Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hii thanks for help


  • Please log in to reply

#1
vitalia

vitalia

    New Member

  • Member
  • Pip
  • 2 posts
SmitFraudFix v2.220

Scan done at 17:23:13,90, 2007.09.05
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\main_uninstaller.exe FOUND !
C:\WINDOWS\msmdev.dll FOUND !
C:\WINDOWS\msmhost.dll FOUND !
C:\WINDOWS\nsduo.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FAVORI~1

C:\DOCUME~1\ADMINI~1\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\ADMINI~1\FAVORI~1\Privacy Protector.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\ADMINI~1\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\ADMINI~1\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\ADMINI~1\Desktop\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

Advertisements


#2
vitalia

vitalia

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Deckard's System Scanner v20070826.66
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.73GHz
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 1022.05 MiB / 680.52 MiB
Pagefile Memory (total/avail): 2457.66 MiB / 2262.89 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1951.84 MiB

C: is Fixed (NTFS) - 29.29 GiB total, 19.56 GiB free.
D: is Fixed (NTFS) - 63.86 GiB total, 15.47 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST9100824A - 93.16 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 29.29 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 63.86 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SHASHANK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\SHASHANK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=SHASHANK
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY Lingvo 10 First Step (En-Ru-En) --> MsiExec.exe /I{4183F2C2-CD6B-4E77-9EFC-410FE491AC01}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Advanced Uninstaller PRO 2004 - version 6 --> "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2004 version 6\unins000.exe"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Canon i250 --> C:\WINDOWS\system32\CNMCP50.exe "-PRINTERNAMECanon i250" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i250 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0419.dll"
Delta Force: Xtreme --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{961C4925-5B53-4127-969D-1CACF2426C05}\setup.exe" -l0x9
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
K-Lite Codec Pack 2.84 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Office 2003 Russian User Interface Pack --> MsiExec.exe /I{901E0419-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Need for Speed™ Most Wanted --> C:\Program Files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
Opera 9.20 --> MsiExec.exe /X{FC0C72DD-A491-43FF-B377-67273E4D94D7}
S.T.A.L.K.E.R. --> "D:\Program Files\GSC World Publishing\S.T.A.L.K.E.R\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe"
Smart Link 56K Modem --> C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x19 -removeonly
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FF6F491D-BC82-4DCC-A72F-1824957C6466} /l1033
TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
WebVideo Support --> C:\WINDOWS\main_uninstaller.exe
Winamp 5.12 --> MsiExec.exe /I{5EF042E2-7F7D-49DA-BFB0-EE2CE566F6DA}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WINRAR Key --> "C:\Program Files\WinRAR\unins000.exe"


-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.


-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

No Errors/Warnings found.


-- End of Deckard's System Scanner: finished at 2007-09-05 17:39:20 ------------








Deckard's System Scanner v20070826.66
Run by Administrator on 2007-09-05 17:37:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
50: 2007-09-05 16:37:06 UTC - RP50 - Deckard's System Scanner Restore Point
49: 2007-09-05 11:05:50 UTC - RP49 - Installed Kaspersky Anti-Virus 7.0.
48: 2007-09-04 23:57:40 UTC - RP48 - Restore Operation
47: 2007-09-04 23:28:04 UTC - RP47 - Removed Ad-Aware 2007
46: 2007-09-04 20:09:49 UTC - RP46 - Installed Ad-Aware 2007


-- First Restore Point --
1: 2007-06-10 16:58:37 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-09-05 17:38:33
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Most Wanted Edition Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: msmhost - {9478E73D-8BBB-451B-BC4F-A4386106A7B0} - C:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {0D376114-EDF8-4126-93F9-4344A1DBC600} - C:\WINDOWS\msmdev.dll
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - "C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe"
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 UTSCSI (CLCV0) - c:\windows\system32\utscsi.exe <Not Verified; ; UTSCSI Application>

S3 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "c:\program files\tuneup utilities 2006\winstylerthemesvc.exe" <Not Verified; TuneUp Software GmbH; TuneUp Utilities>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_203C161F&REV_19\4&16F6A662&0&00E0
Manufacturer: Marvell
Name: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_203C161F&REV_19\4&16F6A662&0&00E0
Service: yukonwxp


-- Files created between 2007-08-05 and 2007-09-05 -----------------------------

2007-09-05 17:38:12 0 d-------- C:\WINDOWS\privacy_danger
2007-09-05 17:23:52 1382 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-05 17:22:34 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-09-05 17:22:34 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-09-05 17:22:34 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-05 16:56:01 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-09-05 12:06:22 81549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-09-05 12:06:22 82061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-09-05 12:05:57 0 d-------- C:\Program Files\Kaspersky Lab
2007-09-05 12:05:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-05 12:05:55 10784 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-05 12:05:55 1381664 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-05 12:03:10 0 d-------- C:\KAV
2007-09-05 01:30:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2007-09-05 00:49:19 0 d-------- C:\WINDOWS\srchasst
2007-09-05 00:49:19 0 d-------- C:\WINDOWS\system32\xircom
2007-09-05 00:49:19 0 d-------- C:\Program Files\msn gaming zone
2007-09-05 00:49:18 0 d-------- C:\Program Files\microsoft frontpage
2007-09-04 23:48:59 0 d-------- C:\WINDOWS\system32\NtmsData
2007-09-04 14:26:47 253952 --a------ C:\WINDOWS\msmhost.dll <Not Verified; ; msmhost>
2007-09-04 14:26:47 266240 --a------ C:\WINDOWS\msmdev.dll
2007-09-04 14:26:47 50688 --a------ C:\WINDOWS\main_uninstaller.exe
2007-09-04 14:26:46 208896 --a------ C:\WINDOWS\nsduo.dll <Not Verified; ; nsduo>
2007-08-31 21:03:41 0 d-------- C:\Program Files\EA GAMES
2007-08-30 16:52:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Opera
2007-08-30 16:52:37 0 d-------- C:\Program Files\Opera
2007-08-29 14:02:04 0 d-------- C:\Program Files\ABBYY Lingvo 10 First Step
2007-08-29 12:37:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-08-29 02:26:37 0 d-------- C:\Program Files\Innovative Solutions
2007-08-29 00:46:02 0 d-------- C:\WINDOWS\system32\LogFiles
2007-08-27 22:54:14 0 d-------- C:\Program Files\NovaLogic
2007-08-25 16:08:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2007-08-25 16:05:39 0 d-------- C:\Downloads
2007-08-24 19:40:06 0 d---s---- C:\Documents and Settings\Administrator\UserData
2007-08-24 16:35:19 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-08-24 11:37:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-08-24 11:27:51 0 d-------- C:\Program Files\Common Files\Motive
2007-08-24 11:27:21 159744 --a------ C:\WINDOWS\system32\ssleay32_1-1-0_DDR.dll
2007-08-24 11:27:20 532594 --a------ C:\WINDOWS\system32\xerces-c_1_40_0_DDR.dll
2007-08-24 11:27:20 524377 --a------ C:\WINDOWS\system32\stlport_4_0_0_DDR.dll
2007-08-24 11:27:20 663552 --a------ C:\WINDOWS\system32\libeay32_1-1-0_DDR.dll
2007-08-24 11:27:20 307329 --a------ C:\WINDOWS\system32\BJBase_2-2-2_DDR.dll <Not Verified; BroadJump, Inc.; >
2007-08-24 11:27:18 0 d-------- C:\Program Files\BroadJump
2007-08-24 11:27:17 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-08-24 09:06:52 1654784 --a------ C:\WINDOWS\system32\W29MLRES.DLL <Not Verified; Intel Corporation; Intel® PRO/Wireless 2915ABG Network Connection>


-- Find3M Report ---------------------------------------------------------------

2007-09-05 14:25:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2007-09-05 02:23:09 0 d-------- C:\Program Files\PowerISO
2007-09-05 00:49:19 0 d-------- C:\Program Files\Windows NT
2007-09-05 00:28:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-27 22:54:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-24 11:17:15 0 d-------- C:\Program Files\Intel
2007-08-04 12:07:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2007-07-10 17:17:12 0 d-------- C:\Program Files\Analog Devices
2007-07-10 17:16:54 0 d-------- C:\Program Files\Common Files\InstallShield
2007-06-17 09:49:04 45056 --a------ C:\WINDOWS\system32\UTSCSI.EXE <Not Verified; ; UTSCSI Application>
2007-06-10 23:08:06 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2007-06-10 17:47:53 3030 --a------ C:\WINDOWS\mozver.dat
2007-06-10 17:45:14 0 -rahs---- C:\MSDOS.SYS
2007-06-10 17:45:14 0 -rahs---- C:\IO.SYS
2007-06-10 17:45:14 0 --a------ C:\CONFIG.SYS
2007-06-10 17:45:14 0 --a------ C:\AUTOEXEC.BAT
2007-06-10 17:42:14 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88418AA3-16F5-4FC2-A9D8-90B1266DF841}]
2007.09.04 11:00 208896 --a------ C:\WINDOWS\nsduo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005.06.30 10:45]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007.06.28 12:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006.10.10 11:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
"nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
"ATnotes.exe"=C:\Program Files\ATnotes\ATnotes.exe
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"NoRemoteRecursiveEvents"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoSMHelp"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo "=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"NoSaveSettings"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoSMHelp"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo "=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"NoSaveSettings"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msmhost"= {9478E73D-8BBB-451B-BC4F-A4386106A7B0} - C:\WINDOWS\msmhost.dll [2007.09.04 11:00 253952]
"msmdev"= {0D376114-EDF8-4126-93F9-4344A1DBC600} - C:\WINDOWS\msmdev.dll [2007.09.04 11:00 266240]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebClient"=2 (0x2)
"TapiSrv"=3 (0x3)
"helpsvc"=2 (0x2)
"Eventlog"=2 (0x2)
"seclogon"=2 (0x2)
"RemoteRegistry"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b359510-1775-11dc-b26d-ff1ad3f3c39e}]
AutoRun\command- I:\USBNB.exe




-- End of Deckard's System Scanner: finished at 2007-09-05 17:39:20 ------------
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP