undetectable virus

Computing.Net > Forums > Security and Virus > undetectable virus

Original Message

Name: behgazi
Date: February 20, 2007 at 04:16:12 Pacific
Subject: undetectable virus
OS: winxp sp1
CPU/Ram: pIII /256mb
Model/Manufacturer: HP

Comment:

This problem is almost 3/4 months old.while doing something lots of horizental black lines appear on screen (actually the whole monitor becomes full). and after that when i move mouse strange pattern follows. so i have to restart me computer. i was thinking that my monitor's life is nearly finished , so i thought i'll continue with it untill i can. but today a friend of mine came and he wanted to do some thing and the monitor again went like that, he said your system is infected. i ran two different antivirus program but nothing came up. afterthati searched the web and came accross your link and i realized that there are lots of other things hapening too.(which i didnt noticed to be big deal) shutting off computer, changing of toobar. etc. so now when i know the problem can anyone please help me with it?

behgazi

Report Offensive Message For Removal

Response Number 1

Name: jabuck
Date: February 20, 2007 at 14:05:44 Pacific

Reply: (edit)

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.
Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

Report Offensive Follow Up For Removal

Response Number 2

Name: behgazi
Date: February 21, 2007 at 02:56:30 Pacific

Reply: (edit)

this is what i got.
Logfile of HijackThis v1.99.1
Scan saved at 9:51:03 PM, on 21/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wwSecure.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAO...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/i...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe
behgazi

Report Offensive Follow Up For Removal

Response Number 3

Name: jabuck
Date: February 21, 2007 at 03:43:30 Pacific

Reply: (edit)

I don't any viruses or malware in the Hijack This log.
We can look a little deeper with these scans.
Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Please download Comboscan from this link:
Comboscan

Close all applications and windows.
Double-click on comboscan.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - ComboScan.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your next post.
A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
Please attach Supplementary.txt to your post.
Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

Report Offensive Follow Up For Removal

Response Number 4

Name: behgazi
Date: February 21, 2007 at 04:00:12 Pacific

Reply: (edit)

following is the report;
SmitFraudFix v2.144
Scan done at 22:57:50.40, Wed 21/02/2007
Run from C:\Documents and Settings\Naim\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Naim

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Naim\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Naim\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
behgazi

Report Offensive Follow Up For Removal

Response Number 5

Name: behgazi
Date: February 21, 2007 at 06:48:23 Pacific

Reply: (edit)

combo scan text is here
ComboScan v20070212.14 run by Naim on 2007-02-22 at 00:33:21
Computer is in Normal Mode.
----------------------
Successfully created restore point.
Performed disk cleanup.

-- HijackThis log (run as Naim.---------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:33:34 AM, on 22/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wwSecure.exe
C:\Documents and Settings\Naim\Desktop\comboscan.exe
C:\DOCUME~1\Naim\LOCALS~1\Temp\~tbogpax.tmp\Naim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAO...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/i...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe

-- File Associat-------
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------
3 cwcspud (Crystal SoundFusion(tm) Driver) - system32\drivers\cwcspud.sys
3 cwcwdm (Crystal SoundFusion(tm) WDM Driver) - system32\drivers\cwcwdm.sys
3 G200 - System32\DRIVERS\G200m.sys
3 k600bus (Sony Ericsson 600i driver (WDM)) - System32\DRIVERS\k600bus.sys
3 k600mdfl (Sony Ericsson 600i USB WMC Modem Filter) - System32\DRIVERS\k600mdfl.sys
3 k600mdm (Sony Ericsson 600i USB WMC Modem Drivers) - System32\DRIVERS\k600mdm.sys
3 k600mgmt (Sony Ericsson 600i USB WMC Device Management Drivers) - System32\DRIVERS\k600mgmt.sys
3 k600obex (Sony Ericsson 600i USB WMC OBEX Interface Drivers) - System32\DRIVERS\k600obex.sys
1 P3 (Intel PentiumIII Processor Driver) - System32\DRIVERS\p3.sys
3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - System32\DRIVERS\RTL8139.SYS
0 SSFS0509 (Spy Sweeper File System Filer Driver: 0509) - SYSTEM32\Drivers\SSFS0509.SYS
0 SSHRMD (Spy Sweeper Hookrack MiniDriver) - SYSTEM32\Drivers\SSHRMD.SYS
0 SSIDRV (Spy Sweeper Interdiction Driver) - SYSTEM32\Drivers\SSIDRV.SYS
3 SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - System32\Drivers\sskbfd.sys
3 usbprint (Microsoft USB PRINTER Class) - System32\DRIVERS\usbprint.sys
3 usbscan (USB Scanner Driver) - System32\DRIVERS\usbscan.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
2 aswUpdSv (avast! iAVS4 Control Service) - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
2 avast! Antivirus - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
3 avast! Mail Scanner - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
3 avast! Web Scanner - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
2 LexBceS (LexBce Server) - C:\WINDOWS\system32\LEXBCES.EXE
3 SCardDrv (Smart Card Helper) - %SystemRoot%\System32\SCardSvr.exe
2 uploadmgr (Upload Manager) - %SystemRoot%\System32\svchost.exe -k netsvcs
3 usnjsvc (Messenger Sharing Folders USN Journal Reader service) - C:\Program Files\MSN Messenger\usnsvc.exe
2 WebrootSpySweeperService (Webroot Spy Sweeper Engine) - "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"
2 WmdmPmSp (Portable Media Serial Number) - %SystemRoot%\System32\svchost.exe -k netsvcs
2 wwSecSvc (Washer Security Access) - C:\WINDOWS\System32\wwSecure.exe

-- Files created between 2007-01-22 and 20----------
2007-02-21 23:55:27 1852 --a------ C:\WINDOWS\System32\d3d9caps.dat
2007-02-21 22:57:56 784 --a------ C:\WINDOWS\System32\tmp.reg
2007-02-21 22:57:27 79360 --a------ C:\WINDOWS\System32\swxcacls.exe<Unsigned: SteelWerX>
2007-02-21 22:57:27 51200 --a------ C:\WINDOWS\System32\dumphive.exe<Unsigned: n/a>
2007-02-21 22:57:26 40960 --a------ C:\WINDOWS\System32\swsc.exe<Unsigned: n/a>
2007-02-21 22:57:26 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe<Unsigned: S!Ri>
2007-02-21 22:57:25 135168 --a------ C:\WINDOWS\System32\swreg.exe<Unsigned: SteelWerX>
2007-02-21 22:57:25 53248 --a------ C:\WINDOWS\System32\Process.exe<Unsigned: http://www.beyondlogic.org>
2007-02-21 21:50:23 0 d-------- C:\Program Files\Hijackthis<HIJACK~1>
2007-02-20 21:29:52 0 d-------- C:\WINDOWS\McAfee.com
2007-02-19 19:51:46 0 d-------- C:\Documents and Settings\Naim\Contacts
2007-02-19 00:59:45 249856 -----n--- C:\WINDOWS\Setup1.exe<Unsigned: Microsoft Corporation>
2007-02-19 00:59:39 73216 --a------ C:\WINDOWS\ST6UNST.EXE<Unsigned: Microsoft Corporation>
2007-02-18 18:26:29 0 d-------- C:\Documents and Settings\LocalService\Temp
2007-02-16 13:47:43 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-02-16 13:15:33 0 d-------- C:\Documents and Settings\Naim\Application Data\Google
2007-02-16 13:11:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-02-16 11:11:49 0 d-------- C:\Program Files\Common Files\Webroot Shared<WEBROO~1>
2007-02-16 11:11:35 57344 --a------ C:\WINDOWS\Unwash6.exe<Unsigned: Webroot Software, Inc.>
2007-02-16 11:11:33 486400 --a------ C:\WINDOWS\System32\wwSecure.exe<Unsigned: Webroot Software, Inc.>
2007-02-16 11:10:14 0 d---s---- C:\Documents and Settings\Naim\UserData
2007-02-16 09:36:31 0 d-------- C:\Documents and Settings\Naim\Application Data\MSN6
2007-02-16 01:58:14 0 d-------- C:\Documents and Settings\Naim\Application Data\Adobe
2007-02-16 01:28:52 2097152 --a------ C:\Documents and Settings\Naim\ntuser.dat
2007-02-16 01:23:20 0 d-------- C:\Documents and Settings\Naim\Application Data\Help
2007-02-15 14:11:03 1740 --a------ C:\WINDOWS\System32\d3d8caps.dat
2007-02-15 12:12:01 0 d-------- C:\Documents and Settings\Naim\Application Data\Webroot
2007-02-14 21:41:52 0 d-a------ C:\Documents and Settings\saima\Application Data\Adobe
2007-02-14 21:35:45 0 d-a------ C:\Documents and Settings\All Users\Application Data\Adobe
2007-02-14 21:14:43 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-14 19:45:26 0 d-------- C:\WINDOWS\MSREMOTE.SFS
2007-02-14 19:38:28 0 d--h----- C:\WINDOWS\System32\GroupPolicy<GROUPP~1>
2007-02-13 22:46:11 40960 --a------ C:\WINDOWS\System32\lxbkvs.dll<Signed: n/a>
2007-02-13 22:46:10 73728 --a------ C:\WINDOWS\System32\lxbkpwr.dll<Signed: Lexmark International, Inc.>
2007-02-13 22:46:08 286720 --a------ C:\WINDOWS\System32\LXBKPMNT.DLL<Signed: Lexmark International, Inc.>
2007-02-13 22:46:07 544768 --a------ C:\WINDOWS\System32\LXBKLSNT.EXE<Signed: Lexmark International, Inc.>
2007-02-13 22:46:06 217088 --a------ C:\WINDOWS\System32\LXBKLCNT.DLL<Signed: Lexmark International, Inc.>
2007-02-13 22:46:05 77824 --a------ C:\WINDOWS\System32\LXBKLCNP.DLL<Signed: n/a>
2007-02-13 22:46:05 86016 --a------ C:\WINDOWS\System32\LXBKIH.EXE<Signed: n/a>
2007-02-13 22:46:03 69632 --a------ C:\WINDOWS\System32\LXBKCU.DLL<Signed: Lexmark International Inc.>
2007-02-13 22:46:03 286720 --a------ C:\WINDOWS\System32\lxbkcomm.dll<Signed: Lexmark International, Inc.>
2007-02-13 22:45:57 126976 --a------ C:\WINDOWS\System32\LXBKCFG.EXE<Signed: Lexmark International, Inc.>
2007-02-13 22:45:55 174592 --a------ C:\WINDOWS\System32\LEXPPS.EXE<Signed: Lexmark International, Inc.>
2007-02-13 22:45:55 155648 --a------ C:\WINDOWS\System32\LEXPING.EXE<Signed: Lexmark International, Inc.>
2007-02-13 22:45:54 201216 --a------ C:\WINDOWS\System32\LEXP2P32.DLL<Signed: Lexmark International, Inc.>
2007-02-13 22:45:53 303104 --a------ C:\WINDOWS\System32\LEXBCES.EXE<Signed: Lexmark International, Inc.>
2007-02-13 22:45:52 147456 --a------ C:\WINDOWS\System32\LEXBCE.DLL<Signed: Lexmark International, Inc.>
2007-02-13 22:45:52 196096 --a------ C:\WINDOWS\System32\LEX2KUSB.DLL<Signed: Lexmark International, Inc.>
2007-02-13 22:45:52 40960 --a------ C:\WINDOWS\System32\INSTMON.EXE<Signed: n/a>
2007-02-13 22:45:42 90112 --a------ C:\WINDOWS\System32\LXBKCUR.DLL<Signed: Lexmark International Inc.>
2007-02-13 22:45:42 192512 --a------ C:\WINDOWS\System32\LEXLMPM.DLL<Signed: Lexmark International, Inc.>
2007-02-13 22:44:54 352256 --a------ C:\WINDOWS\System32\LXBKUTIL.DLL<Signed: Lexmark International Inc.>
2007-02-13 22:44:53 69632 --a------ C:\WINDOWS\System32\lxbkscin.dll<Signed: Lexmark International, Inc.>
2007-02-13 22:44:52 49152 --a------ C:\WINDOWS\System32\lxbkcoin.dll<Signed: Lexmark International, Inc.>
2007-02-13 22:44:52 57344 --a------ C:\WINDOWS\System32\lxbkcinf.dll<Signed: Lexmark International, Inc.>
2007-02-13 22:44:27 454656 --a------ C:\WINDOWS\System32\LXBKJSWR.DLL<Signed: Lexmark International Inc.>
2007-02-13 22:44:26 0 d-------- C:\Program Files\Lexmark X1100 Series<LEXMAR~1>
2007-02-13 22:44:23 299520 --a------ C:\WINDOWS\uninst.exe<Unsigned: InstallShield Corporation, Inc.>
2007-02-13 22:16:29 0 d-a------ C:\Documents and Settings\saima\Application Data\Help
2007-02-13 22:15:26 0 d-a------ C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar<WINDOW~1>
2007-02-13 22:13:33 0 d------c- C:\WINDOWS\System32\DRVSTORE
2007-02-13 22:11:55 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-13 16:40:15 0 d---s---- C:\WINDOWS\Copy of Tasks<COPYOF~1>
2007-02-12 22:26:16 0 d--h----- C:\WINDOWS\PIF
2007-02-12 22:11:07 0 d-------- C:\WINDOWS\System32\NtmsData
2007-02-12 18:39:45 36864 --a------ C:\WINDOWS\uneng.exe<Unsigned: n/a>
2007-02-12 18:39:45 22585 --a------ C:\WINDOWS\System32\drivers\cdralw2k.sys<Unsigned: Adaptec>
2007-02-12 18:39:45 52720 --a------ C:\WINDOWS\System32\drivers\cdr4_2k.sys<Unsigned: Adaptec>
2007-02-12 18:39:44 45056 --a------ C:\WINDOWS\System32\cdrtc.dll<Unsigned: Adaptec>
2007-02-12 18:39:44 45056 --a------ C:\WINDOWS\System32\cdral.dll<Unsigned: Adaptec>
2007-02-12 18:37:52 0 d-------- C:\WINDOWS\LastGood
2007-02-12 18:37:12 306688 --a------ C:\WINDOWS\IsUninst.exe<Unsigned: InstallShield Software Corporation>
2007-02-12 09:02:41 0 d-------- C:\Program Files\Sony Ericsson<SONYER~1>
2007-02-12 09:02:41 0 d-a------ C:\Documents and Settings\All Users\Application Data\Sony Ericsson<SONYER~1>
2007-02-12 08:39:30 79248 -ra------ C:\WINDOWS\System32\drivers\k600mgmt.sys<Signed: MCCI>
2007-02-12 08:39:30 6112 -ra------ C:\WINDOWS\System32\drivers\k600cmnt.sys<Signed: MCCI>
2007-02-12 08:39:30 6112 -ra------ C:\WINDOWS\System32\drivers\k600cm.sys<Signed: MCCI>
2007-02-12 08:39:03 77072 -ra------ C:\WINDOWS\System32\drivers\k600obex.sys<Signed: MCCI>
2007-02-12 08:38:27 6096 -ra------ C:\WINDOWS\System32\drivers\k600mdfl.sys<Signed: MCCI>
2007-02-12 08:38:26 87456 -ra------ C:\WINDOWS\System32\drivers\k600mdm.sys<Signed: MCCI>
2007-02-12 08:35:33 5744 -ra------ C:\WINDOWS\System32\drivers\k600whnt.sys<Signed: MCCI>
2007-02-12 08:35:33 5744 -ra------ C:\WINDOWS\System32\drivers\k600wh.sys<Signed: MCCI>
2007-02-12 08:35:33 52384 -ra------ C:\WINDOWS\System32\drivers\k600bus.sys<Signed: MCCI>
2007-02-12 08:35:32 0 d-------- C:\WINDOWS\LastGood.Tmp
2007-02-12 08:31:00 7639 --a------ C:\WINDOWS\extend.dat
2007-02-12 01:16:51 0 d-------- C:\Program Files\Common Files\Teleca Shared<TELECA~1>
2007-02-12 01:15:18 0 d-------- C:\WINDOWS\RegisteredPackages<REGIST~2>
2007-02-12 01:12:51 354816 --a------ C:\WINDOWS\System32\psisdecd.dll<Signed: n/a>
2007-02-12 01:12:47 733184 --a------ C:\WINDOWS\System32\qedwipes.dll<Signed: n/a>
2007-02-12 01:12:47 1798144 --a------ C:\WINDOWS\System32\qedit.dll<Signed: n/a>
2007-02-12 01:12:47 173056 --a------ C:\WINDOWS\System32\qasf.dll<Signed: n/a>
2007-02-12 01:12:47 13312 --a------ C:\WINDOWS\System32\msdmo.dll<Signed: n/a>
2007-02-12 01:12:46 1962496 --a------ C:\WINDOWS\System32\quartz.dll<Signed: n/a>
2007-02-12 01:12:46 470528 --a------ C:\WINDOWS\System32\qdvd.dll<Signed: n/a>
2007-02-12 01:12:46 316928 --a------ C:\WINDOWS\System32\qdv.dll<Signed: n/a>
2007-02-12 01:12:46 257024 --a------ C:\WINDOWS\System32\qcap.dll<Signed: n/a>
2007-02-12 01:12:46 34304 --a------ C:\WINDOWS\System32\mciqtz32.dll<Signed: n/a>
2007-02-12 01:12:45 132608 --a------ C:\WINDOWS\System32\devenum.dll<Signed: n/a>
2007-02-12 01:12:45 64512 --a------ C:\WINDOWS\System32\amstream.dll<Signed: n/a>
2007-02-12 01:12:43 1703936 --a------ C:\WINDOWS\System32\d3d9.dll<Unsigned: Microsoft Corporation>
2007-02-12 01:12:41 1769472 --a------ C:\WINDOWS\System32\dxdiagn.dll<Unsigned: Microsoft Corporation>
2007-02-12 01:08:54 0 d-------- C:\WINDOWS\System32\appmgmt
2007-02-11 22:49:48 0 d-------- C:\WINDOWS\Downloaded Installations<DOWNLO~2>
2007-02-11 22:49:36 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-11 18:50:55 0 d-a------ C:\Documents and Settings\LocalService\Application Data\Webroot
2007-02-11 18:50:51 21056 --a------ C:\WINDOWS\System32\drivers\sskbfd.sys<Signed: Webroot Software Inc (www.webroot.com)>
2007-02-11 18:50:51 144448 --a------ C:\WINDOWS\System32\drivers\ssidrv.sys<Signed: Webroot Software Inc (www.webroot.com)>
2007-02-11 18:50:51 22080 --a------ C:\WINDOWS\System32\drivers\sshrmd.sys<Signed: Webroot Software Inc (www.webroot.com)>
2007-02-11 18:50:51 20544 --a------ C:\WINDOWS\System32\drivers\SSFS0509.sys<Signed: Webroot Software Inc (www.webroot.com)>
2007-02-11 18:50:36 0 d-------- C:\Program Files\Webroot
2007-02-11 18:50:36 0 d-a------ C:\Documents and Settings\All Users\Application Data\Webroot
2007-02-11 18:50:16 164 -----n--- C:\install.dat
2007-02-11 00:55:03 0 d-a------ C:\Documents and Settings\saima\Application Data\GetRightToGo<GETRIG~1>
2007-02-10 20:35:09 0 d-a------ C:\Documents and Settings\saima\Application Data\Webroot
2007-02-10 20:17:18 0 d-a------ C:\Documents and Settings\saima\Application Data\MSN6
2007-02-10 20:17:18 0 d-a------ C:\Documents and Settings\All Users\Application Data\MSN6
2007-02-10 09:44:34 93952 --a------ C:\WINDOWS\System32\drivers\cwcwdm.sys<Signed: Crystal Semiconductor Corp.>
2007-02-10 09:43:59 320384 --a------ C:\WINDOWS\System32\drivers\G200m.sys<Signed: Matrox Graphics Inc.>
2007-02-10 09:43:58 470144 --a------ C:\WINDOWS\System32\G200d.dll<Signed: Matrox Graphics Inc.>
2007-02-10 09:43:42 111872 --a------ C:\WINDOWS\System32\drivers\cwcspud.sys<Signed: Crystal Semiconductor Corp.>
2007-02-10 09:43:42 3584 --a------ C:\WINDOWS\System32\drivers\cwcos.sys<Signed: Crystal Semiconductor Corp.>
2007-02-10 09:43:42 0 d-------- C:\WINDOWS\cwcdata
2007-02-10 09:43:35 23070 --a------ C:\WINDOWS\System32\drivers\RTL8139.sys<Signed: Realtek Semiconductor Corporation >
2007-02-10 09:41:24 0 d-------- C:\Program Files\Common Files\ODBC
2007-02-10 09:41:13 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-02-10 09:41:12 0 dr------- C:\Program Files<PROGRA~1>
2007-02-10 09:40:52 85020 --a------ C:\WINDOWS\System32\dgsetup.dll<Signed: Digi International>
2007-02-10 09:40:52 176157 --a------ C:\WINDOWS\System32\dgrpsetu.dll<Signed: Digi International, Inc.>
2007-02-10 09:40:51 24661 --a------ C:\WINDOWS\System32\spxcoins.dll<Signed: Perle Systems Ltd.>
2007-02-10 09:40:51 103424 --a------ C:\WINDOWS\System32\EqnClass.Dll<Signed: Equinox Systems Inc.>
2007-02-10 09:40:22 0 dra------ C:\Documents and Settings\All Users\Documents<DOCUME~1>
2007-02-10 09:39:49 0 d-------- C:\WINDOWS\System32\CatRoot2
2007-02-10 09:39:49 0 d-------- C:\WINDOWS\System32\CatRoot
2007-02-10 09:39:21 0 d-a------ C:\Documents and Settings<DOCUME~1>
2007-02-10 09:31:27 0 d-------- C:\WINDOWS
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\WinSxS
2007-02-10 09:31:27 0 dr------- C:\WINDOWS\Web
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\twain_32
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\system32
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\wins
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\wbem
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\usmt
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\spool
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\ShellExt
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\Setup
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\ras
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\oobe
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\npp
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\mui
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\inetsrv
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\IME
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\icsxml
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\ias
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\export
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\drivers
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\drivers\etc
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\drivers\disdn
2007-02-10 09:31:27 0 dr-hs--c- C:\WINDOWS\System32\dllcache
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\dhcp
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\config
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\3com_dmi
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\3076
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\2052
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\1054
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\1042
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\1041
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\1037
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\1033
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\1031
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\1028
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\System32\1025
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\system
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\security
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\Resources<RESOUR~1>
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\repair
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\mui
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\msagent
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\Media
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\java
2007-02-10 09:31:27 0 d--h----- C:\WINDOWS\inf
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\ime
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\Help
2007-02-10 09:31:27 0 dr--s---- C:\WINDOWS\Fonts
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1>
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\Debug
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\Cursors
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1>
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\Config
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\AppPatch
2007-02-10 09:31:27 0 d-------- C:\WINDOWS\addins
2007-02-10 00:55:17 0 d-a------ C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-02-10 00:44:57 0 d-------- C:\Program Files\Yahoo!
2007-02-10 00:04:38 90112 --a------ C:\WINDOWS\System32\AVASTSS.scr
2007-02-09 23:57:29 85952 --a------ C:\WINDOWS\System32\drivers\aswmon.sys<Unsigned: ALWIL Software>
2007-02-09 23:57:20 348160 --a------ C:\WINDOWS\System32\MSVCR71.dll<Unsigned: Microsoft Corporation>
2007-02-09 23:57:20 499712 --a------ C:\WINDOWS\System32\MSVCP71.dll<Unsigned: Microsoft Corporation>
2007-02-09 23:57:20 1060864 --a------ C:\WINDOWS\System32\MFC71.dll<Unsigned: Microsoft Corporation>
2007-02-09 23:57:20 689280 --a------ C:\WINDOWS\System32\aswBoot.exe<Signed: n/a>
2007-02-09 23:57:19 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-02-09 23:51:51 0 d-------- C:\WINDOWS\pss
2007-02-09 23:50:36 0 d--hs---- C:\RECYCLER
2007-02-09 23:46:51 0 d-------- C:\WINDOWS\forms
2007-02-09 23:46:50 0 d-------- C:\Program Files\Windows Messaging<WINDOW~4>
2007-02-09 23:42:17 0 d-a-s---- C:\Documents and Settings\saima\UserData
2007-02-09 23:29:42 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1>
2007-02-09 23:29:14 1835008 --a------ C:\Documents and Settings\saima\NTUSER.DAT
2007-02-09 23:06:51 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-02-09 23:06:42 0 d-------- C:\WINDOWS\Prefetch
2007-02-09 23:06:40 233472 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT
2007-02-09 23:06:39 233472 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-02-09 23:00:17 0 d-------- C:\WINDOWS\System32\xircom
2007-02-09 23:00:17 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-02-09 22:59:27 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-02-09 22:59:14 0 -r-hs---- C:\MSDOS.SYS<Unsigned: n/a>
2007-02-09 22:59:14 0 -r-hs---- C:\IO.SYS<Unsigned: n/a>
2007-02-09 22:59:14 0 -----n--- C:\CONFIG.SYS<Unsigned: n/a>
2007-02-09 22:59:14 0 -----n--- C:\AUTOEXEC.BAT
2007-02-09 22:56:54 0 d-ahs---- C:\Documents and Settings\All Users\DRM
2007-02-09 22:56:27 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-02-09 22:56:27 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-02-09 22:55:25 0 d-------- C:\WINDOWS\System32\DirectX
2007-02-09 22:54:22 28672 --a------ C:\WINDOWS\System32\isrdbg32.dll<Signed: Intel Corporation>
2007-02-09 22:54:12 0 d---s---- C:\WINDOWS\Tasks
2007-02-09 22:54:06 0 d-------- C:\Program Files\Common Files\MSSoap
2007-02-09 22:53:58 0 d-------- C:\WINDOWS\srchasst
2007-02-09 22:53:57 0 d-------- C:\WINDOWS\System32\Macromed
2007-02-09 22:53:54 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-02-09 22:53:44 0 d-------- C:\WINDOWS\PCHealth
2007-02-09 22:53:43 0 d-------- C:\WINDOWS\System32\Restore
2007-02-09 22:52:20 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat<EMPTYR~1.DAT>
2007-02-09 22:51:53 0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-02-09 22:51:40 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-02-09 22:51:40 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-02-09 22:51:19 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-02-09 22:51:02 489984 --a------ C:\WINDOWS\System32\hypertrm.dll<Signed: Hilgraeve, Inc.>
2007-02-09 22:51:02 44544 --a------ C:\WINDOWS\System32\hticons.dll<Signed: Hilgraeve, Inc.>
2007-02-09 22:50:46 1161 --a------ C:\WINDOWS\System32\usrlogon.cmd
2007-02-09 22:50:13 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-02-09 22:50:07 0 d-------- C:\WINDOWS\System32\MsDtc
2007-02-09 22:50:06 0 d-------- C:\WINDOWS\System32\Com

-- Find3M Re-----------
2007-02-16 02:03:00 0 d-a-s---- C:\Documents and Settings\Naim\Application Data\Microsoft<MICROS~1>
2007-02-15 12:30:05 0 d-------- C:\Documents and Settings\Naim\Application Data\Macromedia<MACROM~1>
2007-02-15 12:11:22 0 d-------- C:\Documents and Settings\Naim\Application Data\Identities<IDENTI~1>
2007-02-10 09:40:22 62 --ahs---- C:\Documents and Settings\Naim\Application Data\desktop.ini
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\System32\sirenacm.dll<Signed: Microsoft Corp.>

-- Registry -----------
-- End of ComboScan: finished at 2007-02-22 at 01:3-
behgazi

Report Offensive Follow Up For Removal


undetected virus Virus or bad HD? Undetectable Virus deleting boot record Undetectable Virus??? :( Do I have an undetected virus?	Antivirus preference? Undetected Virus??? Please help!!!!! Opaserv & printing problems Virus [inetcpl.exe] undetected with

Response Number 6

Name: behgazi
Date: February 21, 2007 at 06:49:31 Pacific

Reply: (edit)

supplimentry text is;

ComboScan v20070212.14 run by Naim on 2007-02-22 at 00:33:21
Supplementary logfile - please post this as an attachment with your post.
----------------------
-- System Informa------
Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English
CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 255.48 MiB / 101.18 MiB
Pagefile Memory (total/avail): 618.38 MiB / 471.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 2007.25 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 9.41 GiB total, 5.96 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

-- Security Ce---------
AUOptions is disabled.
AUState says computer has updates disabled.
Windows Internal Firewall is unknown.
-- Environment Varia---
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Naim\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME-LSNL0J2R23
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Naim
LOGONSERVER=\\HOME-LSNL0J2R23
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0803
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Naim\LOCALS~1\Temp
TMP=C:\DOCUME~1\Naim\LOCALS~1\Temp
USERDOMAIN=HOME-LSNL0J2R23
USERNAME=Naim
USERPROFILE=C:\Documents and Settings\Naim
windir=C:\WINDOWS

-- User Prof-----------
Naim [I](admin)[/I]

-- Add/Remove Prog-----
-- End of ComboScan: finished at 2007-02-22 at 01:3-
behgazi

Report Offensive Follow Up For Removal

Response Number 7

Name: jabuck
Date: February 21, 2007 at 14:35:43 Pacific

Reply: (edit)

I don't see anything that looks suspicious.
There are 2 BHO's in your Hijack this log you can remove.
Run Hijack This from , close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked":
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
I suspect that your video card or onboard video is causing the problem.
You should borrow a monitor and see if it has the same problem as the one you have now. If the problem clears up you know it is a monitor prob.

Report Offensive Follow Up For Removal

Response Number 8

Name: behgazi
Date: February 21, 2007 at 17:33:59 Pacific

Reply: (edit)

Thanks for your help and time, i've done it. lets see how it works.
now one last thing,all the files which i had downloaded (hijack , smithfraud etc) what to do with it?

behgazi

Report Offensive Follow Up For Removal

Response Number 9

Name: jabuck
Date: February 21, 2007 at 19:12:49 Pacific

Reply: (edit)

You can uninstall/delete all the programs we used.

Report Offensive Follow Up For Removal

Typing and lost/missing c...

clicking noise

Use following form to reply to current message:

Name: From My Computing.Net Settings E-Mail: From My Computing.Net Settings Subject: undetectable virus

Comments:

  Homepage URL (*): 
Homepage Title (*): 
         Image URL:

Have you ever used OpenOffice?

Poll Finishes In 5 Days.
Discuss in The Lounge

use of disk defragmenter?

Recording data

Share Interet XP to 2000

Bootable cd and start SIW

western digital 80GB HD problem.

All Posts Awaiting Replies