Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
help please help please
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 04-28-2007, 09:39 PM   #1 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 23
OS: xp pro


help please
i recently formated my computer b/c too many viruses.
i am running win. xp pro.
after formating the comptuer, i still have viruses.

i am including my hijackthis log file results:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:30:30 PM, on 4/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video AX Object\smmain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Video AX Object\smmon.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Video AX Object\bpmon.exe
C:\Program Files\Video AX Object\bpmini.exe
C:\Documents and Settings\Kejriwal\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {D34F5D71-99E4-4D96-91CA-F4104F69B8AE} - C:\Program Files\Video AX Object\bpvol.dll
O3 - Toolbar: Protection Bar - {F0993251-2512-4710-AF6E-0A13EA199D02} - C:\Program Files\Video AX Object\splug.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video AX Object\bpmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video AX Object\smmain.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: grassily - {4233ac08-a2c4-4742-a0b4-83719613d62c} - C:\WINDOWS\system32\ilmpjy.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

--
End of file - 5065 bytes


THANKS
ck101 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-01-2007, 01:57 AM   #2 (permalink)
Expert Analyst, Moderator, Security Team
 
Join Date: Sep 2006
Posts: 1,345
OS: xp


Re: help please
Hi ck101


http://www.techsupportforum.com/secu...sting-log.html

Download Deckard's System Scanner (DSS) to your Desktop.Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized
    and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your thread in the HijackThis Log Help Forum.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.
LonnyRJones is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-01-2007, 10:40 AM   #3 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 23
OS: xp pro


Re: help please
contents of main:

Deckard's System Scanner v20070426.43
Run by Kejriwal on 2007-05-01 at 12:23:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
40: 2007-05-01 16:23:39 UTC - RP40 - Deckard's System Scanner Restore Point
39: 2007-05-01 04:03:46 UTC - RP39 - Installed Samsung PC Studio
38: 2007-05-01 04:02:46 UTC - RP38 - Installed Adobe Acrobat 8 Professional - English, Français, Deutsch
37: 2007-04-30 23:29:33 UTC - RP37 - Installed Adobe® Photoshop® Album Starter Edition 3.0
36: 2007-04-30 12:58:48 UTC - RP36 - Software Distribution Service 2.0


-- First Restore Point --
1: 2007-04-28 22:59:29 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as kejriwal.exe) --------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:36:24 PM, on 5/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Kejriwal\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Kejriwal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>

S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
S3 NTACCESS - f:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - f:\ntglm7x.sys (file missing)
S3 ssm_bus (Samsung Mobile USB Device II 1.0 driver (WDM)) - c:\windows\system32\drivers\ssm_bus.sys <Not Verified; MCCI; Samsung Mobile USB Device II 1.0>
S3 ssm_mdfl (Samsung Mobile USB Modem II 1.0 Filter) - c:\windows\system32\drivers\ssm_mdfl.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0 Filter Driver>
S3 ssm_mdm (Samsung Mobile USB Modem II 1.0 Drivers) - c:\windows\system32\drivers\ssm_mdm.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Files created between 2007-04-01 and 2007-05-01 -----------------------------

