|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
03-04-2007, 04:12 PM
|
#21 (permalink) |
|
Registered User
Join Date: Jan 2006
Location: Chi- city
Posts: 91
OS: XP pro sp2
|
Results
ok here's the kaspersky scan log:
------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, March 04, 2007 5:07:08 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 4/03/2007 Kaspersky Anti-Virus database records: 275813 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 44057 Number of viruses found: 1 Number of infected objects: 6 / 0 Number of suspicious objects: 0 Duration of the scan process: 01:14:27 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Admin\Application Data\SlySoft\AnyDVD\AnyDVD.chk Object is locked skipped C:\Documents and Settings\Admin\Application Data\Webroot\Spy Sweeper\Logs\070304125854.ses Object is locked skipped C:\Documents and Settings\Admin\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Admin\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Temp\BCGB.tmp Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Temp\~DFC6FE.tmp Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Admin\ntuser.dat Object is locked skipped C:\Documents and Settings\Admin\NTUSER.DAT.LOG Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0000 Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0001 Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0100 Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0101 Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0200 Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0201 Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0300 Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0301 Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.reph Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.repi Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.rept Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0000 Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0001 Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0100 Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0101 Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0200 Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0201 Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0300 Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0301 Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.reph Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.repi Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.rept Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0000 Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0001 Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0100 Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0101 Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0200 Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0201 Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.reph Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.repi Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.rept Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS000F35D8-EB13-412E-AD90-AF07165D23B3.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS002AD893-E43E-4FD6-9EFE-BB4FDC23E457.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS0080D16D-1F45-486A-8CF8-60D7B65CD35F.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS01CDFAB4-AA55-4F6C-8906-5B319AC1D0CB.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS05C9D2CE-D905-4EC5-BA77-6989C178C400.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS083B574E-8D1E-413F-BE8A-FF3ADD200D24.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS0D986863-06A4-4567-8F99-747AF15FB8DE.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS0E4BCBD0-A8EB-4EE9-91A2-6C88730659F0.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS10DC97F8-41D4-4697-9957-8EE7F7D52F31.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS15FA6124-EEC8-4337-8B94-A1D876E2EC9C.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS201EC072-3F3D-4D3F-811B-ACFD2B926581.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS2488C41F-3F21-4C2F-8F52-BE936202368C.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS28FCE2BA-B22A-4138-AB15-7A40D458561C.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS2AB225EF-FACD-42CE-8A83-09317DD63575.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS2D323687-700A-49F6-99AF-876BB696954D.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS33C4AF34-AB27-4F9D-AECA-C7EB4652445B.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS373F8316-8C8A-47D7-AB51-2F33C93B74CF.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS37A8B58E-CF45-4F4D-9EF5-4C81BBD60672.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS39B309F7-E57C-42C3-8691-091081526E79.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS3EE2726F-FCAB-4D76-9F4A-F4E31365E3DA.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS4414AEE0-5556-47CC-A28A-787EC9D27CEA.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS4555E565-D43B-4991-88FC-280A80ED2B44.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS473A8270-0633-4B57-A3A1-727C882D6AFA.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS47A855A5-DBE5-4D0A-82CC-07AE30660910.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS4ACEA231-C426-4A7D-A3BD-6BFA56D41664.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS52505073-2D4B-455B-89A9-B7649FCF27D3.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS52886A02-7DAC-49C8-BE27-8E452F352B5D.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS5C382A31-CAC0-4FF6-BD62-46FD43CC2E5E.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS5EA918F5-7671-4C25-AC0B-98B45AC2541D.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS615BFC62-3513-47FD-ADC2-F8E8D060AF95.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS6371590D-AE06-4A0D-BA93-5B9A27C36206.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS6AA3CB32-B0B0-4A93-9DCF-5E98D4969EE4.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS6AC1F519-0949-49F5-A36B-678437FC7818.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS6DEA2412-5956-426C-AD34-895DEDB48FD7.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS6EF3EB28-86AB-4D44-A7EB-DB4EFF9EF33F.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS76BEC271-096C-46EC-9B1B-E474188CF323.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS7A40F2FA-7FFF-4F12-814A-4407B493DAA0.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS7D31B7C2-6A20-4BBC-AACF-C6D0E112F26A.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS80805546-2581-477A-8300-956EBF591AF7.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS80D4AF6F-23C5-460D-A879-5B9A75005D7A.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS824D7B37-E97D-4C36-8D96-5F523FD0AD0F.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS881C7E10-7EEC-41E6-B750-B65C54439BFC.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS891B04E8-4E51-4FFD-9698-CE8D6373D741.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS89D46056-C63D-4DB3-A9C7-EEF5EE7D28BF.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS8A0D5AEA-C802-43F0-8BB1-A3AEE65AA925.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS8A8FD53B-A951-4FC2-B2A9-F187E06EFD15.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS8FB147D0-594E-4F1D-9934-4527C1968B16.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS907EEB49-36DA-482D-B159-ED213E87706D.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS91B98809-BD54-41DA-8BBF-C9B1D9588669.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS923FE0B4-E104-4612-A13E-4B740DB07051.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS92605960-A8D6-4B12-92A4-D4EBCCCABD5C.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS92BFD893-C722-4057-A033-AA84F5DC9DB5.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS93D7D0AA-0C99-4284-9D6D-1F9C54471019.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS94BC49E6-7B8F-46EE-BA21-98451A8ABA2D.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS97260C7A-1A70-4DBC-A694-8C6C88E45DAB.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS98C9820B-5E12-448E-BAEE-0BC08C4D0C1F.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS9A0DBF5D-A02A-4F3D-8753-3A7A971850A2.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS9A804AF2-64A1-4B42-8AA9-A184B936E554.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSA1E1F2DA-6E2C-4D4C-B370-66966FCB08CB.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSA25982DB-C15F-4B61-9A04-229809AA46EC.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSA6BD6A47-8B4E-4EE1-BA96-9717DADDCF94.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSABA82E8A-8751-445A-84FD-EB271DA1C38E.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSACACF848-0742-4CD1-8C5C-B5045103E10F.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSB0BE7F42-4C34-40C9-BC6E-52ED7DD53ABA.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSB34BB7D0-26B3-4476-AC8F-C41D397AD91E.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSBE6C9508-67B3-438D-85D0-F2299492F9CD.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSC6661F42-E307-4B61-9BD4-C170567D25B2.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSC6BC058C-ECE8-41C6-9741-C1DB0D0C9330.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSD1DA0FE4-B25E-4DF5-86A3-89446F4CD350.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSD5B09021-C83A-43F1-9405-9B0D50AD9871.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSD61D111E-03A9-4B09-B3F8-9D724481E16D.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSD6DCD233-7411-4457-A80F-5BF80C0E9E4D.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSD7AFABEC-2F8F-4531-B8AC-2EFF3F6BEC9E.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSDC351209-9DDD-4F33-8CAD-8C653C212A7C.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSDC715B47-2E25-4E1A-89F1-4F889FF52EBA.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSDEAA5924-D895-45A9-9DAC-81EDD92CB633.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSDEDA535C-169F-401F-8927-61D91A520909.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSE1F9CBB9-6EF5-4865-BC49-82FD6544BC8C.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSE5640414-EA8B-4D0C-9B11-4C5133D691D0.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSE712B712-D66B-4B99-AAE3-1F0A49089B04.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSEA508645-9A17-4423-B788-3D6231F08059.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSEE15279E-90F9-4015-AC4F-C386B0BEAE92.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSEF24DCE7-4531-4136-BE85-776F794743AF.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSEF366DEF-457D-4703-8D58-8E44A531B5BA.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSF03D264A-E01A-42DB-A7DB-6BC040CFE6BF.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSF81688CB-EE70-4B62-912A-9A059EE37C42.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSF92AB412-32C3-4885-B915-B0AF151F9D79.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSF9EA5922-F7ED-4D42-87E9-FFA9712A30A2.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSFE84DFAD-F285-45E4-98A0-7CC947448EFC.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSFF9E8A7C-1D86-4C75-B8CE-C04D110F2A7A.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSFFE8F2DC-4774-4945-99BA-7BF29FD111EA.tmp Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\applog.log Object is locked skipped C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\pktlog.log Object is locked skipped C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\seclog.log Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{46D322A0-EAC6-45A4-8F05-A822C0EF4FA5}\RP3\A0003297.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{46D322A0-EAC6-45A4-8F05-A822C0EF4FA5}\RP3\A0003311.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{46D322A0-EAC6-45A4-8F05-A822C0EF4FA5}\RP3\A0003311.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{46D322A0-EAC6-45A4-8F05-A822C0EF4FA5}\RP3\A0003311.exe RarSFX: infected - 2 skipped C:\System Volume Information\_restore{46D322A0-EAC6-45A4-8F05-A822C0EF4FA5}\RP3\A0003311.exe PE_Patch.UPX: infected - 2 skipped C:\System Volume Information\_restore{46D322A0-EAC6-45A4-8F05-A822C0EF4FA5}\RP3\A0003315.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{46D322A0-EAC6-45A4-8F05-A822C0EF4FA5}\RP4\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. new comboscan: ComboScan v20070226.18 run by Admin on 2007-03-04 at 17:08:49 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Admin.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 5:09:26 PM, on 3/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SlySoft\AnyDVD\unBlackList.exe C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe C:\Program Files\LexmarkX63\ACMonitor_X63.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Documents and Settings\Admin\Desktop\comboscan.exe C:\DOCUME~1\Admin\Desktop\Admin.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Surf the Web at your own risk! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [RaidTool] "C:\Program Files\VIA\RAID\raid_tool.exe" O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [µnBlackList] "C:\Program Files\SlySoft\AnyDVD\unBlackList.exe" O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134841150578 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- Files created between 2007-02-04 and 2007-03-04 ------------------------------ 2007-03-04 15:45:37 0 d-------- C:\WINDOWS\LastGood 2007-03-02 18:36:39 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1> 2007-03-02 16:40:27 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-03-02 16:40:18 0 d-------- C:\Program Files\Grisoft 2007-02-28 18:10:31 79360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-02-28 18:10:31 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-02-28 18:10:31 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-02-28 18:10:29 40960 --a------ C:\WINDOWS\system32\swsc.exe 2007-02-28 18:10:29 135168 --a------ C:\WINDOWS\system32\swreg.exe 2007-02-28 18:10:26 53248 --a------ C:\WINDOWS\system32\Process.exe 2007-02-27 16:55:53 0 d-------- C:\CloneDVDTemp<CLONED~1> 2007-02-27 16:53:11 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Elaborate Bytes<ELABOR~1> 2007-02-27 16:53:04 0 d-------- C:\Documents and Settings\Admin\Application Data\SlySoft 2007-02-26 18  05 1826 --a------ C:\WINDOWS\system32\tmp.reg2007-02-26 16:49:31 0 d-------- C:\Documents and Settings\Administrator.USER-856C1D9BFD\Application Data\Webroot 2007-02-26 16:47:51 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Webroot 2007-02-26 16:22:59 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-02-26 16:22:59 144448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2007-02-26 16:22:59 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2007-02-26 16:22:59 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys 2007-02-26 16:21:58 0 d-------- C:\Program Files\Webroot 2007-02-26 16:21:58 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot 2007-02-26 16:19:32 0 d-------- C:\Documents and Settings\Admin\Application Data\Webroot 2007-02-19 16:23:55 0 d-------- C:\Program Files\Acoustica Beatcraft<ACOUST~1> 2007-02-19 14:05:40 0 d-------- C:\Documents and Settings\Admin\Application Data\Media Player Classic<MEDIAP~1> 2007-02-19 14:03:57 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1> 2007-02-19 14:03:55 0 d-------- C:\Program Files\Real Alternative<REALAL~1> 2007-02-19 14:03:55 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real 2007-02-19 14:03:55 0 d-------- C:\Documents and Settings\Admin\Application Data\Real 2007-02-19 13:02:12 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound<NCHSWI~1> 2007-02-18 17:29:46 225280 --a------ C:\WINDOWS\system32\rewire.dll 2007-02-18 17:29:46 0 d-------- C:\Program Files\VstPlugins<VSTPLU~1> 2007-02-18 11:57:05 0 d-------- C:\Documents and Settings\Admin\Application Data\NCH Swift Sound<NCHSWI~1> 2007-02-18 11:56:07 0 d-------- C:\Program Files\NCH Swift Sound<NCHSWI~1> 2007-02-16 18:05:41 0 d-------- C:\Documents and Settings\Admin\Application Data\Azureus 2007-02-16 18:05:21 0 d-------- C:\Program Files\Azureus 2007-02-13 20:52:01 86016 --a------ C:\WINDOWS\unvise32.exe 2007-02-12 19:09:44 0 d-------- C:\Program Files\Avi2Dvd 2007-02-07 17:27:19 0 d-------- C:\My Downloads<MYDOWN~1> 2007-02-04 20:13:26 126976 --a------ C:\WINDOWS\system32\iavlsp.dll 2007-02-04 19:59:32 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP -- Find3M Report ---------------------------------------------------------------- 2007-03-02 21:19:20 0 d-------- C:\Program Files\Java 2007-03-02 20:27:22 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1> 2007-03-01 18:13:56 0 d-------- C:\Program Files\Yahoo! 2007-03-01 18:13:25 0 d-------- C:\Program Files\XviD 2007-03-01 18:13:15 0 d-------- C:\Program Files\Windows NT<WINDOW~1> 2007-03-01 18:13:09 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4> 2007-03-01 18:12:35 0 d-------- C:\Program Files\SuperTux 2007-03-01 18:10:04 0 d-------- C:\Program Files\SBC Self Support Tool<SBCSEL~1> 2007-03-01 18:09:53 0 d-------- C:\Program Files\Realtek AC97<REALTE~2> 2007-03-01 18:09:38 0 d-------- C:\Program Files\Online Services<ONLINE~1> 2007-03-01 18:09:38 0 d-------- C:\Program Files\OfficeUpdate11<OFFICE~1> 2007-03-01 18:09:00 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1> 2007-03-01 18:04:40 0 d-------- C:\Program Files\Microsoft ActiveSync<MICROS~3> 2007-03-01 18:04:39 0 d-------- C:\Program Files\Messenger<MESSEN~1> 2007-03-01 18:04:36 0 d-------- C:\Program Files\LimeWire 2007-03-01 18:04:25 0 d-------- C:\Program Files\LexmarkX63<LEXMAR~1> 2007-03-01 18:00:49 0 d-------- C:\Program Files\Hijackthis<HIJACK~1> 2007-03-01 18:00:35 0 d-------- C:\Program Files\DVD Shrink<DVDSHR~1> 2007-03-01 18:00:34 0 d-------- C:\Program Files\DVD Decrypter<DVDDEC~1> 2007-03-01 18:00:33 0 d-------- C:\Program Files\DV TS<DVTS~1> 2007-03-01 18:00:27 0 d-------- C:\Program Files\DivX 2007-03-01 18:00:18 0 d-------- C:\Program Files\DAMN NFO Viewer<DAMNNF~1> 2007-03-01 17:56:36 0 d-------- C:\Program Files\Common Files\Motive 2007-03-01 17:55:24 0 d-------- C:\Program Files\Common Files\Kaspersky Lab<KASPER~1> 2007-03-01 17:54:55 0 d-------- C:\Program Files\CCleaner 2007-03-01 17:53:54 0 d-------- C:\Program Files\AvRack 2007-03-01 17:53:53 0 d-------- C:\Program Files\AviSynth 2.5<AVISYN~1.5> 2007-03-01 17:52:38 0 d-------- C:\Program Files\AOD 2007-03-01 17:52:37 0 d-------- C:\Program Files\AIM6 2007-03-01 17:51:20 0 d-------- C:\Program Files\AIM 2007-03-01 17:50:59 0 d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter<ACE-HI~1> 2007-03-01 17:31:37 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent 2007-03-01 17:31:33 0 d-------- C:\Documents and Settings\Admin\Application Data\MSNInstaller<MSNINS~1> 2007-03-01 17:31:33 0 d-------- C:\Documents and Settings\Admin\Application Data\Mozilla 2007-03-01 17:31:05 0 d-------- C:\Documents and Settings\Admin\Application Data\LimeWire 2007-03-01 17:30:33 0 d-------- C:\Documents and Settings\Admin\Application Data\AdobeUM 2007-02-23 16:43:28 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-02-18 18:19:23 56314 --a------ C:\Documents and Settings\Admin\Application Data\speech.wav 2007-02-03 15:14:24 335 --a------ C:\WINDOWS\mozregistry.dat<MOZREG~1.DAT> 2007-02-02 21:30:31 0 d-------- C:\Program Files\Common Files\SWF Studio<SWFSTU~1> 2007-01-29 02:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe 2007-01-21 19:47:39 0 d-------- C:\Program Files\Elaborate Bytes<ELABOR~1> 2007-01-21 19:46:31 0 d-------- C:\Program Files\SlySoft 2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll 2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL> 2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll 2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll 2007-01-08 19:38:04 0 d---s---- C:\Documents and Settings\Admin\Application Data\Microsoft<MICROS~1> 2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll 2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll 2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll 2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll 2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll 2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll 2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll 2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll 2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll 2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll 2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe 2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-12-19 15:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-19 12:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll 2006-12-13 14:24:42 89296 --a------ C:\WINDOWS\system32\ElbyCDIO.dll 2006-12-12 14:15:08 845312 --a------ C:\WINDOWS\system32\Smab.dll -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "µnBlackList"="\"C:\\Program Files\\SlySoft\\AnyDVD\\unBlackList.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "RaidTool"="\"C:\\Program Files\\VIA\\RAID\\raid_tool.exe\"" "KAVPersonal50"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe\" /minimize" "PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe" "lxamsp32.exe"="lxamsp32.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Monitor.lnk] "backup"="C:\\WINDOWS\\pss\\Monitor.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\ArcSoft\\MEDIAC~1\\MCCMON~1.EXE -r" "item"="Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="aim" "hkey"="HKCU" "command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLSoftware" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Language" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexStart] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mavenapp://maven.net/nike/jogatv] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NikeJogaTV" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DRIVES~1" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "inimapping"="0" "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SMSystemAnalyzer" "hkey"="HKCU" "command"="\"C:\\Program Files\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swdoctor" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeUpdateManager" "hkey"="HKCU" "command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ViewMgr" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="C:\\Program Files\\Winamp\\winampa.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="1" "hkey"="HKCU" "command"="1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{C47A9554-195A-4769-9B13-04F15B450A39}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G] Shell\AutoRun\command G:\LaunchU3.exe -a [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac442ae2-864e-11db-82f5-00508d79493f}] Shell\AutoRun\command G:\LaunchU3.exe -a -- End of ComboScan: finished at 2007-03-04 at 17:10:16 ------------------------- |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
03-05-2007, 11:00 AM
|
#22 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,844
OS: WinXP and Vista
|
Disable SpySweeper and run the regfix again please. Let me know if you encountered any problems in running it.
Run ComboScan once again and post the log here. |
|
|
|
|
03-05-2007, 12:10 PM
|
#23 (permalink) |
|
Registered User
Join Date: Jan 2006
Location: Chi- city
Posts: 91
OS: XP pro sp2
|
ok here's the new combo scan:
ComboScan v20070226.18 run by Admin on 2007-03-05 at 13:07:48 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Admin.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 1:08:01 PM, on 3/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SlySoft\AnyDVD\unBlackList.exe C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe C:\Program Files\LexmarkX63\ACMonitor_X63.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Documents and Settings\Admin\Desktop\comboscan.exe C:\DOCUME~1\Admin\Desktop\Admin.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Surf the Web at your own risk! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [RaidTool] "C:\Program Files\VIA\RAID\raid_tool.exe" O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [µnBlackList] "C:\Program Files\SlySoft\AnyDVD\unBlackList.exe" O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134841150578 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- Files created between 2007-02-05 and 2007-03-05 ------------------------------ 2007-03-04 15:45:37 0 d-------- C:\WINDOWS\LastGood 2007-03-02 18:36:39 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1> 2007-03-02 16:40:27 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-03-02 16:40:18 0 d-------- C:\Program Files\Grisoft 2007-02-28 18:10:31 79360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-02-28 18:10:31 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-02-28 18:10:31 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-02-28 18:10:29 40960 --a------ C:\WINDOWS\system32\swsc.exe 2007-02-28 18:10:29 135168 --a------ C:\WINDOWS\system32\swreg.exe 2007-02-28 18:10:26 53248 --a------ C:\WINDOWS\system32\Process.exe 2007-02-27 16:55:53 0 d-------- C:\CloneDVDTemp<CLONED~1> 2007-02-27 16:53:11 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Elaborate Bytes<ELABOR~1> 2007-02-27 16:53:04 0 d-------- C:\Documents and Settings\Admin\Application Data\SlySoft 2007-02-26 18 05 1826 --a------ C:\WINDOWS\system32\tmp.reg2007-02-26 16:49:31 0 d-------- C:\Documents and Settings\Administrator.USER-856C1D9BFD\Application Data\Webroot 2007-02-26 16:47:51 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Webroot 2007-02-26 16:22:59 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-02-26 16:22:59 144448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2007-02-26 16:22:59 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2007-02-26 16:22:59 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys 2007-02-26 16:21:58 0 d-------- C:\Program Files\Webroot 2007-02-26 16:21:58 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot 2007-02-26 16:19:32 0 d-------- C:\Documents and Settings\Admin\Application Data\Webroot 2007-02-19 16:23:55 0 d-------- C:\Program Files\Acoustica Beatcraft<ACOUST~1> 2007-02-19 14:05:40 0 d-------- C:\Documents and Settings\Admin\Application Data\Media Player Classic<MEDIAP~1> 2007-02-19 14:03:57 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1> 2007-02-19 14:03:55 0 d-------- C:\Program Files\Real Alternative<REALAL~1> 2007-02-19 14:03:55 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real 2007-02-19 14:03:55 0 d-------- C:\Documents and Settings\Admin\Application Data\Real 2007-02-19 13:02:12 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound<NCHSWI~1> 2007-02-18 17:29:46 225280 --a------ C:\WINDOWS\system32\rewire.dll 2007-02-18 17:29:46 0 d-------- C:\Program Files\VstPlugins<VSTPLU~1> 2007-02-18 11:57:05 0 d-------- C:\Documents and Settings\Admin\Application Data\NCH Swift Sound<NCHSWI~1> 2007-02-18 11:56:07 0 d-------- C:\Program Files\NCH Swift Sound<NCHSWI~1> 2007-02-16 18:05:41 0 d-------- C:\Documents and Settings\Admin\Application Data\Azureus 2007-02-16 18:05:21 0 d-------- C:\Program Files\Azureus 2007-02-13 20:52:01 86016 --a------ C:\WINDOWS\unvise32.exe 2007-02-12 19:09:44 0 d-------- C:\Program Files\Avi2Dvd 2007-02-07 17:27:19 0 d-------- C:\My Downloads<MYDOWN~1> -- Find3M Report ---------------------------------------------------------------- 2007-03-02 21:19:20 0 d-------- C:\Program Files\Java 2007-03-02 20:27:22 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1> 2007-03-01 18:13:56 0 d-------- C:\Program Files\Yahoo! 2007-03-01 18:13:25 0 d-------- C:\Program Files\XviD 2007-03-01 18:13:15 0 d-------- C:\Program Files\Windows NT<WINDOW~1> 2007-03-01 18:13:09 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4> 2007-03-01 18:12:35 0 d-------- C:\Program Files\SuperTux 2007-03-01 18:10:04 0 d-------- C:\Program Files\SBC Self Support Tool<SBCSEL~1> 2007-03-01 18:09:53 0 d-------- C:\Program Files\Realtek AC97<REALTE~2> 2007-03-01 18:09:38 0 d-------- C:\Program Files\Online Services<ONLINE~1> 2007-03-01 18:09:38 0 d-------- C:\Program Files\OfficeUpdate11<OFFICE~1> 2007-03-01 18:09:00 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1> 2007-03-01 18:04:40 0 d-------- C:\Program Files\Microsoft ActiveSync<MICROS~3> 2007-03-01 18:04:39 0 d-------- C:\Program Files\Messenger<MESSEN~1> 2007-03-01 18:04:36 0 d-------- C:\Program Files\LimeWire 2007-03-01 18:04:25 0 d-------- C:\Program Files\LexmarkX63<LEXMAR~1> 2007-03-01 18:00:49 0 d-------- C:\Program Files\Hijackthis<HIJACK~1> 2007-03-01 18:00:35 0 d-------- C:\Program Files\DVD Shrink<DVDSHR~1> 2007-03-01 18:00:34 0 d-------- C:\Program Files\DVD Decrypter<DVDDEC~1> 2007-03-01 18:00:33 0 d-------- C:\Program Files\DV TS<DVTS~1> 2007-03-01 18:00:27 0 d-------- C:\Program Files\DivX 2007-03-01 18:00:18 0 d-------- C:\Program Files\DAMN NFO Viewer<DAMNNF~1> 2007-03-01 17:56:36 0 d-------- C:\Program Files\Common Files\Motive 2007-03-01 17:55:24 0 d-------- C:\Program Files\Common Files\Kaspersky Lab<KASPER~1> 2007-03-01 17:54:55 0 d-------- C:\Program Files\CCleaner 2007-03-01 17:53:54 0 d-------- C:\Program Files\AvRack 2007-03-01 17:53:53 0 d-------- C:\Program Files\AviSynth 2.5<AVISYN~1.5> 2007-03-01 17:52:38 0 d-------- C:\Program Files\AOD 2007-03-01 17:52:37 0 d-------- C:\Program Files\AIM6 2007-03-01 17:51:20 0 d-------- C:\Program Files\AIM 2007-03-01 17:50:59 0 d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter<ACE-HI~1> 2007-03-01 17:31:37 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent 2007-03-01 17:31:33 0 d-------- C:\Documents and Settings\Admin\Application Data\MSNInstaller<MSNINS~1> 2007-03-01 17:31:33 0 d-------- C:\Documents and Settings\Admin\Application Data\Mozilla 2007-03-01 17:31:05 0 d-------- C:\Documents and Settings\Admin\Application Data\LimeWire 2007-03-01 17:30:33 0 d-------- C:\Documents and Settings\Admin\Application Data\AdobeUM 2007-02-23 16:43:28 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-02-18 18:19:23 56314 --a------ C:\Documents and Settings\Admin\Application Data\speech.wav 2007-02-03 15:14:24 335 --a------ C:\WINDOWS\mozregistry.dat<MOZREG~1.DAT> 2007-02-02 21:30:31 0 d-------- C:\Program Files\Common Files\SWF Studio<SWFSTU~1> 2007-01-29 02:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe 2007-01-21 19:47:39 0 d-------- C:\Program Files\Elaborate Bytes<ELABOR~1> 2007-01-21 19:46:31 0 d-------- C:\Program Files\SlySoft 2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll 2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL> 2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll 2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll 2007-01-08 19:38:04 0 d---s---- C:\Documents and Settings\Admin\Application Data\Microsoft<MICROS~1> 2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll 2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll 2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll 2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll 2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll 2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll 2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll 2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll 2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll 2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll 2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe 2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-12-27 10:46:06 126976 --a------ C:\WINDOWS\system32\iavlsp.dll 2006-12-19 15:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-19 12:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll 2006-12-13 14:24:42 89296 --a------ C:\WINDOWS\system32\ElbyCDIO.dll 2006-12-12 14:15:08 845312 --a------ C:\WINDOWS\system32\Smab.dll -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "µnBlackList"="\"C:\\Program Files\\SlySoft\\AnyDVD\\unBlackList.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "RaidTool"="\"C:\\Program Files\\VIA\\RAID\\raid_tool.exe\"" "KAVPersonal50"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe\" /minimize" "PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe" "lxamsp32.exe"="lxamsp32.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Monitor.lnk] "backup"="C:\\WINDOWS\\pss\\Monitor.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\ArcSoft\\MEDIAC~1\\MCCMON~1.EXE -r" "item"="Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="aim" "hkey"="HKCU" "command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLSoftware" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Language" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexStart] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mavenapp://maven.net/nike/jogatv] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NikeJogaTV" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DRIVES~1" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "inimapping"="0" "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SMSystemAnalyzer" "hkey"="HKCU" "command"="\"C:\\Program Files\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swdoctor" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeUpdateManager" "hkey"="HKCU" "command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ViewMgr" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="C:\\Program Files\\Winamp\\winampa.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="1" "hkey"="HKCU" "command"="1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{C47A9554-195A-4769-9B13-04F15B450A39}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G] Shell\AutoRun\command G:\LaunchU3.exe -a [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac442ae2-864e-11db-82f5-00508d79493f}] Shell\AutoRun\command G:\LaunchU3.exe -a -- End of ComboScan: finished at 2007-03-05 at 13:08:41 ------------------------- |
|
|
|
|
03-05-2007, 07:33 PM
|
#24 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,844
OS: WinXP and Vista
|
This entry we've been trying to fix with the regfix is still present on your system--did you have any trouble with the refix?
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{C47A9554-195A-4769-9B13-04F15B450A39}"="" Download Combofix and save it to your desktop. **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- Close any open browsers. -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall Post the ComboFix.txt in your next reply. |
|
|
|
|
03-06-2007, 08:28 AM
|
#25 (permalink) |
|
Registered User
Join Date: Jan 2006
Location: Chi- city
Posts: 91
OS: XP pro sp2
|
i didn't have problems with the regfix. i thought it worked. here is the combofix
"Admin" - 07-03-06 9:22:41 Service Pack 2 ComboFix 07-03-05.2_PreRelease - Running from: "C:\Documents and Settings\Admin\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\hosts ((((((((((((((((((((((((((((((( Files Created from 2007-02-06 to 2007-03-06 )))))))))))))))))))))))))))))))))) 2007-03-06 08:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SlySoft 2007-03-06 08:30 <DIR> d-------- C:\Program Files\AC3Filter 2007-03-06 08:19 <DIR> d-------- C:\Program Files\GSpot 2007-03-05 18:23 <DIR> d-------- C:\Program Files\PeerGuardian2 2007-03-05 17:09 86,016 --a------ C:\WINDOWS\unvise32.exe 2007-03-02 18:36 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-03-02 16:40 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-02-28 18:10 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-02-28 18:10 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-02-28 18:10 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-02-28 18:10 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2007-02-28 18:10 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-02-28 18:10 135,168 --a------ C:\WINDOWS\system32\swreg.exe 2007-02-28 17:05 86,016 --a------ C:\WINDOWS\system32\ElbyCDIO.dll 2007-02-28 14:56 15,440 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys 2007-02-27 16:55 <DIR> d-------- C:\CloneDVDTemp 2007-02-27 16:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Elaborate Bytes 2007-02-27 16:53 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\SlySoft 2007-02-26 18:06 1,826 --a------ C:\WINDOWS\system32\tmp.reg 2007-02-26 17:57 281,652 --ahs---- C:\WINDOWS\system32\vtsqp.dll.vir 2007-02-26 16:49 <DIR> d-------- C:\DOCUME~1\ADMINI~1.USE\APPLIC~1\Webroot 2007-02-26 16:47 <DIR> d-------- C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\Webroot 2007-02-26 16:22 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2007-02-26 16:22 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-02-26 16:22 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys 2007-02-26 16:22 144,448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2007-02-26 16:21 <DIR> d-------- C:\Program Files\Webroot 2007-02-26 16:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Webroot 2007-02-26 16:19 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Webroot 2007-02-19 16:23 <DIR> d-------- C:\Program Files\Acoustica Beatcraft 2007-02-19 14:05 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Media Player Classic 2007-02-19 14:03 <DIR> d-------- C:\Program Files\Real Alternative 2007-02-19 14:03 <DIR> d-------- C:\Program Files\Media Player Classic 2007-02-19 14:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Real 2007-02-19 14:03 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Real 2007-02-19 13:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\NCH Swift Sound 2007-02-18 17:29 225,280 --a------ C:\WINDOWS\system32\rewire.dll 2007-02-18 17:29 <DIR> d-------- C:\Program Files\VstPlugins 2007-02-18 11:57 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\NCH Swift Sound 2007-02-18 11:56 <DIR> d-------- C:\Program Files\NCH Swift Sound 2007-02-16 18:05 <DIR> d-------- C:\Program Files\Azureus 2007-02-16 18:05 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Azureus 2007-02-12 19:09 <DIR> d-------- C:\Program Files\Avi2Dvd 2007-02-07 17:27 <DIR> d-------- C:\My Downloads (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-06 09:02 -------- d-------- C:\DOCUME~1\Admin\APPLIC~1\limewire 2007-03-05 20:07 -------- d-------- C:\Program Files\avisynth 2.5 2007-03-05 17:09 -------- d-------- C:\Program Files\lexmarkx63 2007-03-02 21:19 -------- d-------- C:\Program Files\java 2007-03-01 18:13 -------- d-------- C:\Program Files\yahoo! 2007-03-01 18:13 -------- d-------- C:\Program Files\xvid 2007-03-01 18:13 -------- d-------- C:\Program Files\windows nt 2007-03-01 18:13 -------- d-------- C:\Program Files\windows media connect 2 2007-03-01 18:12 -------- d-------- C:\Program Files\supertux 2007-03-01 18:10 -------- d-------- C:\Program Files\sbc self support tool 2007-03-01 18:09 -------- d-------- C:\Program Files\realtek ac97 2007-03-01 18:09 -------- d-------- C:\Program Files\online services 2007-03-01 18:09 -------- d-------- C:\Program Files\officeupdate11 2007-03-01 18:09 -------- d-------- C:\Program Files\movie maker 2007-03-01 18:04 -------- d-------- C:\Program Files\microsoft activesync 2007-03-01 18:04 -------- d-------- C:\Program Files\messenger 2007-03-01 18:04 -------- d-------- C:\Program Files\limewire 2007-03-01 18:00 -------- d-------- C:\Program Files\dvd shrink 2007-03-01 18:00 -------- d-------- C:\Program Files\dvd decrypter 2007-03-01 18:00 -------- d-------- C:\Program Files\dv ts 2007-03-01 18:00 -------- d-------- C:\Program Files\divx 2007-03-01 18:00 -------- d-------- C:\Program Files\damn nfo viewer 2007-03-01 17:56 -------- d-------- C:\Program Files\Common Files\motive 2007-03-01 17:55 -------- d-------- C:\Program Files\Common Files\kaspersky lab 2007-03-01 17:54 -------- d-------- C:\Program Files\ccleaner 2007-03-01 17:53 -------- d-------- C:\Program Files\avrack 2007-03-01 17:52 -------- d-------- C:\Program Files\aod 2007-03-01 17:52 -------- d-------- C:\Program Files\aim6 2007-03-01 17:51 -------- d-------- C:\Program Files\aim 2007-03-01 17:50 -------- d-------- C:\Program Files\ace-high mp3 wav wma ogg converter 2007-03-01 17:31 -------- d-------- C:\DOCUME~1\Admin\APPLIC~1\utorrent 2007-03-01 17:31 -------- d-------- C:\DOCUME~1\Admin\APPLIC~1\msninstaller 2007-03-01 17:31 -------- d-------- C:\DOCUME~1\Admin\APPLIC~1\mozilla 2007-03-01 17:30 -------- d-------- C:\DOCUME~1\Admin\APPLIC~1\adobeum 2007-02-23 16:43 -------- d--h----- C:\Program Files\installshield installation information 2007-02-18 18:19 56314 --a------ C:\DOCUME~1\Admin\APPLIC~1\speech.wav 2007-02-03 15:14 335 --a------ C:\WINDOWS\mozregistry.dat 2007-02-02 21:30 -------- d-------- C:\Program Files\Common Files\swf studio 2007-01-21 19:47 -------- d-------- C:\Program Files\elaborate bytes 2007-01-21 19:46 -------- d-------- C:\Program Files\slysoft 2007-01-08 19:38 -------- d---s---- C:\DOCUME~1\Admin\APPLIC~1\microsoft 2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll 2006-12-27 10:46 126976 --a------ C:\WINDOWS\system32\iavlsp.dll 2006-12-12 14:15 845312 --a------ C:\WINDOWS\system32\smab.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "µnBlackList"="C:\\Program Files\\SlySoft\\AnyDVD\\unBlackList.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "RaidTool"="\"C:\\Program Files\\VIA\\RAID\\raid_tool.exe\"" "KAVPersonal50"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe\" /minimize" "PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "LexStart"="" "lxamsp32.exe"="lxamsp32.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Monitor.lnk] "backup"="C:\\WINDOWS\\pss\\Monitor.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\ArcSoft\\MEDIAC~1\\MCCMON~1.EXE -r" "item"="Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="aim" "hkey"="HKCU" "command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLSoftware" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Language" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexStart] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mavenapp://maven.net/nike/jogatv] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NikeJogaTV" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DRIVES~1" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "inimapping"="0" "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SMSystemAnalyzer" "hkey"="HKCU" "command"="\"C:\\Program Files\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swdoctor" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeUpdateManager" "hkey"="HKCU" "command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ViewMgr" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="C:\\Program Files\\Winamp\\winampa.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="1" "hkey"="HKCU" "command"="1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{C47A9554-195A-4769-9B13-04F15B450A39}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G] Shell\AutoRun\command G:\LaunchU3.exe -a [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac442ae2-864e-11db-82f5-00508d79493f}] Shell\AutoRun\command G:\LaunchU3.exe -a Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Disk Cleanup.job ******************************************************************** catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-03-06 9:25:59 |
|
|
|
|
03-06-2007, 10:09 AM
|
#26 (permalink) |
|
Registered User
Join Date: Jan 2006
Location: Chi- city
Posts: 91
OS: XP pro sp2
|
all this "fxing" has really messed up my system . i can't unistall some programs in remove/add, it tells me that there's an error loading a module,and that's there a problem with ctor.dll also i lost sound when trying to play DivX movies i haven't done anything on my pc besdies following your directions. what should i do.
|
|
|
|
|
03-06-2007, 10:23 AM
|
#27 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,844
OS: WinXP and Vista
|
The only fixing I've had you do is with direct Vundo related files and reg entry. You performed a lot of 'fixing' on your own prior to, and earlier in this thread.
What programs are you trying to uninstall? When is the last time you noticed that the sound was working? |
|
|
|
|
03-06-2007, 11:19 AM
|
#28 (permalink) |
|
Registered User
Join Date: Jan 2006
Location: Chi- city
Posts: 91
OS: XP pro sp2
|
well the sound i figured it out i guess i was missing a codec or it got deleted. i installed k lite pack as for unistalling programs like powerdvd won't unistall. something about a ctor.dll andi never mess up with dll's. i wonder is it was due to a scan. it's not a big issue. i can go on with out that for a while. i don't have anything i want to uninstall anymore really. i just want this trojan and stuff gone and free.
|
|
|
|
|
03-07-2007, 08:31 AM
|
#29 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,844
OS: WinXP and Vista
|
I'm going to send you in to get that registry entry:
Click START…RUN…Type in regedit. Make sure just "My Computer" is showing in the left pane and click..FILE….EXPORT…and save a copy some were in case you make a mistake.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{C47A9554-195A-4769-9B13-04F15B450A39}"= If the above registry keys are giving you problems deleting:
--------------------------------------------------------- Run ComboScan.exe again and post the log here. You may want to inquire in the Windows XP section regarding your issue with PowerDVD. |
|
|
|
|
03-07-2007, 04:59 PM
|
#30 (permalink) |
|
Registered User
Join Date: Jan 2006
Location: Chi- city
Posts: 91
OS: XP pro sp2
|
ok i will ask xp support but not that worried. here's the new comboscan
ComboScan v20070226.18 run by Admin on 2007-03-07 at 17:51:40 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Admin.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 5:52:12 PM, on 3/7/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\system32\lxamsp32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SlySoft\AnyDVD\unBlackList.exe C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe C:\Program Files\LexmarkX63\ACMonitor_X63.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Admin\Desktop\comboscan.exe C:\DOCUME~1\Admin\Desktop\Admin.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Surf the Web at your own risk! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [RaidTool] "C:\Program Files\VIA\RAID\raid_tool.exe" O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [µnBlackList] C:\Program Files\SlySoft\AnyDVD\unBlackList.exe O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134841150578 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- Files created between 2007-02-07 and 2007-03-07 ------------------------------ 2007-03-07 17:34:42 0 d-------- C:\67cfc01b9e32565b413cd04e0597a3a5<67CFC0~1> 2007-03-06 20:29:34 34308 --a------ C:\WINDOWS\system32\Chip.dll 2007-03-06 20:28:17 0 d-------- C:\Program Files\Super Internet TV<SUPERI~1> 2007-03-06 20:24:16 53760 --a------ C:\WINDOWS\system32\Squeeze.dll 2007-03-06 19:32:11 0 d-------- C:\Program Files\SatelliteTVforPC<SATELL~1> 2007-03-06 19:05:26 0 d-------- C:\Program Files\MSBuild 2007-03-06 18:59:25 0 d-------- C:\WINDOWS\system32\XPSViewer<XPSVIE~1> 2007-03-06 18:58:10 0 d-------- C:\Program Files\Reference Assemblies<REFERE~1> 2007-03-06 18:57:14 14048 -----n--- C:\WINDOWS\system32\spmsg2.dll 2007-03-06 11:11:37 1565480 --a------ C:\WINDOWS\system32\wmv9vcm.dll 2007-03-06 11:11:36 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-03-06 11:11:36 765952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-03-06 11:11:33 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-03-06 11:11:26 0 d-------- C:\Program Files\K-Lite Codec Pack<K-LITE~1> 2007-03-06 09:49:58 0 d-------- C:\Documents and Settings\Admin\Application Data\DivX 2007-03-06 08:38:50 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft 2007-03-05 18:23:34 0 d-------- C:\Program Files\PeerGuardian2<PEERGU~1> 2007-03-05 17:09:29 86016 --a------ C:\WINDOWS\unvise32.exe 2007-03-02 18:36:39 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1> 2007-03-02 16:40:18 0 d-------- C:\Program Files\Grisoft 2007-02-28 18:10:31 79360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-02-28 18:10:31 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-02-28 18:10:31 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-02-28 18:10:29 40960 --a------ C:\WINDOWS\system32\swsc.exe 2007-02-28 18:10:29 135168 --a------ C:\WINDOWS\system32\swreg.exe 2007-02-28 18:10:26 53248 --a------ C:\WINDOWS\system32\Process.exe 2007-02-28 17:05:26 86016 --a------ C:\WINDOWS\system32\ElbyCDIO.dll 2007-02-28 14:56:07 15440 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys 2007-02-27 16:55:53 0 d-------- C:\CloneDVDTemp<CLONED~1> 2007-02-27 16:53:11 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Elaborate Bytes<ELABOR~1> 2007-02-27 16:53:04 0 d-------- C:\Documents and Settings\Admin\Application Data\SlySoft 2007-02-26 18 05 1826 --a------ C:\WINDOWS\system32\tmp.reg2007-02-26 16:49:31 0 d-------- C:\Documents and Settings\Administrator.USER-856C1D9BFD\Application Data\Webroot 2007-02-26 16:47:51 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Webroot 2007-02-26 16:22:59 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-02-26 16:22:59 144448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2007-02-26 16:22:59 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2007-02-26 16:22:59 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys 2007-02-26 16:21:58 0 d-------- C:\Program Files\Webroot 2007-02-26 16:21:58 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot 2007-02-26 16:19:32 0 d-------- C:\Documents and Settings\Admin\Application Data\Webroot 2007-02-22 22:29:58 524288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-02-22 22:29:56 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-02-22 22:29:49 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-02-22 22:29:49 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-02-22 22:25:24 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-02-22 22:25:24 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-02-22 22:25:23 53248 --a----c- C:\WINDOWS\system32\dpuGUI10.dll 2007-02-22 22:25:22 57344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-02-22 22:25:22 344064 --a----c- C:\WINDOWS\system32\dpus11.dll 2007-02-22 22:25:22 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-02-22 22:25:22 294912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-02-22 22:25:22 294912 --a----c- C:\WINDOWS\system32\dpu10.dll 2007-02-22 22:25:19 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL> 2007-02-22 22:25:19 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL> 2007-02-22 22:25:19 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL> 2007-02-22 22:25:19 639066 --a------ C:\WINDOWS\system32\DivX.dll 2007-02-19 16:23:55 0 d-------- C:\Program Files\Acoustica Beatcraft<ACOUST~1> 2007-02-19 14:05:40 0 d-------- C:\Documents and Settings\Admin\Application Data\Media Player Classic<MEDIAP~1> 2007-02-19 14:03:57 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1> 2007-02-19 14:03:55 0 d-------- C:\Program Files\Real Alternative<REALAL~1> 2007-02-19 14:03:55 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real 2007-02-19 14:03:55 0 d-------- C:\Documents and Settings\Admin\Application Data\Real 2007-02-19 13:02:12 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound<NCHSWI~1> 2007-02-18 17:29:46 225280 --a------ C:\WINDOWS\system32\rewire.dll 2007-02-18 17:29:46 0 d-------- C:\Program Files\VstPlugins<VSTPLU~1> 2007-02-18 11:57:05 0 d-------- C:\Documents and Settings\Admin\Application Data\NCH Swift Sound<NCHSWI~1> 2007-02-18 11:56:07 0 d-------- C:\Program Files\NCH Swift Sound<NCHSWI~1> 2007-02-16 18:05:41 0 d-------- C:\Documents and Settings\Admin\Application Data\Azureus 2007-02-16 18:05:21 0 d-------- C:\Program Files\Azureus 2007-02-15 19:40:35 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE> 2007-02-12 19:09:44 0 d-------- C:\Program Files\Avi2Dvd 2007-02-07 17:27:19 0 d-------- C:\My Downloads<MYDOWN~1> -- Find3M Report ---------------------------------------------------------------- 2007-03-06 10:57:10 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1> 2007-03-06 10:57:06 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-03-06 10:57:06 0 d-------- C:\Program Files\ArcSoft 2007-03-06 09:55:49 0 d-------- C:\Program Files\DivX 2007-03-06 09:02:39 0 d-------- C:\Documents and Settings\Admin\Application Data\LimeWire 2007-03-05 20:07:58 0 d-------- C:\Program Files\AviSynth 2.5<AVISYN~1.5> 2007-03-05 17:09:29 0 d-------- C:\Program Files\LexmarkX63<LEXMAR~1> 2007-03-02 21:19:20 0 d-------- C:\Program Files\Java 2007-03-02 20:27:22 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1> 2007-03-01 18:13:56 0 d-------- C:\Program Files\Yahoo! 2007-03-01 18:13:15 0 d-------- C:\Program Files\Windows NT<WINDOW~1> 2007-03-01 18:13:09 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4> 2007-03-01 18:12:35 0 d-------- C:\Program Files\SuperTux 2007-03-01 18:10:04 0 d-------- C:\Program Files\SBC Self Support Tool<SBCSEL~1> 2007-03-01 18:09:53 0 d-------- C:\Program Files\Realtek AC97<REALTE~2> 2007-03-01 18:09:38 0 d-------- C:\Program Files\Online Services<ONLINE~1> 2007-03-01 18:09:38 0 d-------- C:\Program Files\OfficeUpdate11<OFFICE~1> 2007-03-01 18:09:00 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1> 2007-03-01 18:04:40 0 d-------- C:\Program Files\Microsoft ActiveSync<MICROS~3> 2007-03-01 18:04:39 0 d-------- C:\Program Files\Messenger<MESSEN~1> 2007-03-01 18:04:36 0 d-------- C:\Program Files\LimeWire 2007-03-01 18:00:49 0 d-------- C:\Program Files\Hijackthis<HIJACK~1> 2007-03-01 18:00:35 0 d-------- C:\Program Files\DVD Shrink<DVDSHR~1> 2007-03-01 18:00:34 0 d-------- C:\Program Files\DVD Decrypter<DVDDEC~1> 2007-03-01 18:00:18 0 d-------- C:\Program Files\DAMN NFO Viewer<DAMNNF~1> 2007-03-01 17:56:36 0 d-------- C:\Program Files\Common Files\Motive 2007-03-01 17:55:24 0 d-------- C:\Program Files\Common Files\Kaspersky Lab<KASPER~1> 2007-03-01 17:54:55 0 d-------- C:\Program Files\CCleaner 2007-03-01 17:53:54 0 d-------- C:\Program Files\AvRack 2007-03-01 17:52:38 0 d-------- C:\Program Files\AOD 2007-03-01 17:52:37 0 d-------- C:\Program Files\AIM6 2007-03-01 17:51:20 0 d-------- C:\Program Files\AIM 2007-03-01 17:50:59 0 d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter<ACE-HI~1> 2007-03-01 17:31:37 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent 2007-03-01 17:31:33 0 d-------- C:\Documents and Settings\Admin\Application Data\MSNInstaller<MSNINS~1> 2007-03-01 17:31:33 0 d-------- C:\Documents and Settings\Admin\Application Data\Mozilla 2007-03-01 17:30:33 0 d-------- C:\Documents and Settings\Admin\Application Data\AdobeUM 2007-02-22 22:29:52 118520 -------c- C:\WINDOWS\system32\pxinsi64.exe 2007-02-22 22:29:52 116472 -------c- C:\WINDOWS\system32\pxcpyi64.exe 2007-02-22 22:29:52 129784 -----n--- C:\WINDOWS\system32\pxafs.dll 2007-02-18 18:19:23 56314 --a------ C:\Documents and Settings\Admin\Application Data\speech.wav 2007-02-03 15:14:24 335 --a------ C:\WINDOWS\mozregistry.dat<MOZREG~1.DAT> 2007-02-02 21:30:31 0 d-------- C:\Program Files\Common Files\SWF Studio<SWFSTU~1> 2007-01-29 02:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe 2007-01-21 19:47:39 0 d-------- C:\Program Files\Elaborate Bytes<ELABOR~1> 2007-01-21 19:46:31 0 d-------- C:\Program Files\SlySoft 2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll 2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL> 2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll 2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll 2007-01-08 19:38:04 0 d---s---- C:\Documents and Settings\Admin\Application Data\Microsoft<MICROS~1> 2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll 2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll 2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll 2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll 2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll 2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll 2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll 2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll 2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll 2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll 2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe 2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-12-27 10:46:06 126976 --a------ C:\WINDOWS\system32\iavlsp.dll 2006-12-19 15:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-19 12:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll 2006-12-12 14:15:08 845312 --a------ C:\WINDOWS\system32\Smab.dll 2006-12-12 10:24:42 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll<DIVXWM~1.DLL> -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "µnBlackList"="C:\\Program Files\\SlySoft\\AnyDVD\\unBlackList.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "RaidTool"="\"C:\\Program Files\\VIA\\RAID\\raid_tool.exe\"" "KAVPersonal50"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe\" /minimize" "PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "lxamsp32.exe"="lxamsp32.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Monitor.lnk] "backup"="C:\\WINDOWS\\pss\\Monitor.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\ArcSoft\\MEDIAC~1\\MCCMON~1.EXE -r" "item"="Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="aim" "hkey"="HKCU" "command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLSoftware" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Language" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexStart] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mavenapp://maven.net/nike/jogatv] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NikeJogaTV" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DRIVES~1" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "inimapping"="0" "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SMSystemAnalyzer" "hkey"="HKCU" "command"="\"C:\\Program Files\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swdoctor" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeUpdateManager" "hkey"="HKCU" "command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ViewMgr" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="C:\\Program Files\\Winamp\\winampa.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="1" "hkey"="HKCU" "command"="1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G] Shell\AutoRun\command G:\LaunchU3.exe -a [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac442ae2-864e-11db-82f5-00508d79493f}] Shell\AutoRun\command G:\LaunchU3.exe -a -- End of ComboScan: finished at 2007-03-07 at 17:54:54 ------------------------- |
|
|
|
|
03-07-2007, 08:31 PM
|
#31 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,844
OS: WinXP and Vista
|
Good work on that registry entry--it's gone. Your logs are clean. If there aren't any more malware problems, please continue with these final instructions and helpful links:
Reset hidden/system files and folders Windows XP =============== Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View tab. * Deselect the Show hidden files and folders option. * Select the Hide file extensions for known types option. * Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Enable Windows Auto Update *Go to Start>Run - type wuaucpl.cpl *Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Create a new System Restore point Click Start >> Run - type SYSDM.CPL & press Enter * Select the System Restore Tab * Tick on the checkbox - "Turn off System Restore on all drives" Click Apply * Then untick the same checkbox & click OK This will prevent any reinfection from previous restore points. To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Spyware Guard to catch and block spyware before it can execute. IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: PC Safety and Security--What Do I Need? HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. ----------------------------------------------------- Follow the list above and the potential for infection will reduce dramatically. |
|
|
|
| Thread Tools | |
|
|
