|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
05-03-2007, 10:06 PM
|
#1 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 21
OS: XP
|
do this log please
my computer has began to skip in one of my games called counter-strike and my computer has slown down a little bit so heres the hijackthis log, i couldnt get the panda thing to work.
Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 10:48:20 PM, on 5/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Define\Desktop\HiJackThis_v2\HiJackThis_v2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 5021 bytes |
|
     |
|
05-03-2007, 10:12 PM
|
#2 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista
|
Re: do this log please
The log you've posted is the beta version of HijackThis and is still under development. Please refer to this thread TrendMicro's HijackThis version2 Beta
Then please follow the instructions in the (Updated!) IMPORTANT - Read This Before Posting A Log thread and post the requested logs in your next reply. We prefer to use v.1.99.1 still. Please do this, and allow Deckard's System Scanner to download, install and run HJT v.1.99.1 One of our Security Analysts will review your logs as soon as possible. While reading through our 5-Step Process, please note the 'bumping rules'. |
|
|
|
|
05-04-2007, 02:49 PM
|
#3 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 21
OS: XP
|
Re: do this log please
THIS IS THE GOOD ONE
The panda scanner is not letting me scan because its not downloading the active x but i did though... Deckard's System Scanner v20070426.43 Run by Define on 2007-05-04 at 15:34:22 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 44: 2007-05-04 14:34:24 UTC - RP44 - Deckard's System Scanner Restore Point 43: 2007-05-03 22:24:31 UTC - RP43 - System Checkpoint 42: 2007-05-02 21:25:48 UTC - RP42 - System Checkpoint 41: 2007-05-01 20:03:54 UTC - RP41 - System Checkpoint 40: 2007-04-30 19:44:39 UTC - RP40 - System Checkpoint -- First Restore Point -- 1: 2007-04-04 19:42:19 UTC - RP1 - Installed Microsoft Office Professional Edition 2003 Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Define.exe) ---------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 3:35:20 PM, on 5/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Documents and Settings\Define\Desktop\dss.exe C:\PROGRA~1\HIJACK~1\Define.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe" O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 cmudaxu (C-Media USB Sound Interface) - c:\windows\system32\drivers\cmudaxu.sys <Not Verified; C-Media Inc; C-Media USB Audio Driver (WDM)> S3 AC97ALI (Service for AC'97 Driver (WDM)) - c:\windows\system32\drivers\ali55wdm.sys <Not Verified; ULi Corporation; ULi M5455 Audio Controller WDM Driver> S3 cpuz126 - c:\docume~1\define\locals~1\temp\cpuz.sys (file missing) S3 GMSIPCI - e:\install\gmsipci.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler> -- Scheduled Tasks ------------------------------------------------------------- 2007-05-03 19:55:57 268 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job 2007-05-03 19:55:56 386 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job -- Files created between 2007-04-04 and 2007-05-04 ----------------------------- 2007-05-04 15:31:09 0 d-------- C:\Program Files\SpywareBlaster 2007-05-03 22:49:44 0 dr-h----- C:\Documents and Settings\Define\Recent 2007-05-03 22:32:20 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot 2007-05-03 22:25:10 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-05-03 20:12:59 0 d-------- C:\Program Files\Uniblue 2007-05-03 19:55:58 0 d-------- C:\Documents and Settings\Define\Application Data\Uniblue 2007-04-27 18:02:13 0 d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic 2007-04-26 21:09:56 0 d-------- C:\Program Files\BitLord 2007-04-26 14:41:45 0 d-------- C:\Program Files\LimeWire 2007-04-25 13:57:31 0 d-------- C:\Program Files\Windows Media Connect 2 2007-04-25 13:56:24 0 d-------- C:\WINDOWS\system32\LogFiles 2007-04-25 13:56:24 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-04-25 13:47:17 0 d-------- C:\WINDOWS\network diagnostic 2007-04-25 13:30:26 592 --a------ C:\WINDOWS\chgkey.vbs 2007-04-22 20:57:16 0 d--h----- C:\WINDOWS\system32\GroupPolicy 2007-04-16 15:47:35 119056 --a------ C:\WINDOWS\system32\reg_c3.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System> 2007-04-16 15:47:34 1017545 --a------ C:\WINDOWS\system32\cpuz.exe <Not Verified; CPUID; CPU-Z Application> 2007-04-16 15:47:30 0 d-------- C:\Program Files\CEVO 2007-04-16 15:28:21 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat 2007-04-16 03:00:18 0 d-------- C:\WINDOWS\system32\DllCache 2007-04-16 00:03:41 0 d-------- C:\Program Files\Common Files\Scanner 2007-04-16 00:03:41 0 d-------- C:\Program Files\ComcastToolbar 2007-04-16 00:03:40 0 d-------- C:\Documents and Settings\Define\Application Data\ComcastToolbar 2007-04-16 00:01:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2007-04-14 14:44:28 0 d-------- C:\Program Files\support.com 2007-04-14 14:44:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Support.com 2007-04-14 13:42:06 0 d-------- C:\Program Files\SystemRequirementsLab 2007-04-14 13:42:00 0 d-------- C:\Documents and Settings\Define\Application Data\SystemRequirementsLab 2007-04-14 13:41:52 0 d-------- C:\WINDOWS\Sun 2007-04-14 13:41:52 0 d-------- C:\Documents and Settings\Define\Application Data\Sun 2007-04-14 10:10:47 0 d-------- C:\Documents and Settings\Define\Incomplete 2007-04-14 10:10:38 0 d-------- C:\Documents and Settings\Define\Application Data\LimeWire 2007-04-14 10:07:39 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-04-14 10  57 0 d-------- C:\Documents and Settings\Define\Application Data\Leadertech2007-04-14 00:02:35 0 d-------- C:\Program Files\Java 2007-04-14 00:02:29 0 d-------- C:\Program Files\Common Files\Java 2007-04-13 23:58:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2007-04-13 23:58:09 0 d-------- C:\Documents and Settings\Define\Application Data\Azureus 2007-04-10 15:38:29 0 d-------- C:\WINDOWS\system32\NtmsData 2007-04-09 17:07:10 0 d-------- C:\WINDOWS\system32\Lang 2007-04-09 17:07:10 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM> 2007-04-07 21:27:15 0 d-------- C:\Documents and Settings\Define\Application Data\teamspeak2 2007-04-07 00:17:01 0 d-------- C:\Documents and Settings\Define\Application Data\vlc 2007-04-07 00:16:13 0 d-------- C:\Program Files\VideoLAN 2007-04-06 11:04:12 0 d-------- C:\Program Files\MSXML 4.0 2007-04-05 23:58:13 0 d--h----- C:\WINDOWS\$hf_mig$ 2007-04-05 23:56:57 0 d---s---- C:\Documents and Settings\Define\UserData 2007-04-04 23:32:20 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-04-04 23:01:54 0 d-------- C:\Documents and Settings\Define\Application Data\WinRAR 2007-04-04 22:44:39 0 d-------- C:\Documents and Settings\Define\Application Data\Xfire 2007-04-04 22:44:38 0 d---s---- C:\Program Files\Xfire 2007-04-04 22:37:14 0 d-------- C:\Documents and Settings\Define\Application Data\Ventrilo 2007-04-04 22:36:36 0 d-------- C:\Program Files\Ventrilo 2007-04-04 22:36:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-04-04 22:20:02 0 d-------- C:\Documents and Settings\Define\Application Data\Aim 2007-04-04 22:18:53 0 d-------- C:\Program Files\Viewpoint 2007-04-04 22:18:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-04-04 22:18:50 0 d-------- C:\Program Files\AIM 2007-04-04 22:18:08 0 d-------- C:\Program Files\CCleaner 2007-04-04 21:27:53 0 d--hs---- C:\WINDOWS\Installer 2007-04-04 21:27:52 0 dr------- C:\Program Files 2007-04-04 21:27:52 0 d-------- C:\Program Files\Common Files\ODBC 2007-04-04 21:27:38 69120 --a------ C:\WINDOWS\NOTEPAD.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-04-04 21:27:27 0 d--h----- C:\Documents and Settings\Default User\Templates 2007-04-04 21:27:27 0 dr------- C:\Documents and Settings\Default User\Start Menu 2007-04-04 21:27:27 0 dr-h----- C:\Documents and Settings\Default User\SendTo 2007-04-04 21:27:27 0 d--h----- C:\Documents and Settings\Default User\Recent 2007-04-04 21:27:27 0 d--h----- C:\Documents and Settings\Default User\PrintHood 2007-04-04 21:27:27 0 d--h----- C:\Documents and Settings\Default User\NetHood 2007-04-04 21:27:27 0 d-------- C:\Documents and Settings\Default User\My Documents 2007-04-04 21:27:27 0 dr-h----- C:\Documents and Settings\Default User\Local Settings 2007-04-04 21:27:27 0 d-------- C:\Documents and Settings\Default User\Favorites 2007-04-04 21:27:27 0 d-------- C:\Documents and Settings\Default User\Desktop 2007-04-04 21:27:27 0 d---s---- C:\Documents and Settings\Default User\Cookies 2007-04-04 21:27:27 0 d--h----- C:\Documents and Settings\All Users\Templates 2007-04-04 21:27:27 0 dr------- C:\Documents and Settings\All Users\Start Menu 2007-04-04 21:27:27 0 d-------- C:\Documents and Settings\All Users\Favorites 2007-04-04 21:27:27 0 dr------- C:\Documents and Settings\All Users\Documents 2007-04-04 21:27:27 0 d-------- C:\Documents and Settings\All Users\Desktop 2007-04-04 21:25:10 0 d-------- C:\WINDOWS\system32\CatRoot2 2007-04-04 21:25:10 0 d-------- C:\WINDOWS\system32\CatRoot 2007-04-04 21:25:04 0 dr-h----- C:\Documents and Settings\Default User\Application Data 2007-04-04 21:25:04 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft 2007-04-04 21:25:04 0 dr-h----- C:\Documents and Settings\All Users\Application Data 2007-04-04 21:25:04 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft 2007-04-04 21:23:05 63488 --a------ C:\WINDOWS\system32\drivers\ali55wdm.sys <Not Verified; ULi Corporation; ULi M5455 Audio Controller WDM Driver> 2007-04-04 21:23:05 9728 --a------ C:\WINDOWS\system32\ali55prp.dll <Not Verified; ALi Corporation; ALi M5455 Audio Controller Property Page> 2007-04-04 21:22:56 0 d--hs---- C:\System Volume Information 2007-04-04 21:22:56 0 d-------- C:\Documents and Settings 2007-04-04 21:21:32 0 d-------- C:\D 2007-04-04 21:18:43 0 d-------- C:\WINDOWS 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\WinSxS 2007-04-04 21:18:43 0 dr------- C:\WINDOWS\Web 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\twain_32 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\wins 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\wbem 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\usmt 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\spool 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\ShellExt 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\Setup 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\ras 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\PreInstall 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\oobe 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\npp 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\mui 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\inetsrv 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\IME 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\icsxml 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\ias 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\export 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\drivers 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\drivers\etc 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\drivers\disdn 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\dhcp 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\config 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\3com_dmi 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\3076 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\2052 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1054 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1042 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1041 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1037 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1033 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1031 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1028 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1025 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\SoftwareDistribution 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\security 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Resources 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\repair 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Provisioning 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\PeerNet 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\pchealth 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\mui 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\msapps 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\msagent 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Media 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\java 2007-04-04 21:18:43 0 d--h----- C:\WINDOWS\inf 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\ime 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Help 2007-04-04 21:18:43 0 dr--s---- C:\WINDOWS\Fonts 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\ehome 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Driver Cache 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Debug 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Cursors 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Connection Wizard 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Config 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\AppPatch 2007-04-04 21:18:43 0 d-------- C:\WINDOWS\addins 2007-04-04 21:15:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-04-04 21:15:16 0 d-------- C:\Program Files\Webroot 2007-04-04 21:15:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2007-04-04 21:14:34 0 d-------- C:\Documents and Settings\Define\Application Data\Webroot 2007-04-04 21:11:00 0 d-------- C:\Program Files\mIRC 2007-04-04 21:08:12 0 --a------ C:\WINDOWS\nsreg.dat 2007-04-04 21:02:43 53 --a------ C:\biosinfo 2007-04-04 20:57:57 1391296 -ra------ C:\WINDOWS\system32\drivers\cmudaxu.sys <Not Verified; C-Media Inc; C-Media USB Audio Driver (WDM)> 2007-04-04 20:57:57 98304 -ra------ C:\WINDOWS\system32\cmudau.dll <Not Verified; C-Media; C-Media cmuda.dll> 2007-04-04 20:57:57 16384 -ra------ C:\WINDOWS\system32\cmpropu.dll <Not Verified; C-Media Corporation; CMI8738/CMI9738/CMI9739 Audio Device> 2007-04-04 20:57:57 241664 -ra------ C:\WINDOWS\system32\cmdrvrmu.exe <Not Verified; C-Media Corporation; CmiRemoveDriver Application> 2007-04-04 20:57:57 45056 -ra------ C:\WINDOWS\system32\cmdrvrmu.dll 2007-04-04 20:57:57 712704 -ra------ C:\WINDOWS\system32\a3dpropu.dll <Not Verified; Sensaura Ltd; Sensaura> 2007-04-04 20:57:57 61440 -ra------ C:\WINDOWS\system\cmsnxeye.exe <Not Verified; ; CmSNXeye Application> 2007-04-04 20:57:57 315392 -ra------ C:\WINDOWS\system\cmifltr.dll <Not Verified; C-Media Electronics Inc.; C-Media CmiFltr> 2007-04-04 20:57:57 917504 -ra------ C:\WINDOWS\system\cmds3du.dll <Not Verified; C-Media Electronics Inc.; C-Media Cmids3d> 2007-04-04 20:57:54 40960 -r------- C:\WINDOWS\CmiUSB2Uninstall.exe <Not Verified; ; CmiUSBUninstall Application> 2007-04-04 20:57:49 0 d-------- C:\Program Files\Steel Sound 5H USB 2007-04-04 20:55:29 0 d-------- C:\WINDOWS\nview 2007-04-04 20:55:28 114688 -ra------ C:\WINDOWS\system32\sysinfo.dll <Not Verified; Crystal Dew World; SysInfo> 2007-04-04 20:55:27 200704 -ra------ C:\WINDOWS\system32\WinSys.exe <Not Verified; ; DOT Application> 2007-04-04 20:55:27 9728 -ra------ C:\WINDOWS\system32\sysinfoX64.sys 2007-04-04 20:55:27 8192 -ra------ C:\WINDOWS\system32\sysinfo.sys 2007-04-04 20:55:27 69632 -ra------ C:\WINDOWS\system32\sw24.exe 2007-04-04 20:55:27 208896 -ra------ C:\WINDOWS\system32\sw20.exe <Not Verified; ; sw20 Application> 2007-04-04 20:55:27 1445888 -ra------ C:\WINDOWS\system32\msicpl.dll <Not Verified; MSI; MSI MsiCpl> 2007-04-04 20:53:51 0 d-------- C:\Program Files\AMD 2007-04-04 20:52:51 0 d-------- C:\Documents and Settings\Define\Application Data\Macromedia 2007-04-04 20:51:20 40448 -----n--- C:\WINDOWS\system32\ChCfg.exe 2007-04-04 20:51:20 208896 -----n--- C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Update Application for Realtek AC'97> 2007-04-04 20:51:20 139264 -----n--- C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing Tool> 2007-04-04 20:50:50 0 d-------- C:\WINDOWS\system32\ReinstallBackups 2007-04-04 20:50:49 28672 -----n--- C:\WINDOWS\system32\UnLAN.exe 2007-04-04 20:50:49 35587 -----n--- C:\WINDOWS\system32\rmlan.exe <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> 2007-04-04 20:50:49 34307 -----n--- C:\WINDOWS\system32\drivers\Install.EXE <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> 2007-04-04 20:50:49 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-04-04 20:50:47 0 d-------- C:\Program Files\Common Files\InstallShield 2007-04-04 20:50:36 5824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2007-04-04 20:49:52 0 d-------- C:\WINDOWS\system32\appmgmt 2007-04-04 20:41:45 0 d--h----- C:\Documents and Settings\Define\Templates 2007-04-04 20:41:45 0 dr------- C:\Documents and Settings\Define\Start Menu 2007-04-04 20:41:45 0 dr-h----- C:\Documents and Settings\Define\SendTo 2007-04-04 20:41:45 0 d--h----- C:\Documents and Settings\Define\PrintHood 2007-04-04 20:41:45 2621440 --ah----- C:\Documents and Settings\Define\NTUSER.DAT 2007-04-04 20:41:45 0 d--h----- C:\Documents and Settings\Define\NetHood 2007-04-04 20:41:45 0 dr------- C:\Documents and Settings\Define\My Documents 2007-04-04 20:41:45 0 d--h----- C:\Documents and Settings\Define\Local Settings 2007-04-04 20:41:45 0 d-------- C:\Documents and Settings\Define\ff_temp 2007-04-04 20:41:45 0 dr------- C:\Documents and Settings\Define\Favorites 2007-04-04 20:41:45 0 d-------- C:\Documents and Settings\Define\Desktop 2007-04-04 20:41:45 0 d--hs---- C:\Documents and Settings\Define\Cookies 2007-04-04 20:41:45 0 d--h----- C:\Documents and Settings\Define\Application Data 2007-04-04 20:41:45 0 d-------- C:\Documents and Settings\Define\Application Data\Mozilla 2007-04-04 20:41:45 0 d-------- C:\Documents and Settings\Define\7zS1873.tmp 2007-04-04 20:40:46 0 d---s---- C:\WINDOWS\system32\Microsoft 2007-04-04 20:40:46 0 d-------- C:\WINDOWS\Prefetch 2007-04-04 20:40:45 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT 2007-04-04 20:40:45 0 d--h----- C:\Documents and Settings\LocalService\Local Settings 2007-04-04 20:40:45 0 d--hs---- C:\Documents and Settings\LocalService\Cookies 2007-04-04 20:40:45 0 d-------- C:\Documents and Settings\LocalService\Application Data 2007-04-04 20:40:45 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft 2007-04-04 20:40:30 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT 2007-04-04 20:40:30 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings 2007-04-04 20:40:30 0 d---s---- C:\Documents and Settings\NetworkService\Cookies 2007-04-04 20:40:30 0 d-------- C:\Documents and Settings\NetworkService\Application Data 2007-04-04 20:40:30 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft 2007-04-04 20:39:17 262144 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT 2007-04-04 20:38:50 2806 --a------ C:\WINDOWS\mozver.dat 2007-04-04 20:38:49 0 d-------- C:\Documents and Settings\Default User\Application Data\Mozilla 2007-04-04 20:38:44 0 d-------- C:\Documents and Settings\Default User\ff_temp 2007-04-04 20:38:40 0 d-------- C:\Documents and Settings\Default User\7zS1873.tmp 2007-04-04 20:37:53 0 -rahs---- C:\MSDOS.SYS 2007-04-04 20:37:53 0 -rahs---- C:\IO.SYS 2007-04-04 20:37:53 0 --a------ C:\CONFIG.SYS 2007-04-04 20:37:53 0 --a------ C:\AUTOEXEC.BAT 2007-04-04 20:36:59 0 d--hs---- C:\Documents and Settings\All Users\DRM 2007-04-04 20:36:51 0 dr------- C:\WINDOWS\Offline Web Pages 2007-04-04 20:36:51 0 d---s---- C:\WINDOWS\Downloaded Program Files 2007-04-04 20:36:40 0 d--h----- C:\Program Files\WindowsUpdate 2007-04-04 20:36:37 0 d-------- C:\Program Files\Online Services 2007-04-04 20:36:24 0 d-------- C:\WINDOWS\system32\DirectX 2007-04-04 20:35:59 0 d---s---- C:\WINDOWS\Tasks 2007-04-04 20:35:58 0 d-------- C:\Program Files\Common Files\MSSoap 2007-04-04 20:35:55 0 d-------- C:\WINDOWS\system32\Macromed 2007-04-04 20:35:55 0 d-------- C:\WINDOWS\srchasst 2007-04-04 20:35:48 0 d-------- C:\Program Files\Movie Maker 2007-04-04 20:35:42 0 d-------- C:\WINDOWS\system32\Restore 2007-04-04 20:35:09 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-04-04 20:34:58 0 d-------- C:\WINDOWS\Registration 2007-04-04 20:32:47 0 d-------- C:\Program Files\MSN Messenger 2007-04-04 20:32:32 956688 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Calculator Plus> 2007-04-04 20:32:23 342528 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-04-04 20:32:23 0 d-------- C:\Program Files\Windows NT 2007-04-04 20:32:22 753664 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-04-04 20:32:22 420352 --a------ C:\WINDOWS\system32\mstsc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-04-04 20:32:20 0 d-------- C:\WINDOWS\system32\MsDtc 2007-04-04 20:32:19 0 d-------- C:\WINDOWS\system32\Com -- Find3M Report --------------------------------------------------------------- 2007-04-04 21:27:27 62 --ahs---- C:\Documents and Settings\Define\Application Data\desktop.ini -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SoundMan"="SOUNDMAN.EXE" "NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="\"nwiz.exe\" /install" "SW20"="C:\\WINDOWS\\system32\\sw20.exe" "SW24"="C:\\WINDOWS\\system32\\sw24.exe" "NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "CmUsbSound"="RunDll32 cmcnfgu.cpl,CMICtrlWnd" "KernelFaultCheck"="C:\\WINDOWS\\system32\\dumprep 0 -k" "avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "AIM"="\"C:\\Program Files\\AIM\\aim.exe\" -cnetwait.odl" "Steam"="\"d:\\steam\\steam.exe\" -silent" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Uniblue SpeedUpMyPC"="\"C:\\Program Files\\Uniblue\\SpeedUpMyPC\\SpeedUpMyPC.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\ 53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\ 65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\ 79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00 "tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\ 33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "msnsc"="C:\\WINDOWS\\system32\\msnsc.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoRemoteRecursiveEvents"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoInternetIcon"=dword:00000000 "ClearRecentDocsOnExit"=dword:00000001 "NoLowDiskSpaceChecks"=dword:00000001 "NoSaveSettings"=dword:00000000 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoInternetIcon"=dword:00000000 "ClearRecentDocsOnExit"=dword:00000001 "NoLowDiskSpaceChecks"=dword:00000001 "NoSaveSettings"=dword:00000000 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 -- End of Deckard's System Scanner: finished at 2007-05-04 at 15:35:57 --------- Logfile of HijackThis v1.99.1 Scan saved at 3:35:20 PM, on 5/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Documents and Settings\Define\Desktop\dss.exe C:\PROGRA~1\HIJACK~1\Define.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe" O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe |
|
|
|
|
05-05-2007, 06:56 AM
|
#5 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista
|
Re: do this log please
I'm not seeing any malware in these logs. We'll try a general cleaning and try again to get an online scan to complete to see if anything is revealed.
Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. ****************************************************** Download AVG Anti Spyware Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows" 
-------------------------------------------------------------------- Download and install CleanUp! but do not run it yet. (Not Recommended for XP64). (Alternate Link if main link doesn't work - http://www.greyknight17.com/spy/CleanUp.exe ) -------------------------------------------------------------------- Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. 5) Login with your usual account. Make sure to close any open browsers. -------------------------------------------------------------------- *WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location. Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: *Click "Options..." *Move the arrow down to "Custom CleanUp!" *Put a check next to the following:
Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted. -------------------------------------------------------------------- IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess: Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
-------------------------------------------------------------------- Reboot into Normal Mode. -------------------------------------------------------------------- Please perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component.
**Note for Internet Explorer 7 users** If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. -------------------------------------------------------------------- Run a new scan with HijackThis 1.99.1 and save the log. -------------------------------------------------------------------- Please include the following in your next reply: AVG Anti-Spyware results Kaspersky results New HijackThis log |
|
|
|
|
05-05-2007, 03:45 PM
|
#6 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 21
OS: XP
|
Re: do this log please
HERE WE ARE
Logfile of HijackThis v1.99.1 Scan saved at 4:43:24 PM, on 5/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe KASPERSKY ONLINE SCANNER REPORT Saturday, May 05, 2007 4:42:45 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 5/05/2007 Kaspersky Anti-Virus database records: 313671 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ Scan Statistics Total number of scanned objects 40716 Number of viruses found 1 Number of infected objects 1 / 0 Number of suspicious objects 0 Duration of the scan process 00:26:20 Infected Object Name Virus Name Last Action C:\Documents and Settings\Define\Application Data\Webroot\Spy Sweeper\Logs\070505151738.ses Object is locked skipped C:\Documents and Settings\Define\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Define\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Define\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Define\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Define\Local Settings\History\History.IE5\MSHist012007050520070506\index.dat Object is locked skipped C:\Documents and Settings\Define\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Define\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Define\NTUSER.DAT.LOG Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS022541FA-7E52-4D64-8D69-5B08071B75A8.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS051C6491-0E93-4120-AB18-16A3DD234BBA.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0862F97D-7280-44FB-8CE8-023C3EE29D78.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0B515F02-CA16-4997-8719-63B71348CE51.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS108EE3E4-9C4F-4606-A6D8-769208418008.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS10B43AB0-59DE-4770-B465-57E9CA2A305F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS15F04E1D-B4E1-48F3-BC1D-5236F29AD3DE.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1799AF42-176A-417F-8954-E8C902FC1B59.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1856D0D0-837C-4813-A3CD-73C1F86AE96E.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1B56D43C-4675-49A9-A0B8-0204A6AD10DE.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1B8AB53D-A2B5-4690-B35C-C5EA44D90420.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1ED8EE64-8E7E-483D-A1F7-271517CD8BFC.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1FD4CC78-7357-4F73-BFC4-E9927A62077A.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS25F26BDE-0E85-4E20-88B2-DDC2EA88F9E9.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2851515A-56A3-4DA0-81F9-69EE893C1A03.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS32F2819E-3612-45BA-AD7D-8BBFFB1126FC.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3617A4F7-8B29-43BF-9097-C3B23B214316.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3D4ECFF8-5499-432A-BF2B-F2690AF96189.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3E94B1F0-4DB6-4409-B1DC-56DEA58D69A1.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS42C2AA12-3F3E-41BF-B45D-CB5992B58C10.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4A40F5D4-6866-4991-BBF8-0C831643A413.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4C3E4D9D-6A93-4A3B-ACFC-9FB40B8AA381.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS509039C9-BCA6-48D0-9F90-BBCE5F5D732B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS542B3873-31BA-462E-A435-373D8F296E9F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS56BEA1DC-6E78-4150-BDBE-5EFCA5D99B49.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5BBB3F45-37EC-4D8B-9FF6-C10E3C9E1569.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5C1174E7-3854-48BD-9AB5-05EC1E253B78.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5D46C7BA-E364-4E4B-A359-5C895D64F6F1.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5ECCFC5D-02BF-4627-8D9C-D9D6969EFC43.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5F93CAC5-CF8C-40ED-8B77-0CA4D99B9387.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5FA8E103-1867-468E-BA91-08E39DECB6A3.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS600636C6-59FD-4D39-8D65-742FFBF78373.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS60CE4066-6D5F-44A2-877A-CD79DFDF711D.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS62FDB017-E825-4302-8424-4EDF8D825340.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6395786B-BD9F-42EA-B6B3-870ADC153BB6.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS640383BA-D1F5-4D24-8FE1-7D9A5629C2CC.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS650C4A80-D93D-4723-ABFA-D70C57915FFC.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS65FCF9A9-1E65-44A6-8A06-EDE354702BEA.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS65FFC529-B0D7-42F7-BDBE-D29CCC198453.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6B59FE91-F3E5-457B-A746-922D6304C6B3.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6E75D16C-CD12-4342-9206-DF9900DC4986.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6F2220F2-B54F-42CF-9C27-A82E65FFFC53.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS73711AC4-3500-4E2F-931A-A0628E96A8FA.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS76A76369-3CDD-4DA8-AE34-BA1E06412156.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS77E12D94-6FE3-4FC3-BECC-5630813CC446.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7D8D38F6-F9FF-4A44-8A98-89949A72DAD8.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7F6C26FB-A3D4-4E3F-84D4-88BAD6217270.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS834452A8-991E-4793-A89E-C85CC2F0887F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS85AEA911-FFDE-4F73-90A1-E41B6D579B97.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8744157B-75EC-43A4-BDE1-73A8201B5B54.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS88D5B92A-9EB8-4761-9991-6A5570EFFC3C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS896946B4-E936-451F-9020-D2AECA540781.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8D15213C-B779-4380-BC9E-35BA5CEF3BA8.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8D7DD6D0-E271-4F56-BBE2-C0B278C30F02.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8FF828F3-50F3-416E-84BA-B6CDC295E6CF.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS954236D9-3F6F-443B-B9B0-99B5CE1DF4D9.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9694E2E8-A14B-4058-A496-E83E375F832F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS984B34CC-0235-4A58-81DA-55DA976863F9.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9B712EC4-9959-4077-AC78-ADF7F63BCC84.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9F1BC486-47A0-41D3-A762-5B1CD5CD2104.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9F5DFBAF-0D19-4ED9-891F-C550F5DA3FEB.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA0161DCE-061D-4E94-B5CA-59A059DC5CF9.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA16953EE-51AE-4D65-93A4-656DABD5EE3A.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA56A8827-360A-4FA6-A14E-B8A6579CC185.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA5F664A1-2BC8-4FCB-A7DA-1153FFDB8646.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAA45B63F-A1F7-4C2D-99BA-798ADD23BC9B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAAEBD66A-95C2-4198-97F3-08E9D737B224.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAC8A1367-3C0E-4535-81EC-D623C65C90C7.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB2B03978-9AFD-45BF-B49B-A8E4FC1F1430.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB2FD886E-477E-49CE-8CF7-1DEAAF175140.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC40A0B07-3C56-4C6A-A0EC-65A91BA073FD.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC7E07FE6-BD9D-46B8-9865-35E60F6A0F6C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCB737CB3-299A-4AAC-B979-6FAD2E4EFD93.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCCC929B5-A4EE-45B7-AE6F-F52822AC63A8.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDB6AA800-CA4B-41EA-9AB7-1A7E67E797E1.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDC017AC7-0914-43FA-B7D1-A9F756889697.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDC9D2353-F878-48CB-8985-5D41E6DF16E1.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDDBCA34E-09F3-483E-B1BD-E6FAC5816747.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE02A20C4-77F8-45BD-9DE5-E0D6FDF6CE6B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE03DF8DC-0E3D-466A-B524-F32B4F81962B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE2A67843-1DF0-4A88-A3CD-2E03ABB933F9.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE32FCA54-1230-4A3D-BF79-E7D4FC5DC459.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE5990061-8EC9-47C7-ABBC-CDBC38D6A114.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE90CC429-1703-42EC-A12B-ED754C69AEEB.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSED7A172E-FB12-4372-B2B5-A32517779AAA.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEE305425-3703-4D73-98D4-27408B42F261.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF35E249E-889C-4011-A5EC-897C82396630.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF726B010-8FA3-473E-9843-7EDD8852198A.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF8E307E8-B4BA-4221-BAF1-D87633D0B36A.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFA883215-2B27-4DE6-A847-0FA3541B26EA.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFC20B89C-B8F1-466F-B303-ED4534E8C0AF.tmp Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{81ABA7F8-6B90-4B52-803C-B103C110BC38}\RP44\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{E091F34E-BF21-43F2-BC62-6B0CBF8B4EAD}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\System Volume Information\_restore{81ABA7F8-6B90-4B52-803C-B103C110BC38}\RP44\change.log Object is locked skipped Scan process completed. --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 3:15:18 PM 5/5/2007 + Scan result: C:\Documents and Settings\Define\My Documents\download\definecs\Windows Genuine in 5 seconds\Windows Genuine in 5 seconds\Genuine_In_5_sec\Windows Toolkit.zip/windowsxp_keygen.exe -> Trojan.Small.edz : Cleaned with backup (quarantined). ::Report end |
|
|