2007-05-01 00:22:16 0 d-------- C:\Documents and Settings\Kejriwal\Application Data\TransRender
2007-05-01 00:22:16 0 d-------- C:\Documents and Settings\Kejriwal\Application Data\Temporary
2007-05-01 00:22:16 0 d-------- C:\Documents and Settings\Kejriwal\Application Data\ConvertTemp
2007-05-01 00:22:15 0 d-------- C:\Documents and Settings\Kejriwal\Application Data\Samsung
2007-05-01 00:04:30 174592 --a------ C:\WINDOWS\system32\framedyn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-05-01 00:04:12 0 d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-05-01 00:03:46 0 d-------- C:\Program Files\Samsung
2007-04-30 23:58:07 5632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-04-30 23:58:05 6096 -ra------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0 Filter Driver>
2007-04-30 23:57:49 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-04-30 23:57:41 0 d-------- C:\Program Files\Webroot
2007-04-30 23:57:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-04-30 23:51:30 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-04-30 23:51:24 6112 -ra------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0>
2007-04-30 23:51:24 6112 -ra------ C:\WINDOWS\system32\drivers\ssm_cm.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0>
2007-04-30 23:51:24 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-04-30 23:51:23 84512 -ra------ C:\WINDOWS\system32\drivers\ssm_mdm.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0>
2007-04-30 23:49:36 5776 -ra------ C:\WINDOWS\system32\drivers\ssm_whnt.sys <Not Verified; MCCI; Samsung Mobile USB Device II 1.0>
2007-04-30 23:49:36 5776 -ra------ C:\WINDOWS\system32\drivers\ssm_wh.sys <Not Verified; MCCI; Samsung Mobile USB Device II 1.0>
2007-04-30 23:49:35 52416 -ra------ C:\WINDOWS\system32\drivers\ssm_bus.sys <Not Verified; MCCI; Samsung Mobile USB Device II 1.0>
2007-04-30 23:46:29 0 d-------- C:\Documents and Settings\Kejriwal\Application Data\Webroot
2007-04-30 23:25:15 0 d-------- C:\Program Files\PowerISO
2007-04-30 19:29:49 0 d-------- C:\Documents and Settings\Kejriwal\Application Data\Adobe
2007-04-30 19:29:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-04-30 19:26:51 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-30 08:59:41 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-04-30 08:57:03 0 d---s---- C:\Documents and Settings\Kejriwal\UserData
2007-04-29 19:52:42 0 dr-h----- C:\Documents and Settings\Kejriwal\Recent
2007-04-29 19:31:48 0 d-------- C:\Documents and Settings\Kejriwal\Contacts
2007-04-29 19:31:21 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-04-29 19:31:15 0 d-------- C:\Program Files\MSN Messenger
2007-04-29 18:41:43 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-04-29 17:25:12 0 d-------- C:\Start Menu
2007-04-29 17:25:10 0 d-------- C:\Program Files\MTV Networks
2007-04-29 17:24:24 0 d-------- C:\WINDOWS\Downloaded Installations
2007-04-29 13:57:20 0 d-------- C:\Documents and Settings\Kejriwal\Application Data\vlc
2007-04-29 13:35:26 0 d-------- C:\Program Files\MSXML 4.0
2007-04-29 13:27:52 0 d-------- C:\Program Files\Common Files\L&H
2007-04-29 13:25:33 0 d-------- C:\Program Files\Microsoft.NET
2007-04-29 13:25:09 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-04-29 13:21:00 0 d-------- C:\Program Files\Microsoft Works
2007-04-29 13:17:35 0 d-------- C:\WINDOWS\SHELLNEW
2007-04-29 13:13:28 0 dr-h----- C:\MSOCache
2007-04-29 10:10:46 178176 -ra------ C:\WINDOWS\system32\LXAUSUI.DLL <Not Verified; Lexmark; Lexmark Z53 Color Jetprinter>
2007-04-29 09:24:43 0 d-------- C:\Documents and Settings\Kejriwal\Application Data\Macromedia
2007-04-28 23:14:41 0 d-------- C:\Program Files\MW
2007-04-28 23:07:51 0 d-------- C:\Documents and Settings\Kejriwal\.housecall6.6
2007-04-28 2236 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-04-28 22:04:15 0 d-------- C:\WINDOWS\pss
2007-04-28 22:04:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2007-04-28 22:02:27 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-04-28 22:02:27 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-04-28 22:02:27 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-04-28 22:02:27 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-04-28 22:02:27 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-04-28 22:02:27 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-04-28 22:02:27 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-04-28 22:02:27 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-04-28 22:02:27 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-04-28 22:02:27 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-04-28 22:02:27 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-04-28 22:02:27 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-04-28 22:02:27 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-04-28 22:02:27 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-04-28 21:44:24 0 d-------- C:\Program Files\Common Files\Cisco Systems
2007-04-28 21:44:09 58016 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>
2007-04-28 21:44:08 108256 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>
2007-04-28 21:43:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-04-28 21:43:44 0 d-------- C:\Program Files\Network Associates
2007-04-28 21:43:44 0 d-------- C:\Program Files\Common Files\Network Associates
2007-04-28 21:43:32 0 d-------- C:\VirusScan8_Installer
2007-04-28 21:42:20 0 d-------- C:\Documents and Settings\Kejriwal\Application Data\DivX
2007-04-28 21:05:02 0 d-------- C:\Documents and Settings\Kejriwal\Application Data\TrojanHunter
2007-04-28 20:55:10 0 dr-h----- C:\$VAULT$.AVG
2007-04-28 20:49:47 0 d-------- C:\Documents and Settings\Kejriwal\Application Data\AVG7
2007-04-28 20:49:38 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-04-28 20:49:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-04-28 20:49:14 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-04-28 20:48:01 0 d-------- C:\Program Files\TrojanHunter 4.6
2007-04-28 20:25:03 0 d-------- C:\Documents and Settings\Kejriwal\Application Data\Lavasoft
2007-04-28 20:21:50 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-04-28 20:21:44 0 d-------- C:\Program Files\SpywareLocked 3.5
2007-04-28 20:09:39 0 d-------- C:\WINDOWS\Sun
2007-04-28 20:09:39 0 d-------- C:\Documents and Settings\Kejriwal\Application Data\Sun
2007-04-28 2015 0 d-------- C:\Documents and Settings\Kejriwal\Shared
2007-04-28 2014 0 d-------- C:\Documents and Settings\Kejriwal\Incomplete
2007-04-28 20:05:45 0 d-------- C:\Documents and Settings\Kejriwal\Application Data\LimeWire
2007-04-28 19:56:38 0 d-------- C:\Program Files\World of Warcraft
2007-04-28 19:56:38 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-04-28 19:50:12 0 d--hs---- C:\WINDOWS\ftpcache
2007-04-28 19:49:21 0 d-------- C:\Documents and Settings\Kejriwal\Application Data\Logitech
2007-04-28 19:48:04 0 d-------- C:\Program Files\Common Files\Logitech
2007-04-28 19:47:59 0 d-------- C:\Program Files\Logitech
2007-04-28 19:44:23 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-04-28 19:39:19 0 d-------- C:\WINDOWS\system32\PreInstall
2007-04-28 19:39:17 0 d--h----- C:\WINDOWS\$hf_mig$
2007-04-28 19:29:29 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System>
2007-04-28 19:27:12 0 d-------- C:\Program Files\Creative
2007-04-28 19:23:50 0 d-------- C:\Program Files\Windows Media Connect 2
2007-04-28 19:23:01 0 d-------- C:\303020ef23ea965ff6
2007-04-28 19:22:52 0 d-------- C:\WINDOWS\system32\LogFiles
2007-04-28 19:22:52 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-04-28 19:21:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-04-28 19:19:51 0 d-------- C:\Program Files\Common Files\xing shared
2007-04-28 19:19:42 0 d-------- C:\Program Files\Real
2007-04-28 19:19:42 0 d-------- C:\Program Files\Common Files\Real
2007-04-28 19:18:57 0 d-------- C:\Documents and Settings\Kejriwal\Application Data\Real
2007-04-28 19:18:13 0 d-------- C:\Program Files\VideoLAN
2007-04-28 19:17:34 0 d-------- C:\Program Files\DivX
2007-04-28 19:15:56 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2007-04-28 19:15:54 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2007-04-28 19:15:54 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-04-28 19:15:54 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-04-28 19:15:54 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-04-28 19:15:53 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2007-04-28 19:15:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2007-04-28 19:15:50 0 d-------- C:\Program Files\Common Files\Ahead
2007-04-28 19:15:46 0 d-------- C:\Program Files\Ahead
2007-04-28 19:13:40 0 d-------- C:\Program Files\Java
2007-04-28 19:13:25 0 d-------- C:\Documents and Settings\Kejriwal\Application Data\acccore
2007-04-28 19:13:13 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-04-28 19:13:10 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-04-28 19:13:09 0 d-------- C:\Program Files\Viewpoint
2007-04-28 19:13:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-04-28 19:13:08 0 d-------- C:\Program Files\Common Files\Java
2007-04-28 19:13:04 0 d-------- C:\Program Files\Common Files\Nullsoft
2007-04-28 19:13:03 0 d-------- C:\Program Files\LimeWire
2007-04-28 19:12:55 0 d-------- C:\Program Files\Common Files\AOL
2007-04-28 19:12:52 0 d-------- C:\Program Files\AIM6
2007-04-28 19:11:31 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-04-28 19:10:39 0 d-------- C:\Program Files\Lavasoft
2007-04-28 19:10:22 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-28 19:10:14 0 d-------- C:\Program Files\BitLord
2007-04-28 19:08:36 0 d-------- C:\WINDOWS\OPTIONS
2007-04-28 19:04:28 335 --a------ C:\WINDOWS\nsreg.dat
2007-04-28 19:04:26 0 d-------- C:\Documents and Settings\Kejriwal\Application Data\Mozilla
2007-04-28 19:04:03 516096 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2007-04-28 19:03:53 294912 -ra------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2007-04-28 19:03:51 72105 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2007-04-28 19:03:34 0 d-------- C:\Program Files\ATI Technologies
2007-04-28 19:03:25 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-28 19:03:18 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
2007-04-28 19:03:12 0 d-------- C:\Program Files\Realtek Sound Manager
2007-04-28 19:03:10 0 d-------- C:\Program Files\AvRack
2007-04-28 19:03:06 208896 -----n--- C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Update Application for Realtek AC'97>
2007-04-28 19:03:06 135168 -----n--- C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing Tool>
2007-04-28 19:02:33 0 d-------- C:\Program Files\Intel
2007-04-28 19:01:57 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-28 19:01:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-28 19:01:38 0 d-------- C:\Program Files\Common Files\InstallShield
2007-04-28 19:01:29 24064 --a------ C:\WINDOWS\autoload.exe
2007-04-28 18:59:09 0 d-------- C:\Documents and Settings\Kejriwal\Application Data\Identities
2007-04-28 18:58:58 0 d--h----- C:\Documents and Settings\Kejriwal\Templates
2007-04-28 18:58:58 0 dr------- C:\Documents and Settings\Kejriwal\Start Menu
2007-04-28 18:58:58 0 dr-h----- C:\Documents and Settings\Kejriwal\SendTo
2007-04-28 18:58:58 0 d--h----- C:\Documents and Settings\Kejriwal\PrintHood
2007-04-28 18:58:58 1835008 --ah----- C:\Documents and Settings\Kejriwal\NTUSER.DAT
2007-04-28 18:58:58 0 d--h----- C:\Documents and Settings\Kejriwal\NetHood
2007-04-28 18:58:58 0 dr------- C:\Documents and Settings\Kejriwal\My Documents
2007-04-28 18:58:58 0 d--h----- C:\Documents and Settings\Kejriwal\Local Settings
2007-04-28 18:58:58 0 dr------- C:\Documents and Settings\Kejriwal\Favorites
2007-04-28 18:58:58 0 d-------- C:\Documents and Settings\Kejriwal\Desktop
2007-04-28 18:58:58 0 d---s---- C:\Documents and Settings\Kejriwal\Cookies
2007-04-28 18:58:58 0 dr-h----- C:\Documents and Settings\Kejriwal\Application Data
2007-04-28 18:58:38 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-28 18:57:35 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-04-28 18:57:25 0 d-------- C:\WINDOWS\Prefetch
2007-04-28 18:57:24 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-04-28 18:57:24 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-04-28 18:57:24 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-04-28 18:57:24 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-04-28 18:57:24 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-04-28 18:57:24 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-04-28 18:57:17 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-04-28 18:57:17 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-04-28 18:57:17 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-04-28 18:57:17 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-04-28 18:57:17 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-04-28 17:29:26 0 d-------- C:\WINDOWS\system32\xircom
2007-04-28 17:29:26 0 d-------- C:\Program Files\microsoft frontpage
2007-04-28 17:29:17 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-04-28 17:29:06 0 -rahs---- C:\MSDOS.SYS
2007-04-28 17:29:06 0 -rahs---- C:\IO.SYS
2007-04-28 17:29:06 0 --a------ C:\CONFIG.SYS
2007-04-28 17:29:06 0 --a------ C:\AUTOEXEC.BAT
2007-04-28 17:28:01 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-04-28 17:27:52 0 dr------- C:\WINDOWS\Offline Web Pages
2007-04-28 17:27:52 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-28 17:27:42 0 d--h----- C:\Program Files\WindowsUpdate
2007-04-28 17:27:25 0 d-------- C:\WINDOWS\system32\DirectX
2007-04-28 17:26:59 0 d---s---- C:\WINDOWS\Tasks
2007-04-28 17:26:58 0 d-------- C:\Program Files\Common Files\MSSoap
2007-04-28 17:26:56 0 d-------- C:\WINDOWS\system32\Macromed
2007-04-28 17:26:56 0 d-------- C:\WINDOWS\srchasst
2007-04-28 17:26:50 0 d-------- C:\Program Files\Movie Maker
2007-04-28 17:26:47 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-28 17:26:44 0 d-------- C:\WINDOWS\system32\Restore
2007-04-28 17:26:41 105984 --a------ C:\WINDOWS\system32\msoert2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-28 17:26:12 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-28 17:25:59 0 d-------- C:\WINDOWS\Registration
2007-04-28 17:25:52 0 d-------- C:\Program Files\Online Services
2007-04-28 17:25:47 0 d-------- C:\Program Files\Messenger
2007-04-28 17:25:45 0 d-------- C:\Program Files\MSN Gaming Zone
2007-04-28 17:25:37 44544 --a------ C:\WINDOWS\system32\hticons.dll <Not Verified; Hilgraeve, Inc.; Microsoft® Windows® Operating System>
2007-04-28 17:25:30 4096 --a------ C:\WINDOWS\system32\rdpcfgex.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-28 17:25:16 0 d-------- C:\Program Files\Windows NT
2007-04-28 17:25:14 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-28 17:25:14 0 d-------- C:\WINDOWS\system32\MsDtc
2007-04-28 17:25:13 0 d-------- C:\WINDOWS\system32\Com
2007-04-28 17:25:12 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll <Not Verified; Microsoft Corporation; COM Services>
2007-04-28 13:18:51 928256 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Miniport Driver>
2007-04-28 13:18:51 428320 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2007-04-28 13:18:51 2169120 --a------ C:\WINDOWS\system32\ati3duag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2007-04-28 13:18:50 222208 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2007-04-28 13:18:50 245760 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-04-28 13:18:28 5504 --a------ C:\WINDOWS\system32\drivers\intelide.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-28 13:18:21 74240 --a------ C:\WINDOWS\system32\usbui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-28 13:16:44 0 d--hs---- C:\WINDOWS\Installer
2007-04-28 13:16:43 0 d-------- C:\Program Files\Common Files\ODBC
2007-04-28 13:16:39 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-28 13:16:37 0 d-a------ C:\Program Files
2007-04-28 13:16:30 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-28 13:16:28 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-28 13:16:25 6656 -ra------ C:\WINDOWS\system32\kbdcz1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-28 13:16:03 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-04-28 13:16:03 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-04-28 13:16:03 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-04-28 13:16:03 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-04-28 13:16:03 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-04-28 13:16:03 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-04-28 13:16:03 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-04-28 13:16:03 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-04-28 13:16:03 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-04-28 13:16:03 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-04-28 13:16:03 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-04-28 13:16:03 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-04-28 13:16:03 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-04-28 13:16:03 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-04-28 13:16:03 0 dr------- C:\Documents and Settings\All Users\Documents
2007-04-28 13:16:03 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-04-28 13:14:09 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-04-28 13:14:09 0 d-------- C:\WINDOWS\system32\CatRoot
2007-04-28 13:14:03 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-04-28 13:14:03 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-04-28 13:14:03 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-04-28 13:14:03 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-04-28 13:12:11 0 d--hs---- C:\System Volume Information
2007-04-28 13:12:11 0 d-------- C:\Documents and Settings
2007-04-28 13:03:37 0 d-------- C:\WINDOWS
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\WinSxS
2007-04-28 13:03:37 0 dr------- C:\WINDOWS\Web
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\twain_32
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\wins
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\wbem
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\usmt
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\spool
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\ShellExt
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\Setup
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\ras
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\oobe
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\npp
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\mui
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\inetsrv
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\IME
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\icsxml
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\ias
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\export
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\drivers
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-28 13:03:37 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\dhcp
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\config
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\3076
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\2052
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\1054
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\1042
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\1041
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\1037
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\1033
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\1031
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\1028
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system32\1025
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\system
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\security
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\Resources
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\repair
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\Provisioning
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\PeerNet
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\pchealth
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\mui
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\msapps
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\msagent
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\Media
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\java
2007-04-28 13:03:37 0 d--h----- C:\WINDOWS\inf
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\ime
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\Help
2007-04-28 13:03:37 0 dr--s---- C:\WINDOWS\Fonts
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\ehome
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\Driver Cache
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\Debug
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\Cursors
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\Connection Wizard
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\Config
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\AppPatch
2007-04-28 13:03:37 0 d-------- C:\WINDOWS\addins
2007-04-09 08:27:07 31548 --a------ C:\WINDOWS\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>


-- Find3M Report ---------------------------------------------------------------

2007-04-30 19:29:17 6 --a------ C:\Documents and Settings\Kejriwal\Application Data\dm.ini
2007-04-30 19:29:17 1467 --a------ C:\Documents and Settings\Kejriwal\Application Data\AdobeDLM.log
2007-04-28 13:16:03 62 --ahs---- C:\Documents and Settings\Kejriwal\Application Data\desktop.ini
2007-03-27 03:55:57 524288 --a------ C:\WINDOWS\system32\DivXsm.exe <Not Verified; DivX Inc.; DivX Inc. divxsm>
2007-03-27 03:55:48 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 03:55:23 200704 --a------ C:\WINDOWS\system32\ssldivx.dll <Not Verified; The OpenSSL Project, http://www.openssl.org/; The OpenSSL Toolkit>
2007-03-27 03:55:23 1044480 --a------ C:\WINDOWS\system32\libdivx.dll <Not Verified; The OpenSSL Project, http://www.openssl.org/; The OpenSSL Toolkit>
2007-03-27 03:49:07 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-03-27 03:49:07 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-03-27 03:49:05 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll <Not Verified; DivXNetworks; DivXNetworks dpuGUI10>
2007-03-27 03:49:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll <Not Verified; DivXNetworks; DivXNetworks dpuGUI11>
2007-03-27 03:49:02 57344 --a------ C:\WINDOWS\system32\dpv11.dll <Not Verified; DivXNetworks; DivXNetworks dpv11>
2007-03-27 03:49:02 344064 --a------ C:\WINDOWS\system32\dpus11.dll <Not Verified; DivXNetworks; DivXNetworks dpus11>
2007-03-27 03:49:02 294912 --a------ C:\WINDOWS\system32\dpu11.dll <Not Verified; DivXNetworks; DivXNetworks dpu11>
2007-03-27 03:49:02 294912 --a------ C:\WINDOWS\system32\dpu10.dll <Not Verified; DivXNetworks; DivXNetworks dpu11>
2007-03-27 03:48:59 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-03-27 03:48:58 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-03-27 03:48:58 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-03-27 03:48:58 639066 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe\""
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"PWRISOVM.EXE"="\"C:\\Program Files\\PowerISO\\PWRISOVM.EXE\""
@=""
"SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"rare"="C:\\Program Files\\Video AX Object\\smmain.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{4233ac08-a2c4-4742-a0b4-83719613d62c}"="grassily"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Acrotray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareLocked 3.5]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpywareLocked 3"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SpywareLocked 3.5\\SpywareLocked 3.5.exe\" /h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="THGuard"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ENTDRV51
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SCDEMU
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_STAROPEN


-- End of Deckard's System Scanner: finished at 2007-05-01 at 12:37:23 ---------



thanks
Attached Files
File Type: txt extra.txt (11.5 KB, 1 views)
ck101 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-01-2007, 12:02 PM   #4 (permalink)
Expert Analyst, Moderator, Security Team
 
Join Date: Sep 2006
Posts: 1,345
OS: xp


Re: help please
Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.
Code:
REGEDIT4
;
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{4233ac08-a2c4-4742-a0b4-83719613d62c}"=-
;
Leave that untill in safe mode, >

Fallow the instruction here for using Option two clean while your pc is in safe mode
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

while still in safe mode
double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.

Post its report once back into normal mode C:\rapport.txt.


You shouldnt have more than one antivirus installed, uninstall all but one asap.
Last edited by LonnyRJones : 05-01-2007 at 12:07 PM.
LonnyRJones is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-03-2007, 08:06 AM   #5 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 23
OS: xp pro


Re: help please
i only use one antivirus--Mcafee virus scan. i think

here is the rapport.txt results:

SmitFraudFix v2.174

Scan done at 9:55:04.53, Thu 05/03/2007
Run from C:\Documents and Settings\Kejriwal\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4233ac08-a2c4-4742-a0b4-83719613d62c}"="grassily"

[HKEY_CLASSES_ROOT\CLSID\{4233ac08-a2c4-4742-a0b4-83719613d62c}\InProcServer32]
@="C:\WINDOWS\system32\ilmpjy.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4233ac08-a2c4-4742-a0b4-83719613d62c}\InProcServer32]
@="C:\WINDOWS\system32\ilmpjy.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\SpywareLocked 3.5\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{14C4F710-F55A-41BE-8908-4B257DE6BAAB}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{14C4F710-F55A-41BE-8908-4B257DE6BAAB}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{14C4F710-F55A-41BE-8908-4B257DE6BAAB}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
ck101 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-03-2007, 08:56 AM   #6 (permalink)
Expert Analyst, Moderator, Security Team
 
Join Date: Sep 2006
Posts: 1,345
OS: xp


Re: help please
You have avg 7 to but it has been partaily disabled with msconfig.
Go into the windows control panel addremove programs and uninstall it.

Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.
Code:
REGEDIT4
;
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareLocked 3.5]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
;
Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.


Hows your PC running ?

Post a log from the none beta hijackthis please

First Make a new folder, example C:\AntiSpyWare
and download/Save HijackThis, to that new folder.
This is necessary to ensure you have backups should anything go wrong
http://www.merijn.org/files/HijackThis.exe
Double click HijackThis.exe, Hit None of the above, just start the program.
Hit Scan When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log somewhere, and please show us its contents.
Most of what it lists will be harmless or even required, so do NOT fix anything yet.
LonnyRJones is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-03-2007, 08:30 PM   #7 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 23
OS: xp pro


Re: help please
hijackthis results:

Logfile of HijackThis v1.99.1
Scan saved at 10:26:50 PM, on 5/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Anti_Spy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

----
pc running well, but sometimes stalls.
i also uninstalled the avg 7

another question off the topic:
i have a wireless router in my house.
what do i do so that its secure. i.e. not anyone can use w/out permission such as neighbors. the brand of the router is SMC

thanks
ck101 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-04-2007, 02:30 AM   #8 (permalink)
Expert Analyst, Moderator, Security Team
 
Join Date: Sep 2006
Posts: 1,345
OS: xp


Re: help please
Start Hijackthis Scan and place a check next to
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Hit fix checked and close Hijackthis.

I'm not experienced with wireless, but doubt you would have problems unless your neighbor had the same brand
we do have a section here you might be interested in
http://www.techsupportforum.com/netw...dsl-satellite/

You can uninstall smithfraud fix and delete the file you downloaded.

Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm

To help avoid reinfection see "So how did I get infected in the first place?" http://castlecops.com/postlite7736-.html by Tony Klein
See Recommended Minimal Security Settings: http://www.mvps.org/winhelp2002/unwanted.htm#happen
MAKING INTERNET EXPLORER SAFER http://www.bleepingcomputer.com/foru...fer-tut102.htm
Understanding and Using Firewalls http://www.bleepingcomputer.com/forums/tutorial60.html
Last edited by LonnyRJones : 05-04-2007 at 02:31 AM.
LonnyRJones is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!