1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help!!!-keylogger,invader

Discussion in 'Virus & Other Malware Removal' started by Elsy, Jan 30, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Elsy

    Elsy Thread Starter

    Joined:
    Dec 8, 2006
    Messages:
    107
    HIJACK THIS REPORT

    Logfile of HijackThis v1.99.1
    Scan saved at 22:36:22, on 07.01.30
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\WINDOWS\explorer.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Documents and Settings\Administrator\My Documents\My eBooks\works\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oops.mn/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [dll] c:\system32\rose.exe
    O4 - HKLM\..\Run: [ISS_SIP] C:\Program Files\Anti Keylogger Elite\AKE.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Q-Type Pro.lnk = C:\Program Files\Q-Type Pro\MagicKey.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169621498343
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: svchosts (srvTaskManager) - Unknown owner - C:\WINDOWS\system32\TaskManager.exe
     
  2. Elsy

    Elsy Thread Starter

    Joined:
    Dec 8, 2006
    Messages:
    107
    SmitFraudFix v2.137

    Scan done at 22:32:39,70, 07.01.30
    Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  3. Elsy

    Elsy Thread Starter

    Joined:
    Dec 8, 2006
    Messages:
    107
    This one is AVG Antivirus RESULT.

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 0:19:02 07.01.31

    + Scan result:



    :mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bau9wpz3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bau9wpz3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bau9wpz3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.55:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bau9wpz3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bau9wpz3.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.17:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bau9wpz3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bau9wpz3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bau9wpz3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bau9wpz3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bau9wpz3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bau9wpz3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


    ::Report end
     
  4. Elsy

    Elsy Thread Starter

    Joined:
    Dec 8, 2006
    Messages:
    107
    Can anyone help me?????????? PLEASE :(
     
  5. Elsy

    Elsy Thread Starter

    Joined:
    Dec 8, 2006
    Messages:
    107
    I'm very afraid. My PC is slowing down.
    And IE is not working. Keylogger and invader are detected on Kaspersky.
    But it can't terminate it. I'll put Panda scanning result tomorrow.
     
  6. Elsy

    Elsy Thread Starter

    Joined:
    Dec 8, 2006
    Messages:
    107
  7. Elsy

    Elsy Thread Starter

    Joined:
    Dec 8, 2006
    Messages:
    107
    Proactive Defense
    -----------------
    Events checked: 98
    Blocked: 16
    Macros checked: 0
    Start time: 07.01.31 0:27:44
    Duration: 01:58:28


    Detected
    --------
    Status Object
    ------ ------
    detected: riskware Invader Running process: C:\WINDOWS\system32\services.exe
    detected: riskware Invader Running process: C:\WINDOWS\System32\svchost.exe
    detected: riskware Invader Running process: C:\WINDOWS\Explorer.EXE
    detected: riskware Invader Running process: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    detected: riskware Invader Running process: C:\Program Files\Spyware Doctor\sdhelp.exe
    detected: riskware Invader Running process: C:\Program Files\Spyware Doctor\swdoctor.exe
    detected: riskware Invader Running process: C:\Program Files\Q-Type Pro\MagicKey.exe
    detected: riskware Invader Running process: C:\WINDOWS\system32\winlogon.exe
    detected: riskware Invader Running process: C:\WINDOWS\explorer.exe
    detected: riskware Invader Running process: C:\Program Files\Mozilla Firefox\firefox.exe
    detected: riskware Invader Running process: C:\Program Files\Internet Explorer\iexplore.exe
    detected: riskware Invader Running process: C:\WINDOWS\system32\rundll32.exe
    detected: riskware Invader Running process: C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
     
  8. Elsy

    Elsy Thread Starter

    Joined:
    Dec 8, 2006
    Messages:
    107
    Events
    ------
    Time Name Event
    ---- ---- -----
    07.01.31 0:32:52 C:\WINDOWS\system32\services.exe Process C:\WINDOWS\system32\services.exe (PID: 632) is attempting to invade process C:\WINDOWS\system32\imapi.exe (PID: 2672). This behaviour is typical of some malware.
    07.01.31 0:32:52 C:\WINDOWS\system32\services.exe Action allowed.
    07.01.31 0:32:54 C:\WINDOWS\system32\services.exe Process C:\WINDOWS\system32\services.exe (PID: 632) is attempting to invade process C:\WINDOWS\system32\imapi.exe (PID: 2672). This behaviour is typical of some malware.
    07.01.31 0:32:54 C:\WINDOWS\system32\services.exe Action allowed.
    07.01.31 0:32:54 C:\WINDOWS\system32\services.exe Process C:\WINDOWS\system32\services.exe (PID: 632) is attempting to invade process C:\WINDOWS\system32\imapi.exe (PID: 2672). This behaviour is typical of some malware.
    07.01.31 0:32:54 C:\WINDOWS\system32\services.exe Action allowed.
    07.01.31 0:32:54 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\wuauclt.exe (PID: 3136). This behaviour is typical of some malware.
    07.01.31 0:32:54 C:\WINDOWS\System32\svchost.exe Action allowed.
    07.01.31 0:32:54 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\wuauclt.exe (PID: 3136). This behaviour is typical of some malware.
    07.01.31 0:32:54 C:\WINDOWS\System32\svchost.exe Action allowed.
    07.01.31 0:32:54 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\wuauclt.exe (PID: 3136). This behaviour is typical of some malware.
    07.01.31 0:32:54 C:\WINDOWS\System32\svchost.exe Action allowed.
    07.01.31 0:32:54 C:\WINDOWS\Explorer.EXE Process C:\WINDOWS\Explorer.EXE (PID: 1464) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 3172). This behaviour is typical of some malware.
    07.01.31 0:32:54 C:\WINDOWS\Explorer.EXE Action allowed.
    07.01.31 0:32:54 C:\WINDOWS\Explorer.EXE Process C:\WINDOWS\Explorer.EXE (PID: 1464) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 3172). This behaviour is typical of some malware.
    07.01.31 0:32:54 C:\WINDOWS\Explorer.EXE Action allowed.
    07.01.31 0:32:54 C:\WINDOWS\Explorer.EXE Process C:\WINDOWS\Explorer.EXE (PID: 1464) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 3172). This behaviour is typical of some malware.
    07.01.31 0:32:54 C:\WINDOWS\Explorer.EXE Action allowed.
    07.01.31 0:32:54 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Process C:\Program Files\Common Files\Real\Update_OB\realsched.exe (PID: 1664) is attempting to invade process C:\Program Files\Real\RealPlayer\realplay.exe (PID: 3372). This behaviour is typical of some malware.
    07.01.31 0:32:54 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Action allowed.
    07.01.31 0:32:54 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Process C:\Program Files\Common Files\Real\Update_OB\realsched.exe (PID: 1664) is attempting to invade process C:\Program Files\Real\RealPlayer\realplay.exe (PID: 3372). This behaviour is typical of some malware.
    07.01.31 0:32:54 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Action allowed.
    07.01.31 0:32:54 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Process C:\Program Files\Common Files\Real\Update_OB\realsched.exe (PID: 1664) is attempting to invade process C:\Program Files\Real\RealPlayer\realplay.exe (PID: 3372). This behaviour is typical of some malware.
    07.01.31 0:32:54 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Action allowed.
    07.01.31 0:32:56 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Process C:\Program Files\Common Files\Real\Update_OB\realsched.exe (PID: 1664) is attempting to invade process C:\Program Files\Real\RealPlayer\realplay.exe (PID: 3496). This behaviour is typical of some malware.
    07.01.31 0:32:56 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Action allowed.
    07.01.31 0:32:56 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Process C:\Program Files\Common Files\Real\Update_OB\realsched.exe (PID: 1664) is attempting to invade process C:\Program Files\Real\RealPlayer\realplay.exe (PID: 3496). This behaviour is typical of some malware.
    07.01.31 0:32:56 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Action allowed.
    07.01.31 0:32:56 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Process C:\Program Files\Common Files\Real\Update_OB\realsched.exe (PID: 1664) is attempting to invade process C:\Program Files\Real\RealPlayer\realplay.exe (PID: 3496). This behaviour is typical of some malware.
    07.01.31 0:32:56 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Action allowed.
    07.01.31 0:33:01 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\wscntfy.exe (PID: 3588). This behaviour is typical of some malware.
    07.01.31 0:33:01 C:\WINDOWS\System32\svchost.exe Action allowed.
    07.01.31 0:33:01 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\wscntfy.exe (PID: 3588). This behaviour is typical of some malware.
    07.01.31 0:33:01 C:\WINDOWS\System32\svchost.exe Action allowed.
    07.01.31 0:33:01 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\wscntfy.exe (PID: 3588). This behaviour is typical of some malware.
    07.01.31 0:33:01 C:\WINDOWS\System32\svchost.exe Action allowed.
    07.01.31 0:34:38 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\wuauclt.exe (PID: 2232). This behaviour is typical of some malware.
    07.01.31 0:34:38 C:\WINDOWS\System32\svchost.exe Action allowed.
    07.01.31 0:34:40 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\wuauclt.exe (PID: 2232). This behaviour is typical of some malware.
    07.01.31 0:34:40 C:\WINDOWS\System32\svchost.exe Action allowed.
    07.01.31 0:34:42 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\wuauclt.exe (PID: 2232). This behaviour is typical of some malware.
    07.01.31 0:34:42 C:\WINDOWS\System32\svchost.exe Action allowed.
    07.01.31 0:39:22 C:\WINDOWS\Explorer.EXE Process C:\WINDOWS\Explorer.EXE (PID: 1464) is attempting to invade process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 220). This behaviour is typical of some malware.
    07.01.31 0:39:22 C:\WINDOWS\Explorer.EXE Action allowed.
    07.01.31 0:40:10 C:\Program Files\Spyware Doctor\sdhelp.exe Process C:\Program Files\Spyware Doctor\sdhelp.exe (PID: 416) is attempting to invade process \SystemRoot\System32\smss.exe (PID: 496). This behaviour is typical of some malware.
    07.01.31 0:40:10 C:\Program Files\Spyware Doctor\sdhelp.exe Action allowed.
    07.01.31 0:40:40 C:\WINDOWS\Explorer.EXE Process C:\WINDOWS\Explorer.EXE (PID: 1464) is attempting to invade process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 220). This behaviour is typical of some malware.
    07.01.31 0:40:40 C:\WINDOWS\Explorer.EXE Action allowed.
    07.01.31 0:40:44 C:\Program Files\Spyware Doctor\sdhelp.exe Process C:\Program Files\Spyware Doctor\sdhelp.exe (PID: 416) is attempting to invade process \SystemRoot\System32\smss.exe (PID: 496). This behaviour is typical of some malware.
    07.01.31 0:40:44 C:\Program Files\Spyware Doctor\sdhelp.exe Action allowed.
    07.01.31 0:40:46 C:\WINDOWS\Explorer.EXE Process C:\WINDOWS\Explorer.EXE (PID: 1464) is attempting to invade process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 220). This behaviour is typical of some malware.
    07.01.31 0:40:46 C:\WINDOWS\Explorer.EXE Action allowed.
    07.01.31 0:40:49 C:\Program Files\Spyware Doctor\sdhelp.exe Process C:\Program Files\Spyware Doctor\sdhelp.exe (PID: 416) is attempting to invade process \\?\C:\WINDOWS\system32\csrss.exe (PID: 564). This behaviour is typical of some malware.
    07.01.31 0:40:49 C:\Program Files\Spyware Doctor\sdhelp.exe Action allowed.
    07.01.31 0:40:54 C:\Program Files\Spyware Doctor\sdhelp.exe Process C:\Program Files\Spyware Doctor\sdhelp.exe (PID: 416) is attempting to invade process \\?\C:\WINDOWS\system32\csrss.exe (PID: 564). This behaviour is typical of some malware.
    07.01.31 0:40:54 C:\Program Files\Spyware Doctor\sdhelp.exe Action allowed.
    07.01.31 0:40:58 C:\Program Files\Spyware Doctor\sdhelp.exe Process C:\Program Files\Spyware Doctor\sdhelp.exe (PID: 416) is attempting to invade process \\?\C:\WINDOWS\system32\winlogon.exe (PID: 588). This behaviour is typical of some malware.
    07.01.31 0:40:58 C:\Program Files\Spyware Doctor\sdhelp.exe Action allowed.
    07.01.31 0:41:01 C:\Program Files\Spyware Doctor\sdhelp.exe Process C:\Program Files\Spyware Doctor\sdhelp.exe (PID: 416) is attempting to invade process \\?\C:\WINDOWS\system32\winlogon.exe (PID: 588). This behaviour is typical of some malware.
    07.01.31 0:41:01 C:\Program Files\Spyware Doctor\sdhelp.exe Action allowed.
    07.01.31 0:41:02 C:\Program Files\Spyware Doctor\sdhelp.exe Process C:\Program Files\Spyware Doctor\sdhelp.exe (PID: 416) is attempting to invade process C:\WINDOWS\system32\services.exe (PID: 632). This behaviour is typical of some malware.
    07.01.31 0:41:02 C:\Program Files\Spyware Doctor\sdhelp.exe Attempt to terminate process
    07.01.31 0:41:05 C:\Program Files\Spyware Doctor\sdhelp.exe Attempt to terminate process: successfully
    07.01.31 0:41:06 C:\Program Files\Spyware Doctor\swdoctor.exe Process C:\Program Files\Spyware Doctor\swdoctor.exe (PID: 1952) is attempting to invade process \SystemRoot\System32\smss.exe (PID: 496). This behaviour is typical of some malware.
    07.01.31 0:41:06 C:\Program Files\Spyware Doctor\swdoctor.exe Attempt to terminate process
    07.01.31 0:41:09 C:\Program Files\Spyware Doctor\swdoctor.exe Attempt to terminate process: successfully
    07.01.31 0:41:15 C:\Program Files\Q-Type Pro\MagicKey.exe Process C:\Program Files\Q-Type Pro\MagicKey.exe (PID: 2244) is attempting to invade process C:\Program Files\Q-Type Pro\DisableMs.exe (PID: 4072). This behaviour is typical of some malware.
    07.01.31 0:41:15 C:\Program Files\Q-Type Pro\MagicKey.exe Action allowed.
    07.01.31 0:41:21 C:\Program Files\Q-Type Pro\MagicKey.exe Process C:\Program Files\Q-Type Pro\MagicKey.exe (PID: 2244) is attempting to invade process C:\Program Files\Q-Type Pro\DisableMs.exe (PID: 4072). This behaviour is typical of some malware.
    07.01.31 0:41:21 C:\Program Files\Q-Type Pro\MagicKey.exe Action allowed.
    07.01.31 0:41:23 C:\Program Files\Q-Type Pro\MagicKey.exe Process C:\Program Files\Q-Type Pro\MagicKey.exe (PID: 2244) is attempting to invade process C:\Program Files\Q-Type Pro\DisableMs.exe (PID: 4072). This behaviour is typical of some malware.
    07.01.31 0:41:23 C:\Program Files\Q-Type Pro\MagicKey.exe Action allowed.
    07.01.31 0:42:29 C:\WINDOWS\Explorer.EXE Process C:\WINDOWS\Explorer.EXE (PID: 1464) is attempting to invade process C:\WINDOWS\system32\notepad.exe (PID: 260). This behaviour is typical of some malware.
    07.01.31 0:42:29 C:\WINDOWS\Explorer.EXE Action allowed.
    07.01.31 0:42:33 C:\WINDOWS\Explorer.EXE Process C:\WINDOWS\Explorer.EXE (PID: 1464) is attempting to invade process C:\WINDOWS\system32\notepad.exe (PID: 260). This behaviour is typical of some malware.
    07.01.31 0:42:33 C:\WINDOWS\Explorer.EXE Attempt to terminate process
    07.01.31 0:42:41 C:\WINDOWS\Explorer.EXE Attempt to terminate process: successfully
    07.01.31 0:42:41 C:\WINDOWS\system32\notepad.exe Attempt to terminate process: successfully
    07.01.31 0:42:41 C:\Program Files\Mozilla Firefox\firefox.exe Attempt to terminate process: successfully
    07.01.31 0:42:41 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe Attempt to terminate process: successfully
    07.01.31 0:42:41 C:\WINDOWS\system32\ctfmon.exe Attempt to terminate process: successfully
    07.01.31 0:42:41 C:\Program Files\Messenger\msmsgs.exe Attempt to terminate process: successfully
    07.01.31 0:42:41 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe Attempt to terminate process: successfully
    07.01.31 0:42:42 C:\Program Files\Anti Keylogger Elite\AKE.exe Attempt to terminate process: access denied or object not found
    07.01.31 0:42:43 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe Attempt to terminate process: successfully
    07.01.31 0:42:43 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Attempt to terminate process: successfully
    07.01.31 0:42:43 C:\Program Files\Logitech\Video\LogiTray.exe Attempt to terminate process: successfully
    07.01.31 0:42:43 C:\WINDOWS\system32\LVCOMSX.EXE Attempt to terminate process: successfully
    07.01.31 0:42:43 C:\WINDOWS\system32\rmctrl.exe Attempt to terminate process: successfully
    07.01.31 0:42:44 C:\WINDOWS\SOUNDMAN.EXE Attempt to terminate process: successfully
    07.01.31 0:42:44 C:\WINDOWS\system32\hkcmd.exe Attempt to terminate process: successfully
    07.01.31 0:42:46 C:\WINDOWS\system32\winlogon.exe Process C:\WINDOWS\system32\winlogon.exe (PID: 588) is attempting to invade process C:\WINDOWS\explorer.exe (PID: 624). This behaviour is typical of some malware.
    07.01.31 0:42:46 C:\WINDOWS\system32\winlogon.exe Action allowed.
    07.01.31 0:42:46 C:\WINDOWS\system32\winlogon.exe Process C:\WINDOWS\system32\winlogon.exe (PID: 588) is attempting to invade process
     
  9. Elsy

    Elsy Thread Starter

    Joined:
    Dec 8, 2006
    Messages:
    107
    C:\WINDOWS\explorer.exe (PID: 624). This behaviour is typical of some malware.
    07.01.31 0:42:46 C:\WINDOWS\system32\winlogon.exe Action allowed.
    07.01.31 0:42:46 C:\WINDOWS\system32\winlogon.exe Process C:\WINDOWS\system32\winlogon.exe (PID: 588) is attempting to invade process C:\WINDOWS\explorer.exe (PID: 624). This behaviour is typical of some malware.
    07.01.31 0:42:46 C:\WINDOWS\system32\winlogon.exe Action allowed.
    07.01.31 0:43:02 C:\WINDOWS\system32\services.exe Process C:\WINDOWS\system32\services.exe (PID: 632) is attempting to invade process C:\WINDOWS\system32\imapi.exe (PID: 3272). This behaviour is typical of some malware.
    07.01.31 0:43:02 C:\WINDOWS\system32\services.exe Action allowed.
    07.01.31 0:43:02 C:\WINDOWS\system32\services.exe Process C:\WINDOWS\system32\services.exe (PID: 632) is attempting to invade process C:\WINDOWS\system32\imapi.exe (PID: 3272). This behaviour is typical of some malware.
    07.01.31 0:43:02 C:\WINDOWS\system32\services.exe Action allowed.
    07.01.31 0:43:02 C:\WINDOWS\system32\services.exe Process C:\WINDOWS\system32\services.exe (PID: 632) is attempting to invade process C:\WINDOWS\system32\imapi.exe (PID: 3272). This behaviour is typical of some malware.
    07.01.31 0:43:02 C:\WINDOWS\system32\services.exe Action allowed.
    07.01.31 0:44:03 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 2220). This behaviour is typical of some malware.
    07.01.31 0:44:03 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 0:44:03 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 2220). This behaviour is typical of some malware.
    07.01.31 0:44:03 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 0:44:03 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 2220). This behaviour is typical of some malware.
    07.01.31 0:44:03 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 0:44:31 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 3720). This behaviour is typical of some malware.
    07.01.31 0:44:31 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 0:44:31 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\WINDOWS\system32\notepad.exe (PID: 3708). This behaviour is typical of some malware.
    07.01.31 0:44:31 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 0:44:31 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 3720). This behaviour is typical of some malware.
    07.01.31 0:44:31 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 0:44:31 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\WINDOWS\system32\notepad.exe (PID: 3708). This behaviour is typical of some malware.
    07.01.31 0:44:31 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 0:44:31 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 3720). This behaviour is typical of some malware.
    07.01.31 0:44:31 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 0:44:31 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\WINDOWS\system32\notepad.exe (PID: 3708). This behaviour is typical of some malware.
    07.01.31 0:44:31 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 0:45:29 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe Process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 3720) is attempting to invade process C:\WINDOWS\system32\ctfmon.exe (PID: 2972). This behaviour is typical of some malware.
    07.01.31 0:45:29 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe Action allowed (by exclusions).
    07.01.31 1:10:50 C:\Program Files\Mozilla Firefox\firefox.exe Process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 2220) is attempting to invade process C:\WINDOWS\system32\mspaint.exe (PID: 2584). This behaviour is typical of some malware.
    07.01.31 1:10:50 C:\Program Files\Mozilla Firefox\firefox.exe Action allowed.
    07.01.31 1:10:50 C:\Program Files\Mozilla Firefox\firefox.exe Process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 2220) is attempting to invade process C:\WINDOWS\system32\mspaint.exe (PID: 2584). This behaviour is typical of some malware.
    07.01.31 1:10:50 C:\Program Files\Mozilla Firefox\firefox.exe Action allowed.
    07.01.31 1:10:50 C:\Program Files\Mozilla Firefox\firefox.exe Process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 2220) is attempting to invade process C:\WINDOWS\system32\mspaint.exe (PID: 2584). This behaviour is typical of some malware.
    07.01.31 1:10:50 C:\Program Files\Mozilla Firefox\firefox.exe Action allowed.
    07.01.31 1:15:47 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3648). This behaviour is typical of some malware.
    07.01.31 1:15:47 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 1:15:47 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3648). This behaviour is typical of some malware.
    07.01.31 1:15:47 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 1:15:47 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3648). This behaviour is typical of some malware.
    07.01.31 1:15:47 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 1:16:09 C:\Program Files\Internet Explorer\iexplore.exe Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3648) is attempting to invade process C:\Program Files\Spyware Doctor\swdoctor.exe (PID: 2864). This behaviour is typical of some malware.
    07.01.31 1:16:09 C:\Program Files\Internet Explorer\iexplore.exe Action allowed.
    07.01.31 1:16:09 C:\Program Files\Internet Explorer\iexplore.exe Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3648) is attempting to invade process C:\Program Files\Spyware Doctor\swdoctor.exe (PID: 2864). This behaviour is typical of some malware.
    07.01.31 1:16:09 C:\Program Files\Internet Explorer\iexplore.exe Action allowed.
    07.01.31 1:16:10 C:\Program Files\Internet Explorer\iexplore.exe Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3648) is attempting to invade process C:\Program Files\Spyware Doctor\swdoctor.exe (PID: 2864). This behaviour is typical of some malware.
    07.01.31 1:16:10 C:\Program Files\Internet Explorer\iexplore.exe Action allowed.
    07.01.31 1:17:03 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (PID: 4032). This behaviour is typical of some malware.
    07.01.31 1:17:03 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 1:17:04 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (PID: 4032). This behaviour is typical of some malware.
    07.01.31 1:17:04 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 1:17:04 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (PID: 4032). This behaviour is typical of some malware.
    07.01.31 1:17:04 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 1:18:24 C:\Program Files\Spyware Doctor\swdoctor.exe Process C:\Program Files\Spyware Doctor\swdoctor.exe (PID: 2864) is attempting to invade process \SystemRoot\System32\smss.exe (PID: 496). This behaviour is typical of some malware.
    07.01.31 1:18:24 C:\Program Files\Spyware Doctor\swdoctor.exe Attempt to terminate process
    07.01.31 1:18:31 C:\Program Files\Spyware Doctor\swdoctor.exe Attempt to terminate process: successfully
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Startup Rollback
    07.01.31 1:18:33 C:\PROGRA~1\SPYWAR~1\igdbs.dat Rollback
    07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Startup Rollback
    07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Favorites Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop Rollback
    07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Start Menu Rollback
    07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop Rollback
    07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba9d1742-184c-11db-bd91-806d6172696f}\BaseClass Rollback
    07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba9d1743-184c-11db-bd91-806d6172696f}\BaseClass Rollback
    07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e76297ac-182c-11db-94b0-806d6172696f}\BaseClass Rollback
    07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c041139c-183c-11db-bd0f-00e04c771968}\BaseClass Rollback
    07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba9d1741-184c-11db-bd91-806d6172696f}\BaseClass Rollback
    07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba9d1740-184c-11db-bd91-806d6172696f}\BaseClass Rollback
    07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData Rollback
    07.01.31 1:18:33 C:\PROGRA~1\SPYWAR~1\common.ini Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C2CE6266-0404-4C54-96B4-8829852E3537}\TypeLib Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C2CE6266-0404-4C54-96B4-8829852E3537}\Version Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C2CE6266-0404-4C54-96B4-8829852E3537}\ProgID Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.QuarantinedItemProxy\Clsid Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.QuarantinedItemProxy Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C2CE6266-0404-4C54-96B4-8829852E3537}\LocalServer32 Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C2CE6266-0404-4C54-96B4-8829852E3537} Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}\TypeLib Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}\Version Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}\ProgID Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.ScripterProxy\Clsid Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.ScripterProxy Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}\LocalServer32 Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9} Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE612304-E8F9-45D9-A444-32409D33E954}\TypeLib Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE612304-E8F9-45D9-A444-32409D33E954}\Version Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE612304-E8F9-45D9-A444-32409D33E954}\ProgID Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.EBankProblem\Clsid Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.EBankProblem Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE612304-E8F9-45D9-A444-32409D33E954}\LocalServer32 Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE612304-E8F9-45D9-A444-32409D33E954} Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49}\TypeLib Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49}\Version Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49}\ProgID Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.EMClient\Clsid Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.EMClient Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49}\LocalServer32 Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49} Rollback
    07.01.31 1:18:33 C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 Rollback: not found
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Licenses\{0781F7A018B2EFAD7} Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Licenses\{I781F7A018B2EFAD7} Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData Rollback
    07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters\TrapPollTimeMilliSecs Rollback
    07.01.31 1:18:24 C:\Program Files\Spyware Doctor\swdoctor.exe Rollback completed with some errors
    07.01.31 1:50:02 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\WINDOWS\system32\rundll32.exe (PID: 2572). This behaviour is typical of some malware.
    07.01.31 1:50:02 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 1:50:11 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\WINDOWS\system32\rundll32.exe (PID: 2572). This behaviour is typical of some malware.
    07.01.31 1:50:11 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 1:50:18 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\WINDOWS\system32\rundll32.exe (PID: 2572). This behaviour is typical of some malware.
    07.01.31 1:50:18 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 1:50:27 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 1768). This behaviour is typical of some malware.
    07.01.31 1:50:27 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 1:50:42 C:\WINDOWS\system32\rundll32.exe Process C:\WINDOWS\system32\rundll32.exe (PID: 2572) is attempting to invade process C:\WINDOWS\system32\ssflwbox.scr (PID: 2124). This behaviour is typical of some malware.
    07.01.31 1:50:42 C:\WINDOWS\system32\rundll32.exe Action allowed.
    07.01.31 1:50:43 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 1768). This behaviour is typical of some malware.
    07.01.31 1:50:43 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 1:50:44 C:\WINDOWS\system32\rundll32.exe Process C:\WINDOWS\system32\rundll32.exe (PID: 2572) is attempting to invade process C:\WINDOWS\system32\ssflwbox.scr (PID: 2124). This behaviour is typical of some malware.
    07.01.31 1:50:44 C:\WINDOWS\system32\rundll32.exe Action allowed.
    07.01.31 1:50:44 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 1768). This behaviour is typical of some malware.
    07.01.31 1:50:44 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 1:50:45 C:\WINDOWS\system32\rundll32.exe Process C:\WINDOWS\system32\rundll32.exe (PID: 2572) is attempting to invade process C:\WINDOWS\system32\ssflwbox.scr (PID: 2124). This behaviour is typical of some malware.
    07.01.31 1:50:45 C:\WINDOWS\system32\rundll32.exe Action allowed.
    07.01.31 1:50:58 C:\WINDOWS\system32\rundll32.exe Process C:\WINDOWS\system32\rundll32.exe (PID: 2572) is attempting to invade process C:\WINDOWS\system32\logon.scr (PID: 4052). This behaviour is typical of some malware.
    07.01.31 1:50:58 C:\WINDOWS\system32\rundll32.exe Action allowed.
    07.01.31 1:51:00 C:\WINDOWS\system32\rundll32.exe Process C:\WINDOWS\system32\rundll32.exe (PID: 2572) is attempting to invade process C:\WINDOWS\system32\logon.scr (PID: 4052). This behaviour is typical of some malware.
    07.01.31 1:51:00 C:\WINDOWS\system32\rundll32.exe Action allowed.
    07.01.31 1:51:02 C:\WINDOWS\system32\rundll32.exe Process C:\WINDOWS\system32\rundll32.exe (PID: 2572) is attempting to invade process C:\WINDOWS\system32\logon.scr (PID: 4052). This behaviour is typical of some malware.
    07.01.31 1:51:02 C:\WINDOWS\system32\rundll32.exe Action allowed.
    07.01.31 1:52:05 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe (PID: 1240). This behaviour is typical of some malware.
    07.01.31 1:52:05 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 1:52:11 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe (PID: 1240). This behaviour is typical of some malware.
    07.01.31 1:52:11 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 1:52:11 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe (PID: 1240). This behaviour is typical of some malware.
    07.01.31 1:52:11 C:\WINDOWS\explorer.exe Action allowed.
    07.01.31 1:52:16 C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe Process C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe (PID: 1240) is attempting to invade process C:\WINDOWS\system32\rundll32.exe (PID: 2812). This behaviour is typical of some malware.
    07.01.31 1:52:16 C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe Action allowed.
    07.01.31 1:52:18 C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe Process C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe (PID: 1240) is attempting to invade process C:\WINDOWS\system32\rundll32.exe (PID: 2812). This behaviour is typical of some malware.
    07.01.31 1:52:18 C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe Action allowed.
    07.01.31 1:52:19 C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe Process C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe (PID: 1240) is attempting to invade process C:\WINDOWS\system32\rundll32.exe (PID: 2812). This behaviour is typical of some malware.
    07.01.31 1:52:19 C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe Action allowed.
    07.01.31 1:57:39 C:\WINDOWS\system32\winlogon.exe Process C:\WINDOWS\system32\winlogon.exe (PID: 588) is attempting to invade process C:\WINDOWS\system32\logon.scr (PID: 3424). This behaviour is typical of some malware.
    07.01.31 1:57:39 C:\WINDOWS\system32\winlogon.exe Attempt to terminate process
    07.01.31 1:57:55 C:\WINDOWS\system32\logon.scr Attempt to terminate process: successfully
    07.01.31 1:57:55 C:\WINDOWS\explorer.exe Attempt to terminate process: successfully
    07.01.31 1:58:19 C:\WINDOWS\system32\services.exe Process C:\WINDOWS\system32\services.exe (PID: 632) is attempting to invade process C:\WINDOWS\system32\imapi.exe (PID: 2436). This behaviour is typical of some malware.
    07.01.31 1:58:19 C:\WINDOWS\system32\services.exe Attempt to terminate process
    07.01.31 1:58:22 C:\WINDOWS\system32\imapi.exe Attempt to terminate process: successfully
    07.01.31 1:58:22 C:\WINDOWS\system32\alg.exe Attempt to terminate process: successfully
    07.01.31 1:58:22 C:\WINDOWS\system32\TaskManager.exe Attempt to terminate process: successfully
    07.01.31 1:58:22 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE Attempt to terminate process: successfully
    07.01.31 1:58:22 C:\WINDOWS\system32\spoolsv.exe Attempt to terminate process: successfully
    07.01.31 2:14:08 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\defrag.exe (PID: 2272). This behaviour is typical of some malware.
    07.01.31 2:14:08 C:\WINDOWS\System32\svchost.exe Action allowed.
    07.01.31 2:19:18 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\defrag.exe (PID: 2272). This behaviour is typical of some malware.
    07.01.31 2:19:18 C:\WINDOWS\System32\svchost.exe Action allowed.
    07.01.31 2:21:59 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\defrag.exe (PID: 2272). This behaviour is typical of some malware.
    07.01.31 2:21:59 C:\WINDOWS\System32\svchost.exe Attempt to terminate process
    07.01.31 2:22:03 C:\WINDOWS\system32\defrag.exe Attempt to terminate process: successfully
    07.01.31 2:22:05 C:\WINDOWS\system32\wuauclt.exe Attempt to terminate process: successfully
    07.01.31 2:25:03 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 3884) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 1164). This behaviour is typical of some malware.
    07.01.31 2:25:03 C:\WINDOWS\explorer.exe Attempt to terminate process
    07.01.31 2:25:07 C:\WINDOWS\explorer.exe Attempt to terminate process: successfully
    07.01.31 2:25:07 C:\Program Files\Mozilla Firefox\firefox.exe Attempt to terminate process: successfully
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:Zbmvyyn Sversbk.yax Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids\WinRAR.ZIP Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xsl\OpenWithProgids\xslfile Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpl\OpenWithProgids\RealPlayer.PLSPL.6 Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\OpenWithProgids\MozillaXML Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlt\OpenWithProgids\Excel.Template Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithProgids\Excel.Sheet.8 Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\OpenWithProgids\WVXFile Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wri\OpenWithProgids\wrifile Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\OpenWithProgids\WPLFile Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\OpenWithProgids\ASXFile Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\OpenWithProgids\WMVFile Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids\wmffile Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\OpenWithProgids\WMAFile Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\OpenWithProgids\ASFFile Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\OpenWithProgids\WAXFile Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithProgids\soundrec Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids\txtfile Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithProgids\MSPaper.Document Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids\MSPaper.Document Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ssm\OpenWithProgids\SSM Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\OpenWithProgids\AUFile Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\OpenWithProgids\RealPlayer.SMIL.6 Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\OpenWithProgids\RealPlayer.SMIL.6 Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids\htmlfile Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rvx\OpenWithProgids\RealPlayer.RVX.6 Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rv\OpenWithProgids\RealPlayer.RV.6 Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\OpenWithProgids\Word.RTF.8 Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsml\OpenWithProgids\RealPlayer.RSML.6 Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmx\OpenWithProgids\RealJukebox.RMX.1 Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\OpenWithProgids\RealPlayer.RMVB.6 Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rms\OpenWithProgids\RealPlayer.RMS.6 Rollback
    07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmp\OpenWithProgids\RealJukebox.RMP.1 Rollback
    07.01.31 2:25:09 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmm\OpenWithProgids\RealPlayer.RAM.6 Rollback
    07.01.31 2:25:09 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmj\OpenWithProgids\RealJukebox.RMJ.1 Rollback
    07.01.31 2:25:09 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\OpenWithProgids\midfile Rollback
    07.01.31 2:25:09 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\OpenWithProgids\RealPlayer.RM.6 Rollback
    07.01.31 2:25:09 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rax\OpenWithProgids\RealPlayer.RAX.6 Rollback
    07.01.31 2:25:09 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\OpenWithProgids\RealPlayer.RAM.6
     
  10. Elsy

    Elsy Thread Starter

    Joined:
    Dec 8, 2006
    Messages:
    107
    Please Help!
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/539578

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice