Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page do this log please
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 05-03-2007, 10:06 PM   #1 (permalink)
Registered User
 
Join Date: May 2007
Posts: 25
OS: XP


do this log please
my computer has began to skip in one of my games called counter-strike and my computer has slown down a little bit so heres the hijackthis log, i couldnt get the panda thing to work.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:48:20 PM, on 5/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Define\Desktop\HiJackThis_v2\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5021 bytes
define is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 05-03-2007, 10:12 PM   #2 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,530
OS: WinXP and Vista


Re: do this log please
The log you've posted is the beta version of HijackThis and is still under development. Please refer to this thread TrendMicro's HijackThis version2 Beta

Then please follow the instructions in the (Updated!) IMPORTANT - Read This Before Posting A Log thread and post the requested logs in your next reply. We prefer to use v.1.99.1 still. Please do this, and allow Deckard's System Scanner to download, install and run HJT v.1.99.1

One of our Security Analysts will review your logs as soon as possible. While reading through our 5-Step Process, please note the 'bumping rules'.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-04-2007, 02:49 PM   #3 (permalink)
Registered User
 
Join Date: May 2007
Posts: 25
OS: XP


Re: do this log please
THIS IS THE GOOD ONE
The panda scanner is not letting me scan because its not downloading the active x but i did though...

Deckard's System Scanner v20070426.43
Run by Define on 2007-05-04 at 15:34:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
44: 2007-05-04 14:34:24 UTC - RP44 - Deckard's System Scanner Restore Point
43: 2007-05-03 22:24:31 UTC - RP43 - System Checkpoint
42: 2007-05-02 21:25:48 UTC - RP42 - System Checkpoint
41: 2007-05-01 20:03:54 UTC - RP41 - System Checkpoint
40: 2007-04-30 19:44:39 UTC - RP40 - System Checkpoint


-- First Restore Point --
1: 2007-04-04 19:42:19 UTC - RP1 - Installed Microsoft Office Professional Edition 2003


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Define.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:35:20 PM, on 5/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Define\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Define.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 cmudaxu (C-Media USB Sound Interface) - c:\windows\system32\drivers\cmudaxu.sys <Not Verified; C-Media Inc; C-Media USB Audio Driver (WDM)>

S3 AC97ALI (Service for AC'97 Driver (WDM)) - c:\windows\system32\drivers\ali55wdm.sys <Not Verified; ULi Corporation; ULi M5455 Audio Controller WDM Driver>
S3 cpuz126 - c:\docume~1\define\locals~1\temp\cpuz.sys (file missing)
S3 GMSIPCI - e:\install\gmsipci.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>


-- Scheduled Tasks -------------------------------------------------------------

2007-05-03 19:55:57 268 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-05-03 19:55:56 386 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2007-04-04 and 2007-05-04 -----------------------------

2007-05-04 15:31:09 0 d-------- C:\Program Files\SpywareBlaster
2007-05-03 22:49:44 0 dr-h----- C:\Documents and Settings\Define\Recent
2007-05-03 22:32:20 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-05-03 22:25:10 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-05-03 20:12:59 0 d-------- C:\Program Files\Uniblue
2007-05-03 19:55:58 0 d-------- C:\Documents and Settings\Define\Application Data\Uniblue
2007-04-27 18:02:13 0 d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-04-26 21:09:56 0 d-------- C:\Program Files\BitLord
2007-04-26 14:41:45 0 d-------- C:\Program Files\LimeWire
2007-04-25 13:57:31 0 d-------- C:\Program Files\Windows Media Connect 2
2007-04-25 13:56:24 0 d-------- C:\WINDOWS\system32\LogFiles
2007-04-25 13:56:24 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-04-25 13:47:17 0 d-------- C:\WINDOWS\network diagnostic
2007-04-25 13:30:26 592 --a------ C:\WINDOWS\chgkey.vbs
2007-04-22 20:57:16 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-04-16 15:47:35 119056 --a------ C:\WINDOWS\system32\reg_c3.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-04-16 15:47:34 1017545 --a------ C:\WINDOWS\system32\cpuz.exe <Not Verified; CPUID; CPU-Z Application>
2007-04-16 15:47:30 0 d-------- C:\Program Files\CEVO
2007-04-16 15:28:21 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-04-16 03:00:18 0 d-------- C:\WINDOWS\system32\DllCache
2007-04-16 00:03:41 0 d-------- C:\Program Files\Common Files\Scanner
2007-04-16 00:03:41 0 d-------- C:\Program Files\ComcastToolbar
2007-04-16 00:03:40 0 d-------- C:\Documents and Settings\Define\Application Data\ComcastToolbar
2007-04-16 00:01:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-04-14 14:44:28 0 d-------- C:\Program Files\support.com
2007-04-14 14:44:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Support.com
2007-04-14 13:42:06 0 d-------- C:\Program Files\SystemRequirementsLab
2007-04-14 13:42:00 0 d-------- C:\Documents and Settings\Define\Application Data\SystemRequirementsLab
2007-04-14 13:41:52 0 d-------- C:\WINDOWS\Sun
2007-04-14 13:41:52 0 d-------- C:\Documents and Settings\Define\Application Data\Sun
2007-04-14 10:10:47 0 d-------- C:\Documents and Settings\Define\Incomplete
2007-04-14 10:10:38 0 d-------- C:\Documents and Settings\Define\Application Data\LimeWire
2007-04-14 10:07:39 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-04-14 1057 0 d-------- C:\Documents and Settings\Define\Application Data\Leadertech
2007-04-14 00:02:35 0 d-------- C:\Program Files\Java
2007-04-14 00:02:29 0 d-------- C:\Program Files\Common Files\Java
2007-04-13 23:58:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-04-13 23:58:09 0 d-------- C:\Documents and Settings\Define\Application Data\Azureus
2007-04-10 15:38:29 0 d-------- C:\WINDOWS\system32\NtmsData
2007-04-09 17:07:10 0 d-------- C:\WINDOWS\system32\Lang
2007-04-09 17:07:10 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2007-04-07 21:27:15 0 d-------- C:\Documents and Settings\Define\Application Data\teamspeak2
2007-04-07 00:17:01 0 d-------- C:\Documents and Settings\Define\Application Data\vlc
2007-04-07 00:16:13 0 d-------- C:\Program Files\VideoLAN
2007-04-06 11:04:12 0 d-------- C:\Program Files\MSXML 4.0
2007-04-05 23:58:13 0 d--h----- C:\WINDOWS\$hf_mig$
2007-04-05 23:56:57 0 d---s---- C:\Documents and Settings\Define\UserData
2007-04-04 23:32:20 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-04-04 23:01:54 0 d-------- C:\Documents and Settings\Define\Application Data\WinRAR
2007-04-04 22:44:39 0 d-------- C:\Documents and Settings\Define\Application Data\Xfire
2007-04-04 22:44:38 0 d---s---- C:\Program Files\Xfire
2007-04-04 22:37:14 0 d-------- C:\Documents and Settings\Define\Application Data\Ventrilo
2007-04-04 22:36:36 0 d-------- C:\Program Files\Ventrilo
2007-04-04 22:36:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-04 22:20:02 0 d-------- C:\Documents and Settings\Define\Application Data\Aim
2007-04-04 22:18:53 0 d-------- C:\Program Files\Viewpoint
2007-04-04 22:18:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-04-04 22:18:50 0 d-------- C:\Program Files\AIM
2007-04-04 22:18:08 0 d-------- C:\Program Files\CCleaner
2007-04-04 21:27:53 0 d--hs---- C:\WINDOWS\Installer
2007-04-04 21:27:52 0 dr------- C:\Program Files
2007-04-04 21:27:52 0 d-------- C:\Program Files\Common Files\ODBC
2007-04-04 21:27:38 69120 --a------ C:\WINDOWS\NOTEPAD.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-04 21:27:27 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-04-04 21:27:27 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-04-04 21:27:27 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-04-04 21:27:27 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-04-04 21:27:27 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-04-04 21:27:27 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-04-04 21:27:27 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-04-04 21:27:27 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-04-04 21:27:27 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-04-04 21:27:27 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-04-04 21:27:27 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-04-04 21:27:27 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-04-04 21:27:27 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-04-04 21:27:27 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-04-04 21:27:27 0 dr------- C:\Documents and Settings\All Users\Documents
2007-04-04 21:27:27 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-04-04 21:25:10 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-04-04 21:25:10 0 d-------- C:\WINDOWS\system32\CatRoot
2007-04-04 21:25:04 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-04-04 21:25:04 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-04-04 21:25:04 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-04-04 21:25:04 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-04-04 21:23:05 63488 --a------ C:\WINDOWS\system32\drivers\ali55wdm.sys <Not Verified; ULi Corporation; ULi M5455 Audio Controller WDM Driver>
2007-04-04 21:23:05 9728 --a------ C:\WINDOWS\system32\ali55prp.dll <Not Verified; ALi Corporation; ALi M5455 Audio Controller Property Page>
2007-04-04 21:22:56 0 d--hs---- C:\System Volume Information
2007-04-04 21:22:56 0 d-------- C:\Documents and Settings
2007-04-04 21:21:32 0 d-------- C:\D
2007-04-04 21:18:43 0 d-------- C:\WINDOWS
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\WinSxS
2007-04-04 21:18:43 0 dr------- C:\WINDOWS\Web
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\twain_32
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\wins
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\wbem
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\usmt
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\spool
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\ShellExt
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\Setup
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\ras
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\PreInstall
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\oobe
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\npp
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\mui
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\inetsrv
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\IME
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\icsxml
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\ias
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\export
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\drivers
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\dhcp
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\config
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\3076
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\2052
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1054
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1042
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1041
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1037
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1033
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1031
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1028
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1025
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\security
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Resources
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\repair
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Provisioning
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\PeerNet
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\pchealth
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\mui
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\msapps
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\msagent
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Media
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\java
2007-04-04 21:18:43 0 d--h----- C:\WINDOWS\inf
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\ime
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Help
2007-04-04 21:18:43 0 dr--s---- C:\WINDOWS\Fonts
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\ehome
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Driver Cache
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Debug
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Cursors
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Connection Wizard
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Config
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\AppPatch
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\addins
2007-04-04 21:15:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-04-04 21:15:16 0 d-------- C:\Program Files\Webroot
2007-04-04 21:15:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-04-04 21:14:34 0 d-------- C:\Documents and Settings\Define\Application Data\Webroot
2007-04-04 21:11:00 0 d-------- C:\Program Files\mIRC
2007-04-04 21:08:12 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-04 21:02:43 53 --a------ C:\biosinfo
2007-04-04 20:57:57 1391296 -ra------ C:\WINDOWS\system32\drivers\cmudaxu.sys <Not Verified; C-Media Inc; C-Media USB Audio Driver (WDM)>
2007-04-04 20:57:57 98304 -ra------ C:\WINDOWS\system32\cmudau.dll <Not Verified; C-Media; C-Media cmuda.dll>
2007-04-04 20:57:57 16384 -ra------ C:\WINDOWS\system32\cmpropu.dll <Not Verified; C-Media Corporation; CMI8738/CMI9738/CMI9739 Audio Device>
2007-04-04 20:57:57 241664 -ra------ C:\WINDOWS\system32\cmdrvrmu.exe <Not Verified; C-Media Corporation; CmiRemoveDriver Application>
2007-04-04 20:57:57 45056 -ra------ C:\WINDOWS\system32\cmdrvrmu.dll
2007-04-04 20:57:57 712704 -ra------ C:\WINDOWS\system32\a3dpropu.dll <Not Verified; Sensaura Ltd; Sensaura>
2007-04-04 20:57:57 61440 -ra------ C:\WINDOWS\system\cmsnxeye.exe <Not Verified; ; CmSNXeye Application>
2007-04-04 20:57:57 315392 -ra------ C:\WINDOWS\system\cmifltr.dll <Not Verified; C-Media Electronics Inc.; C-Media CmiFltr>
2007-04-04 20:57:57 917504 -ra------ C:\WINDOWS\system\cmds3du.dll <Not Verified; C-Media Electronics Inc.; C-Media Cmids3d>
2007-04-04 20:57:54 40960 -r------- C:\WINDOWS\CmiUSB2Uninstall.exe <Not Verified; ; CmiUSBUninstall Application>
2007-04-04 20:57:49 0 d-------- C:\Program Files\Steel Sound 5H USB
2007-04-04 20:55:29 0 d-------- C:\WINDOWS\nview
2007-04-04 20:55:28 114688 -ra------ C:\WINDOWS\system32\sysinfo.dll <Not Verified; Crystal Dew World; SysInfo>
2007-04-04 20:55:27 200704 -ra------ C:\WINDOWS\system32\WinSys.exe <Not Verified; ; DOT Application>
2007-04-04 20:55:27 9728 -ra------ C:\WINDOWS\system32\sysinfoX64.sys
2007-04-04 20:55:27 8192 -ra------ C:\WINDOWS\system32\sysinfo.sys
2007-04-04 20:55:27 69632 -ra------ C:\WINDOWS\system32\sw24.exe
2007-04-04 20:55:27 208896 -ra------ C:\WINDOWS\system32\sw20.exe <Not Verified; ; sw20 Application>
2007-04-04 20:55:27 1445888 -ra------ C:\WINDOWS\system32\msicpl.dll <Not Verified; MSI; MSI MsiCpl>
2007-04-04 20:53:51 0 d-------- C:\Program Files\AMD
2007-04-04 20:52:51 0 d-------- C:\Documents and Settings\Define\Application Data\Macromedia
2007-04-04 20:51:20 40448 -----n--- C:\WINDOWS\system32\ChCfg.exe
2007-04-04 20:51:20 208896 -----n--- C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Update Application for Realtek AC'97>
2007-04-04 20:51:20 139264 -----n--- C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing Tool>
2007-04-04 20:50:50 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-04 20:50:49 28672 -----n--- C:\WINDOWS\system32\UnLAN.exe
2007-04-04 20:50:49 35587 -----n--- C:\WINDOWS\system32\rmlan.exe <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2007-04-04 20:50:49 34307 -----n--- C:\WINDOWS\system32\drivers\Install.EXE <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2007-04-04 20:50:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-04 20:50:47 0 d-------- C:\Program Files\Common Files\InstallShield
2007-04-04 20:50:36 5824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-04-04 20:49:52 0 d-------- C:\WINDOWS\system32\appmgmt
2007-04-04 20:41:45 0 d--h----- C:\Documents and Settings\Define\Templates
2007-04-04 20:41:45 0 dr------- C:\Documents and Settings\Define\Start Menu
2007-04-04 20:41:45 0 dr-h----- C:\Documents and Settings\Define\SendTo
2007-04-04 20:41:45 0 d--h----- C:\Documents and Settings\Define\PrintHood
2007-04-04 20:41:45 2621440 --ah----- C:\Documents and Settings\Define\NTUSER.DAT
2007-04-04 20:41:45 0 d--h----- C:\Documents and Settings\Define\NetHood
2007-04-04 20:41:45 0 dr------- C:\Documents and Settings\Define\My Documents
2007-04-04 20:41:45 0 d--h----- C:\Documents and Settings\Define\Local Settings
2007-04-04 20:41:45 0 d-------- C:\Documents and Settings\Define\ff_temp
2007-04-04 20:41:45 0 dr------- C:\Documents and Settings\Define\Favorites
2007-04-04 20:41:45 0 d-------- C:\Documents and Settings\Define\Desktop
2007-04-04 20:41:45 0 d--hs---- C:\Documents and Settings\Define\Cookies
2007-04-04 20:41:45 0 d--h----- C:\Documents and Settings\Define\Application Data
2007-04-04 20:41:45 0 d-------- C:\Documents and Settings\Define\Application Data\Mozilla
2007-04-04 20:41:45 0 d-------- C:\Documents and Settings\Define\7zS1873.tmp
2007-04-04 20:40:46 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-04-04 20:40:46 0 d-------- C:\WINDOWS\Prefetch
2007-04-04 20:40:45 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-04-04 20:40:45 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-04-04 20:40:45 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2007-04-04 20:40:45 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-04-04 20:40:45 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-04-04 20:40:30 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-04-04 20:40:30 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-04-04 20:40:30 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-04-04 20:40:30 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-04-04 20:40:30 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-04-04 20:39:17 262144 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-04-04 20:38:50 2806 --a------ C:\WINDOWS\mozver.dat
2007-04-04 20:38:49 0 d-------- C:\Documents and Settings\Default User\Application Data\Mozilla
2007-04-04 20:38:44 0 d-------- C:\Documents and Settings\Default User\ff_temp
2007-04-04 20:38:40 0 d-------- C:\Documents and Settings\Default User\7zS1873.tmp
2007-04-04 20:37:53 0 -rahs---- C:\MSDOS.SYS
2007-04-04 20:37:53 0 -rahs---- C:\IO.SYS
2007-04-04 20:37:53 0 --a------ C:\CONFIG.SYS
2007-04-04 20:37:53 0 --a------ C:\AUTOEXEC.BAT
2007-04-04 20:36:59 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-04-04 20:36:51 0 dr------- C:\WINDOWS\Offline Web Pages
2007-04-04 20:36:51 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-04 20:36:40 0 d--h----- C:\Program Files\WindowsUpdate
2007-04-04 20:36:37 0 d-------- C:\Program Files\Online Services
2007-04-04 20:36:24 0 d-------- C:\WINDOWS\system32\DirectX
2007-04-04 20:35:59 0 d---s---- C:\WINDOWS\Tasks
2007-04-04 20:35:58 0 d-------- C:\Program Files\Common Files\MSSoap
2007-04-04 20:35:55 0 d-------- C:\WINDOWS\system32\Macromed
2007-04-04 20:35:55 0 d-------- C:\WINDOWS\srchasst
2007-04-04 20:35:48 0 d-------- C:\Program Files\Movie Maker
2007-04-04 20:35:42 0 d-------- C:\WINDOWS\system32\Restore
2007-04-04 20:35:09 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-04 20:34:58 0 d-------- C:\WINDOWS\Registration
2007-04-04 20:32:47 0 d-------- C:\Program Files\MSN Messenger
2007-04-04 20:32:32 956688 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Calculator Plus>
2007-04-04 20:32:23 342528 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-04 20:32:23 0 d-------- C:\Program Files\Windows NT
2007-04-04 20:32:22 753664 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-04 20:32:22 420352 --a------ C:\WINDOWS\system32\mstsc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-04 20:32:20 0 d-------- C:\WINDOWS\system32\MsDtc
2007-04-04 20:32:19 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2007-04-04 21:27:27 62 --ahs---- C:\Documents and Settings\Define\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /install"
"SW20"="C:\\WINDOWS\\system32\\sw20.exe"
"SW24"="C:\\WINDOWS\\system32\\sw24.exe"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"CmUsbSound"="RunDll32 cmcnfgu.cpl,CMICtrlWnd"
"KernelFaultCheck"="C:\\WINDOWS\\system32\\dumprep 0 -k"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AIM"="\"C:\\Program Files\\AIM\\aim.exe\" -cnetwait.odl"
"Steam"="\"d:\\steam\\steam.exe\" -silent"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Uniblue SpeedUpMyPC"="\"C:\\Program Files\\Uniblue\\SpeedUpMyPC\\SpeedUpMyPC.exe\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\
53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\
65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\
79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnsc"="C:\\WINDOWS\\system32\\msnsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInternetIcon"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoSaveSettings"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoInternetIcon"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoSaveSettings"=dword:00000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-05-04 at 15:35:57 ---------

Logfile of HijackThis v1.99.1
Scan saved at 3:35:20 PM, on 5/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Define\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Define.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Attached Files
File Type: txt extra.txt (6.0 KB, 1 views)
define is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-04-2007, 08:36 PM   #4 (permalink)
Registered User
 
Join Date: May 2007
Posts: 25
OS: XP


Re: do this log please
bump""
define is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-05-2007, 06:56 AM   #5 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,530
OS: WinXP and Vista


Re: do this log please
I'm not seeing any malware in these logs. We'll try a general cleaning and try again to get an online scan to complete to see if anything is revealed.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

******************************************************

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Download and install CleanUp! but do not run it yet. (Not Recommended for XP64).

(Alternate Link if main link doesn't work - http://www.greyknight17.com/spy/CleanUp.exe )

--------------------------------------------------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
  • Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked.
Click OK
Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted.

--------------------------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).
**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note for Internet Explorer 7 users**

If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

--------------------------------------------------------------------

Run a new scan with HijackThis 1.99.1 and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware results
Kaspersky results
New HijackThis log
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-05-2007, 03:45 PM   #6 (permalink)
Registered User
 
Join Date: May 2007
Posts: 25
OS: XP


Re: do this log please
HERE WE ARE

Logfile of HijackThis v1.99.1
Scan saved at 4:43:24 PM, on 5/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

KASPERSKY ONLINE SCANNER REPORT
Saturday, May 05, 2007 4:42:45 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 5/05/2007
Kaspersky Anti-Virus database records: 313671
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 40716
Number of viruses found 1
Number of infected objects 1 / 0
Number of suspicious objects 0
Duration of the scan process 00:26:20

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Define\Application Data\Webroot\Spy Sweeper\Logs\070505151738.ses Object is locked skipped
C:\Documents and Settings\Define\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Define\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Define\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Define\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Define\Local Settings\History\History.IE5\MSHist012007050520070506\index.dat Object is locked skipped
C:\Documents and Settings\Define\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Define\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Define\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS022541FA-7E52-4D64-8D69-5B08071B75A8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS051C6491-0E93-4120-AB18-16A3DD234BBA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0862F97D-7280-44FB-8CE8-023C3EE29D78.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0B515F02-CA16-4997-8719-63B71348CE51.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS108EE3E4-9C4F-4606-A6D8-769208418008.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS10B43AB0-59DE-4770-B465-57E9CA2A305F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS15F04E1D-B4E1-48F3-BC1D-5236F29AD3DE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1799AF42-176A-417F-8954-E8C902FC1B59.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1856D0D0-837C-4813-A3CD-73C1F86AE96E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1B56D43C-4675-49A9-A0B8-0204A6AD10DE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1B8AB53D-A2B5-4690-B35C-C5EA44D90420.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1ED8EE64-8E7E-483D-A1F7-271517CD8BFC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1FD4CC78-7357-4F73-BFC4-E9927A62077A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS25F26BDE-0E85-4E20-88B2-DDC2EA88F9E9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2851515A-56A3-4DA0-81F9-69EE893C1A03.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS32F2819E-3612-45BA-AD7D-8BBFFB1126FC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3617A4F7-8B29-43BF-9097-C3B23B214316.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3D4ECFF8-5499-432A-BF2B-F2690AF96189.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3E94B1F0-4DB6-4409-B1DC-56DEA58D69A1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS42C2AA12-3F3E-41BF-B45D-CB5992B58C10.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4A40F5D4-6866-4991-BBF8-0C831643A413.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4C3E4D9D-6A93-4A3B-ACFC-9FB40B8AA381.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS509039C9-BCA6-48D0-9F90-BBCE5F5D732B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS542B3873-31BA-462E-A435-373D8F296E9F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS56BEA1DC-6E78-4150-BDBE-5EFCA5D99B49.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5BBB3F45-37EC-4D8B-9FF6-C10E3C9E1569.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5C1174E7-3854-48BD-9AB5-05EC1E253B78.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5D46C7BA-E364-4E4B-A359-5C895D64F6F1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5ECCFC5D-02BF-4627-8D9C-D9D6969EFC43.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5F93CAC5-CF8C-40ED-8B77-0CA4D99B9387.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5FA8E103-1867-468E-BA91-08E39DECB6A3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS600636C6-59FD-4D39-8D65-742FFBF78373.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS60CE4066-6D5F-44A2-877A-CD79DFDF711D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS62FDB017-E825-4302-8424-4EDF8D825340.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6395786B-BD9F-42EA-B6B3-870ADC153BB6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS640383BA-D1F5-4D24-8FE1-7D9A5629C2CC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS650C4A80-D93D-4723-ABFA-D70C57915FFC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS65FCF9A9-1E65-44A6-8A06-EDE354702BEA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS65FFC529-B0D7-42F7-BDBE-D29CCC198453.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6B59FE91-F3E5-457B-A746-922D6304C6B3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6E75D16C-CD12-4342-9206-DF9900DC4986.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6F2220F2-B54F-42CF-9C27-A82E65FFFC53.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS73711AC4-3500-4E2F-931A-A0628E96A8FA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS76A76369-3CDD-4DA8-AE34-BA1E06412156.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS77E12D94-6FE3-4FC3-BECC-5630813CC446.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7D8D38F6-F9FF-4A44-8A98-89949A72DAD8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7F6C26FB-A3D4-4E3F-84D4-88BAD6217270.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS834452A8-991E-4793-A89E-C85CC2F0887F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS85AEA911-FFDE-4F73-90A1-E41B6D579B97.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8744157B-75EC-43A4-BDE1-73A8201B5B54.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS88D5B92A-9EB8-4761-9991-6A5570EFFC3C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS896946B4-E936-451F-9020-D2AECA540781.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8D15213C-B779-4380-BC9E-35BA5CEF3BA8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8D7DD6D0-E271-4F56-BBE2-C0B278C30F02.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8FF828F3-50F3-416E-84BA-B6CDC295E6CF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS954236D9-3F6F-443B-B9B0-99B5CE1DF4D9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9694E2E8-A14B-4058-A496-E83E375F832F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS984B34CC-0235-4A58-81DA-55DA976863F9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9B712EC4-9959-4077-AC78-ADF7F63BCC84.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9F1BC486-47A0-41D3-A762-5B1CD5CD2104.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9F5DFBAF-0D19-4ED9-891F-C550F5DA3FEB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA0161DCE-061D-4E94-B5CA-59A059DC5CF9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA16953EE-51AE-4D65-93A4-656DABD5EE3A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA56A8827-360A-4FA6-A14E-B8A6579CC185.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA5F664A1-2BC8-4FCB-A7DA-1153FFDB8646.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAA45B63F-A1F7-4C2D-99BA-798ADD23BC9B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAAEBD66A-95C2-4198-97F3-08E9D737B224.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAC8A1367-3C0E-4535-81EC-D623C65C90C7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB2B03978-9AFD-45BF-B49B-A8E4FC1F1430.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB2FD886E-477E-49CE-8CF7-1DEAAF175140.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC40A0B07-3C56-4C6A-A0EC-65A91BA073FD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC7E07FE6-BD9D-46B8-9865-35E60F6A0F6C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCB737CB3-299A-4AAC-B979-6FAD2E4EFD93.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCCC929B5-A4EE-45B7-AE6F-F52822AC63A8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDB6AA800-CA4B-41EA-9AB7-1A7E67E797E1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDC017AC7-0914-43FA-B7D1-A9F756889697.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDC9D2353-F878-48CB-8985-5D41E6DF16E1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDDBCA34E-09F3-483E-B1BD-E6FAC5816747.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE02A20C4-77F8-45BD-9DE5-E0D6FDF6CE6B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE03DF8DC-0E3D-466A-B524-F32B4F81962B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE2A67843-1DF0-4A88-A3CD-2E03ABB933F9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE32FCA54-1230-4A3D-BF79-E7D4FC5DC459.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE5990061-8EC9-47C7-ABBC-CDBC38D6A114.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE90CC429-1703-42EC-A12B-ED754C69AEEB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSED7A172E-FB12-4372-B2B5-A32517779AAA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEE305425-3703-4D73-98D4-27408B42F261.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF35E249E-889C-4011-A5EC-897C82396630.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF726B010-8FA3-473E-9843-7EDD8852198A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF8E307E8-B4BA-4221-BAF1-D87633D0B36A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFA883215-2B27-4DE6-A847-0FA3541B26EA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFC20B89C-B8F1-466F-B303-ED4534E8C0AF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{81ABA7F8-6B90-4B52-803C-B103C110BC38}\RP44\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{E091F34E-BF21-43F2-BC62-6B0CBF8B4EAD}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{81ABA7F8-6B90-4B52-803C-B103C110BC38}\RP44\change.log Object is locked skipped
Scan process completed.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:15:18 PM 5/5/2007

+ Scan result:



C:\Documents and Settings\Define\My Documents\download\definecs\Windows Genuine in 5 seconds\Windows Genuine in 5 seconds\Genuine_In_5_sec\Windows Toolkit.zip/windowsxp_keygen.exe -> Trojan.Small.edz : Cleaned with backup (quarantined).


::Report end
define is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-05-2007, 10:50 PM   #7 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,530
OS: WinXP and Vista


Re: do this log please
Hi,

Kaspersky is only reporting the presence of C:\Program Files\mIRC\mirc.exe ------>Client-IRC.Win32.mIRC.62

As long as you installed that yourself, it's nothing to be concerned about and certainly is not causing the issues you've described.

As your problem does not appear to be malware related, I would suggest you begin a thread in the Gaming Section and see if the folks there can help you out.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-06-2007, 09:16 AM   #8 (permalink)
Registered User
 
Join Date: May 2007
Posts: 25
OS: XP


Re: do this log please
Thank You.
define is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 10:32 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85