update for Windows XP (KB2535512)
/ Windows XP / SP4: Security Update for Windows XP (KB2536276)
/ Windows XP / SP4: Security Update for Windows XP (KB2536276-v2)
/ Windows XP / SP4: Update for Windows XP (KB2541763)
/ Windows XP / SP4: Security Update for Windows XP (KB2544893)
/ Windows XP / SP4: Security Update for Windows XP (KB2544893-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB2555917)
/ Windows XP / SP4: Security Update for Windows XP (KB2562937)
/ Windows XP / SP4: Security Update for Windows XP (KB2566454)
/ Windows XP / SP4: Security Update for Windows XP (KB2567053)
/ Windows XP / SP4: Security Update for Windows XP (KB2567680)
/ Windows XP / SP4: Security Update for Windows XP (KB2570222)
/ Windows XP / SP4: Hotfix for Windows XP (KB2570791)
/ Windows XP / SP4: Security Update for Windows XP (KB2570947)
/ Windows XP / SP4: Microsoft .NET Framework 1.0 Hotfix (KB2572066)
/ Windows XP / SP4: Security Update for Windows XP (KB2584146)
/ Windows XP / SP4: Security Update for Windows XP (KB2585542)
/ Windows XP / SP4: Security Update for Windows XP (KB2592799)
/ Windows XP / SP4: Security Update for Windows XP (KB2598479)
/ Windows XP / SP4: Security Update for Windows XP (KB2603381)
/ Windows XP / SP4: Microsoft .NET Framework 1.0 Hotfix (KB2604042)
/ Windows XP / SP4: Update for Windows XP (KB2607712)
/ Windows XP / SP4: Update for Windows XP (KB2616676)
/ Windows XP / SP4: Security Update for Windows XP (KB2618451)
/ Windows XP / SP4: Security Update for Windows XP (KB2620712)
/ Windows XP / SP4: Security Update for Windows XP (KB2621440)
/ Windows XP / SP4: Security Update for Windows XP (KB2624667)
/ Windows XP / SP4: Security Update for Windows XP (KB2631813)
/ Windows XP / SP4: Security Update for Windows XP (KB2633171)
/ Windows XP / SP4: Hotfix for Windows XP (KB2633952)
/ Windows XP / SP4: Security Update for Windows XP (KB2639417)
/ Windows XP / SP4: Security Update for Windows XP (KB2641653)
/ Windows XP / SP4: Update for Windows XP (KB2641690)
/ Windows XP / SP4: Security Update for Windows XP (KB2646524)
/ Windows XP / SP4: Security Update for Windows XP (KB2647518)
/ Windows XP / SP4: Security Update for Windows XP (KB2653956)
/ Windows XP / SP4: Security Update for Windows XP (KB2655992)
/ Windows XP / SP4: Microsoft .NET Framework 1.0 Hotfix (KB2656378)
/ Windows XP / SP4: Security Update for Windows XP (KB2659262)
/ Windows XP / SP4: Security Update for Windows XP (KB2660465)
/ Windows XP / SP4: Security Update for Windows XP (KB2661637)
/ Windows XP / SP4: Security Update for Windows XP (KB2676562)
/ Windows XP / SP4: Security Update for Windows XP (KB2685939)
/ Windows XP / SP4: Security Update for Windows XP (KB2686509)
/ Windows XP / SP4: Security Update for Windows XP (KB2691442)
/ Windows XP / SP4: Security Update for Windows XP (KB2695962)
/ Windows XP / SP4: Security Update for Windows XP (KB2698365)
/ Windows XP / SP4: Security Update for Windows XP (KB2705219)
/ Windows XP / SP4: Security Update for Windows XP (KB2707511)
/ Windows XP / SP4: Security Update for Windows XP (KB2709162)
/ Windows XP / SP4: Security Update for Windows XP (KB2712808)
/ Windows XP / SP4: Security Update for Windows XP (KB2718523)
/ Windows XP / SP4: Update for Windows XP (KB2718704)
/ Windows XP / SP4: Security Update for Windows XP (KB2719985)
/ Windows XP / SP4: Security Update for Windows XP (KB2723135)
/ Windows XP / SP4: Security Update for Windows XP (KB2731847)
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
/ Windows XP / SP4: Hotfix for Windows XP (KB954708)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955759)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956744)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956844)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958869)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB960859)
/ Windows XP / SP4: Hotfix for Windows XP (KB961118)
/ Windows XP / SP4: Security Update for Windows XP (KB961501)
/ Windows XP / SP4: Update for Windows XP (KB961503)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP / SP4: Update for Windows XP (KB968389)
/ Windows XP / SP4: Security Update for Windows XP (KB969059)
/ Windows XP / SP4: Security Update for Windows XP (KB970238)
/ Windows XP / SP4: Security Update for Windows XP (KB970430)
/ Windows XP / SP4: Update for Windows XP (KB971029)
/ Windows XP / SP4: Security Update for Windows XP (KB971468)
/ Windows XP / SP4: Security Update for Windows XP (KB971657)
/ Windows XP / SP4: Update for Windows XP (KB971737)
/ Windows XP / SP4: Security Update for Windows XP (KB971961)
/ Windows XP / SP4: Security Update for Windows XP (KB972270)
/ Windows XP / SP4: Security Update for Windows XP (KB973507)
/ Windows XP / SP4: Update for Windows XP (KB973687)
/ Windows XP / SP4: Update for Windows XP (KB973815)
/ Windows XP / SP4: Security Update for Windows XP (KB973869)
/ Windows XP / SP4: Security Update for Windows XP (KB973904)
/ Windows XP / SP4: Security Update for Windows XP (KB974112)
/ Windows XP / SP4: Security Update for Windows XP (KB974318)
/ Windows XP / SP4: Security Update for Windows XP (KB974392)
/ Windows XP / SP4: Security Update for Windows XP (KB974571)
/ Windows XP / SP4: Security Update for Windows XP (KB975025)
/ Windows XP / SP4: Security Update for Windows XP (KB975467)
/ Windows XP / SP4: Security Update for Windows XP (KB975560)
/ Windows XP / SP4: Security Update for Windows XP (KB975561)
/ Windows XP / SP4: Security Update for Windows XP (KB975562)
/ Windows XP / SP4: Security Update for Windows XP (KB975713)
/ Windows XP / SP4: Hotfix for Windows XP (KB976002-v5)
/ Windows XP / SP4: Security Update for Windows XP (KB977816)
/ Windows XP / SP4: Security Update for Windows XP (KB977914)
/ Windows XP / SP4: Security Update for Windows XP (KB978037)
/ Windows XP / SP4: Security Update for Windows XP (KB978338)
/ Windows XP / SP4: Security Update for Windows XP (KB978542)
/ Windows XP / SP4: Security Update for Windows XP (KB978601)
/ Windows XP / SP4: Security Update for Windows XP (KB978706)
/ Windows XP / SP4: Security Update for Windows XP (KB979309)
/ Windows XP / SP4: Security Update for Windows XP (KB979482)
/ Windows XP / SP4: Security Update for Windows XP (KB979559)
/ Windows XP / SP4: Security Update for Windows XP (KB979683)
/ Windows XP / SP4: Security Update for Windows XP (KB979687)
/ Windows XP / SP4: Security Update for Windows XP (KB980195)
/ Windows XP / SP4: Security Update for Windows XP (KB980218)
/ Windows XP / SP4: Security Update for Windows XP (KB980232)
/ Windows XP / SP4: Security Update for Windows XP (KB980436)
/ Windows XP / SP4: Security Update for Windows XP (KB981322)
/ Windows XP / SP4: Security Update for Windows XP (KB981349)
/ Windows XP / SP4: Hotfix for Windows XP (KB981793)
/ Windows XP / SP4: Security Update for Windows XP (KB981852)
/ Windows XP / SP4: Security Update for Windows XP (KB981957)
/ Windows XP / SP4: Security Update for Windows XP (KB981997)
/ Windows XP / SP4: Security Update for Windows XP (KB982132)
/ Windows XP / SP4: Security Update for Windows XP (KB982214)
/ Windows XP / SP4: Security Update for Windows XP (KB982381)
/ Windows XP / SP4: Security Update for Windows XP (KB982665)
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 919008
MD5: B63E5C7807334A3A8F731062F15462CC
Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 69632
MD5: 8B4CBBA1EA526830C7F97E7822E2493A
Located: HK_LM:Run, AlwaysReady Power Message APP
command: ARPWRMSG.EXE
file: C:\WINDOWS\ARPWRMSG.EXE
size: 77312
MD5: B596347A26DC054EBB44EB3BC8E95B0A
Located: HK_LM:Run, APSDaemon
command: "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
file: C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
size: 59240
MD5: F7DD2D785280DB73DC9060F80361BEFB
Located: HK_LM:Run, ATICCC
command: "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
file: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
size: 61440
MD5: 242ABD06C109A1871FFA76C1C0DCA136
Located: HK_LM:Run, AVG_TRAY
command: "C:\Program Files\AVG\AVG2012\avgtray.exe"
file: C:\Program Files\AVG\AVG2012\avgtray.exe
size: 2587008
MD5: 80956486306D1F546EDC1DD7FAE87F62
Located: HK_LM:Run, DATAMNGR
command: C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE
file: C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE
size: 1694608
MD5: D8B3EB0A5B5FDBC1609E4E2B66CE3F93
Located: HK_LM:Run, ehTray
command: C:\WINDOWS\ehome\ehtray.exe
file: C:\WINDOWS\ehome\ehtray.exe
size: 64512
MD5: 7A21E06385E748E9CB0252F1BBC493F1
Located: HK_LM:Run, Freecorder FLV Service
command: "C:\Program Files\Freecorder\FLVSrvc.exe" /run
file: C:\Program Files\Freecorder\FLVSrvc.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, GrooveMonitor
command: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 30040
MD5: 0E34B7BB1FCF22BCC1E394D16F9E992B
Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49208
MD5: FDD4F5F7C4BAD248AB16233A1639C078
Located: HK_LM:Run, HPHUPD08
command: c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
file: c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
size: 49152
MD5: 4F113169A2DE985D043A5530987AD6D0
Located: HK_LM:Run, hpsysdrv
command: c:\windows\system\hpsysdrv.exe
file: c:\windows\system\hpsysdrv.exe
size: 52736
MD5: 06A1ECB63DF139EC639E084D4AB3C9D7
Located: HK_LM:Run, KBD
command: C:\HP\KBD\KBD.EXE
file: C:\HP\KBD\KBD.EXE
size: 61440
MD5: C81BE1B951C36E97D3DA90DA745DA5F7
Located: HK_LM:Run, PS2
command: C:\WINDOWS\system32\ps2.exe
file: C:\WINDOWS\system32\ps2.exe
size: 90112
MD5: FF8CCC86C4E42F59B189BD28D362B599
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 421888
MD5: 0AEE5668EB59912F32FF245BFA72465F
Located: HK_LM:Run, Recguard
command: C:\WINDOWS\SMINST\RECGUARD.EXE
file: C:\WINDOWS\SMINST\RECGUARD.EXE
size: 233472
MD5: 310F1E8A0781887BA1C217448C0E4D48
Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 14820864
MD5: 0AF9324D43DF9DF59BB2B0F08223A26C
Located: HK_LM:Run, ServeZip
command: "C:\Program Files\ServeZip\ServeZip.exe" -StartUp
file: C:\Program Files\ServeZip\ServeZip.exe
size: 1731824
MD5: C89AEE9F158C3F04342538A3C163BC49
Located: HK_LM:Run, SpeedTouch USB Diagnostics
command: "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
file: C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
size: 866816
MD5: D40191AA225638AB20E59524CDD74030
Located: HK_LM:Run, TkBellExe
command: "c:\program files\real\realplayer\update\realsched.exe" -osboot
file: c:\program files\real\realplayer\update\realsched.exe
size: 296096
MD5: A73731A0B0A165907799E9AFB461F856
Located: HK_LM:Run, vProt
command: "C:\Program Files\AVG Secure Search\vprot.exe"
file: C:\Program Files\AVG Secure Search\vprot.exe
size: 1107552
MD5: 1AF481FD411221752AA10DAC1A01E5A3
Located: HK_LM:RunOnce, AvgUninstallURL
command: cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjE0MTI0ODg5LVhPMTArMi1RSVgxKzQtWDIwMTArMi1MSUMrMjItRkwxMCsxLVNQMSsxLVNVRCsxLVMxSSsxLVNVMysxLVRVRyszLUREVCszODkyNi1ERDEwRisxLVNUMTBGQVBQKzE"&"prod=90"&"ver=10.0.1410
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, GrpConv
command: grpconv -o
file: grpconv -o
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA0
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\lines.gif"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\lines.gif"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA1550
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\playBtn.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\playBtn.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA1746
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\se.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\se.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA2349
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\pauseBtn.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\pauseBtn.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA400
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\chooseStation.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\chooseStation.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA4051
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\sv.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\sv.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA4399
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\bg.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\bg.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA5647
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\sa.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\sa.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA5661
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\tr.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\tr.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA6634
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\ua.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\ua.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA7610
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\rd_strp.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\rd_strp.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA9277
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\ru.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\ru.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingC1216
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\chooseStation.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC1525
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\ru.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC1732
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\se.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC2142
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\ua.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC2166
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\sv.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC3693
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\pauseBtn.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC463
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\sa.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC4721
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\playBtn.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC6090
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\lines.gif"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC6763
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\rd_strp.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC8600
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\us.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC8912
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\tr.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC919
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\ro.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC9858
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\bg.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, DAEMON Tools
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
file: C:\Program Files\DAEMON Tools\daemon.exe
size: 167368
MD5: 7FE662041CE93F79DD20BD57BE151B3E
Located: HK_CU:Run, msnmsgr
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3872080
MD5: CCEAA8D97341E1335AFC353C03456288
Located: HK_CU:Run, NBJ
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
file: C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
size: 1871872
MD5: 829A54E0D5B6F619B784D727454D692B
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: HK_CU:RunOnce, SpybotDeletingB1056
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\fr.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\fr.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB1437
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\chooseStation.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\chooseStation.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB1692
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\jp.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\jp.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB191
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\no.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\no.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB2251
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\logo.gif"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\logo.gif"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB2341
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\radio.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\radio.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB2397
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\icon_seperator.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\icon_seperator.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB2526
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\cn.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\cn.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB2584
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\it.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\it.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB2589
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\chrome.manifest"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\chrome.manifest"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB2607
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\logo.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\logo.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB2612
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\translate.PNG"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\translate.PNG"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB2814
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\toolbar_icons_games.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\toolbar_icons_games.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB2964
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\install.rdf"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\install.rdf"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB3014
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\rd_strp.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\rd_strp.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB3286
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\home.gif"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\home.gif"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB3441
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\bbyln.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\bbyln.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB3447
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\ua.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\ua.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB3504
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\es.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\es.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB3505
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\specialoffer.gif"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\specialoffer.gif"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB3559
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\bg.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\bg.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB3665
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\cz.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\cz.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB3786
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\babylon.css"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\babylon.css"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB3960
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\babylon.xul"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\babylon.xul"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB4050
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\ro.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\ro.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB4512
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\arwDwn.gif"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\arwDwn.gif"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB4826
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\lines.gif"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\mnRadio\lines.gif"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB5336
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\tellafriend.gif"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\tellafriend.gif"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB5569
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\toolbarIcons_casino.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\toolbarIcons_casino.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB5787
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\ch.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\flgs\ch.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB5820
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\[email protected]\content\imgs\claro.png"
file: command.com /c del "C:\Documents and Settings\HP_A
-
For some considerable time it has been a CH policy if not a rule that advice on the removal of malware should only be
given by Authorized Malware Removal Specialists who cruise the Computer Viruses and Spyware
forum. Log files should only be posted on that forum when requested by a Malware Removal
Specialist.
Please go here (http://www.computerhope.com/forum/index.php/topic,46313.0.html) and follow the advice given.
Good luck & welcome to the CH forums.
-
Dusty has given you the correct appropriate advice. Retain that log and undoubtedly it will be needed there.truenorth