Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Can't Search Over Google And Yahoo! Need Immediate Help!


  • This topic is locked This topic is locked
13 replies to this topic

#1 Hurricane Andrew

Hurricane Andrew

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 06 May 2007 - 08:13 PM

Greetings!

Please help me. I am having a problem when searching over Yahoo and Google. When I open Google site, it redirects me to a dead page, http:///. I also tried searching over Yahoo! Search and it returns also a dead with a message Page cannot be displayed. I have an active internet connection. In fact I can browse over other webpages, in this computer and can open other search engines like altavista. I can open Google and Yahoo! Search on the others, it's just on this particular unit that's encountering the problem. Could this be caused by a malware? I have tried using WinXP Network Diagnostic Tool and here what I got:

Last diagnostic run time: 05/07/07 10:16:31 Network Adapter Diagnostic
Network location detection

info Using home Internet connection
info Redirecting user to support call

HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

warn FTP (Passive): Error 12015 connecting to ftp.microsoft.com: The login request was denied
info HTTP: Successfully connected to www.microsoft.com.
warn FTP (Active): Error 12015 connecting to ftp.microsoft.com: The login request was denied
info HTTPS: Successfully connected to www.microsoft.com.
error Could not make an FTP connection.


I have check checked my firewall (built-in windows firewall) settings and it seems to be OK. I have attached here my recent HJT log. Please help me analyze it. I really need to have this problem fixed because I am having a research. PLease help. Thank you in advance. More power!

Logfile of HijackThis v1.99.1
Scan saved at 10:11:24 AM, on 5/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\VM303_STI.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Caffe\Server.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SetUp\login.mpr
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: 72.232.209.204 search.live.com
O1 - Hosts: 72.232.209.204 www.google.com
O1 - Hosts: 72.232.209.204 google.com
O1 - Hosts: 72.232.209.204 search.msn.com
O1 - Hosts: 72.232.209.204 auto.search.msn.com
O1 - Hosts: 72.232.209.204 www.live.com
O1 - Hosts: 72.232.209.204 live.com
O1 - Hosts: 72.232.209.204 search.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Caffe-Server] c:\program files\Caffe\Server.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1178076761359
O17 - HKLM\System\CCS\Services\Tcpip\..\{13165D5A-988F-4CC2-8AD1-717716E80A32}: NameServer = 203.177.255.10,203.127.225.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{13165D5A-988F-4CC2-8AD1-717716E80A32}: NameServer = 203.177.255.10,203.127.225.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{13165D5A-988F-4CC2-8AD1-717716E80A32}: NameServer = 203.177.255.10,203.127.225.10
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    Advertisements

Register to Remove


#2 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 07 May 2007 - 07:32 AM

Hello Hurricane Andrew and Welcome to TomCoyote,

Please do the following:

HostsXpert

Please download HoxtXpert.
  • Unzip HostsXpert.zip
  • Double click on HostsXpert.exe
  • Then click on "Restore Original Hosts" to restore your Hosts file to its default condidtion..
  • Click on Make Hosts Read Only to secure it against further infection.
  • Close program when complete.
Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#3 Hurricane Andrew

Hurricane Andrew

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 08 May 2007 - 09:23 PM

Thank you so much! I can now search over Google and Yahoo! My computer seems to be OK but I am not sure if I am safe from spyware or malware. I am not an expert in analyzing HJT log file. Anyway, here is my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:33:09 AM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\program files\Caffe\Server.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [Caffe-Server] c:\program files\Caffe\Server.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1178076761359
O17 - HKLM\System\CCS\Services\Tcpip\..\{13165D5A-988F-4CC2-8AD1-717716E80A32}: NameServer = 203.177.255.10,203.127.225.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{13165D5A-988F-4CC2-8AD1-717716E80A32}: NameServer = 203.177.255.10,203.127.225.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{13165D5A-988F-4CC2-8AD1-717716E80A32}: NameServer = 203.177.255.10,203.127.225.10
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


#4 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 09 May 2007 - 05:49 AM

Hi Hurricane Andrew,

Glad you got google and yahoo back. Were you in Hurricane Andrew? We evacuated for Ivan, and Dennis missed us at the last moment. I hope 2007 will not be bad!

Let's do a Kaspersky scan and the DSS scanner which provides much information.

Please perform an online scan with Internet Explorer at
http://www.kaspersky...apter=161739400

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      Extended
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
**Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

======
Deckard’s System Scanner

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
So please post (reply) with the results from Deckard’s System Scanner and the Kaspersky log.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#5 Hurricane Andrew

Hurricane Andrew

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 09 May 2007 - 09:39 PM

Hi! Here are the logs you requested.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 10, 2007 11:37:02 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 10/05/2007
Kaspersky Anti-Virus database records: 315982
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 74113
Number of viruses found: 1
Number of infected objects: 2 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:37:13

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Contol\4800.DAT Object is locked skipped
C:\Documents and Settings\Contol\4800.IDX Object is locked skipped
C:\Documents and Settings\Contol\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Contol\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Contol\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Contol\Local Settings\Application Data\Identities\{2FC55578-E9ED-4845-B10E-5DFD235B0EDC}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Contol\Local Settings\Application Data\Identities\{2FC55578-E9ED-4845-B10E-5DFD235B0EDC}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Contol\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Contol\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Contol\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Contol\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Contol\Local Settings\History\History.IE5\MSHist012007051020070511\index.dat Object is locked skipped
C:\Documents and Settings\Contol\Local Settings\Temp\Perflib_Perfdata_1e4.dat Object is locked skipped
C:\Documents and Settings\Contol\Local Settings\Temp\~DF1AD7.tmp Object is locked skipped
C:\Documents and Settings\Contol\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Contol\My Documents\Nero-7.8.5.0_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Contol\My Documents\Nero-7.8.5.0_eng_trial.exe RAR: infected - 1 skipped
C:\Documents and Settings\Contol\ntuser.dat Object is locked skipped
C:\Documents and Settings\Contol\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Caffe\Baze\Data.dat Object is locked skipped
C:\Program Files\Caffe\Baze\Data.idx Object is locked skipped
C:\Program Files\Caffe\Baze\Kod.dat Object is locked skipped
C:\Program Files\Caffe\Baze\Kod.IDX Object is locked skipped
C:\Program Files\Caffe\Baze\Log.dat Object is locked skipped
C:\Program Files\Caffe\Baze\Log.IDX Object is locked skipped
C:\Program Files\Caffe\Baze\Members.dat Object is locked skipped
C:\Program Files\Caffe\Baze\Members.idx Object is locked skipped
C:\Program Files\Caffe\Baze\Racun.dat Object is locked skipped
C:\Program Files\Caffe\Baze\Racun.IDX Object is locked skipped
C:\Program Files\Caffe\Baze\Stanje.dat Object is locked skipped
C:\Program Files\Caffe\Baze\Stanje.IDX Object is locked skipped
C:\Program Files\Caffe\Baze\Usluge.dat Object is locked skipped
C:\Program Files\Caffe\Baze\Usluge.IDX Object is locked skipped
C:\Program Files\Caffe\Baze\WaitList.dat Object is locked skipped
C:\Program Files\Caffe\Baze\WaitList.IDX Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Contol.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Contol.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Contol.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{41647796-F2F6-427A-AF20-07D53BE8A6A1}\RP37\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


DDS scan logs:

Main.Txt

Deckard's System Scanner v20070426.43
Run by Contol on 2007-05-10 at 11:41:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
38: 2007-05-10 03:41:25 UTC - RP38 - Deckard's System Scanner Restore Point
37: 2007-05-09 14:36:05 UTC - RP37 - System Checkpoint
36: 2007-05-07 11:56:41 UTC - RP36 - Unsigned driver install
35: 2007-05-07 11:55:37 UTC - RP35 - Installed TOSHIBA Bluetooth Stack for Windows
34: 2007-05-06 19:01:02 UTC - RP34 - Software Distribution Service 2.0


-- First Restore Point --
1: 2007-04-23 04:08:43 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Contol.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:42:10 AM, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\program files\Caffe\Server.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Contol\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Contol.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [Caffe-Server] c:\program files\Caffe\Server.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1178076761359
O17 - HKLM\System\CCS\Services\Tcpip\..\{13165D5A-988F-4CC2-8AD1-717716E80A32}: NameServer = 203.177.255.10,203.127.225.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{13165D5A-988F-4CC2-8AD1-717716E80A32}: NameServer = 203.177.255.10,203.127.225.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{13165D5A-988F-4CC2-8AD1-717716E80A32}: NameServer = 203.177.255.10,203.127.225.10
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>

S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 SoundMAX Agent Service (default) (SoundMAX Agent Service) - c:\program files\analog devices\soundmax\smagent.exe <Not Verified; Analog Devices, Inc.; SoundMAX service agent>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Files created between 2007-04-10 and 2007-05-10 -----------------------------

2007-05-10 10:05:42 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-10 06:41:53 0 d-------- C:\WINDOWS\LastGood
2007-05-09 05:39:54 5503 --a-----t C:\Documents and Settings\Contol\4800.DAT
2007-05-07 19:58:28 5503 --a-----t C:\Documents and Settings\Contol\12760.DAT
2007-05-07 11:22:22 5503 --a-----t C:\Documents and Settings\Contol\18440.DAT
2007-05-05 18:21:41 14 --a------ C:\WINDOWS\popcinfo.dat
2007-05-05 04:27:22 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2007-05-05 04:10:47 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-05-04 21:43:42 0 d-------- C:\Program Files\MSXML 6.0
2007-05-04 21:43:00 0 d-------- C:\Program Files\MSXML 4.0
2007-05-04 19:17:31 0 d-------- C:\Documents and Settings\Contol\Application Data\Ahead
2007-05-04 19:15:53 0 d-------- C:\Program Files\Nero
2007-05-04 19:15:53 0 d-------- C:\Program Files\Common Files\Ahead
2007-05-04 19:15:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-05-04 09:09:18 0 d-------- C:\Program Files\MSBuild
2007-05-04 09:05:35 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-05-04 09:04:55 0 d-------- C:\Program Files\Reference Assemblies
2007-05-04 09:03:59 0 d-------- C:\f856a35a445a82b772
2007-05-04 09:03:29 0 d-------- C:\Program Files\Windows Media Connect 2
2007-05-04 09:01:59 0 d-------- C:\WINDOWS\system32\LogFiles
2007-05-04 09:01:59 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-04 08:56:40 0 d-------- C:\WINDOWS\RegisteredPackages
2007-05-04 08:54:45 0 d-------- C:\WINDOWS\system32\URTTemp
2007-05-04 03:32:11 0 d-------- C:\Program Files\Webzen
2007-05-03 10:16:43 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-05-03 10:16:15 0 d-------- C:\WINDOWS\network diagnostic
2007-05-02 11:37:44 0 d-------- C:\WINDOWS\system32\PreInstall
2007-05-02 11:33:24 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-05-02 11:27:36 0 d-------- C:\Documents and Settings\Contol\Application Data\Leadertech
2007-05-02 09:16:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Transparent
2007-05-02 09:16:40 0 d-------- C:\Program Files\Transparent
2007-04-29 12:47:46 0 d-------- C:\Program Files\EPSON
2007-04-29 03:03:21 0 d-------- C:\Documents and Settings\Contol\Application Data\AdobeAUM
2007-04-29 03:03:20 0 d-------- C:\Documents and Settings\Contol\Application Data\AdobeUM
2007-04-28 22:25:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-04-28 22:25:33 0 d-------- C:\WINDOWS\Downloaded Installations
2007-04-27 11:22:30 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-04-27 11:22:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-04-27 11:22:19 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-04-27 10:54:29 77824 --a------ C:\WINDOWS\system32\utc0.dll
2007-04-27 10:54:29 45056 --a------ C:\WINDOWS\system32\_isusr2k.dll
2007-04-27 10:40:04 0 d-------- C:\Program Files\Toshiba
2007-04-27 10:01:12 0 dr-h----- C:\Documents and Settings\Contol\Application Data\yahoo!
2007-04-27 08:18:23 0 d-------- C:\Program Files\Microsoft.NET
2007-04-27 08:18:12 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-04-27 08:07:27 0 d-------- C:\Documents and Settings\Contol\Application Data\Sharp
2007-04-27 07:52:05 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-04-27 07:52:04 0 d-------- C:\Documents and Settings\Contol\WINDOWS
2007-04-27 07:46:38 0 d-------- C:\WINDOWS\EffectResources
2007-04-27 07:46:37 0 d-------- C:\WINDOWS\CatRoot
2007-04-27 07:46:37 0 d-------- C:\Program Files\Vimicro
2007-04-27 07:38:55 0 d-------- C:\WINDOWS\LastGood(2)
2007-04-27 07:25:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-04-27 03:41:33 5503 --a-----t C:\Documents and Settings\Contol\17800.DAT
2007-04-26 23:35:12 0 d-------- C:\Program Files\NetGames(2)
2007-04-26 10:50:48 0 dr-h----- C:\$VAULT$.AVG
2007-04-24 12:08:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-04-24 11:44:57 0 d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2007-04-24 11:41:41 0 d-------- C:\Program Files\Yahoo!
2007-04-24 11:38:30 0 d--hs---- C:\Documents and Settings\Contol\UserData
2007-04-24 09:16:26 0 d-------- C:\Documents and Settings\Contol\Application Data\Lavasoft
2007-04-24 06:23:50 0 d-------- C:\Documents and Settings\Contol\Application Data\Google
2007-04-24 06:16:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-04-24 06:16:30 0 d-------- C:\Program Files\Google
2007-04-24 06:13:34 0 d-------- C:\Documents and Settings\Contol\Application Data\Macromedia
2007-04-23 20:40:13 5503 --a-----t C:\Documents and Settings\Contol\17640.DAT
2007-04-23 19:51:42 0 d--hs---- C:\WINDOWS\Installer
2007-04-23 19:51:41 0 d-------- C:\Program Files\Common Files\ODBC
2007-04-23 19:51:39 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-23 19:51:38 0 dr------- C:\Program Files
2007-04-23 19:51:18 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-04-23 19:51:18 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-04-23 19:51:18 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-04-23 19:51:18 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-04-23 19:51:18 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-04-23 19:51:18 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-04-23 19:51:18 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-04-23 19:51:18 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-04-23 19:51:18 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-04-23 19:51:18 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-04-23 19:51:18 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-04-23 19:51:18 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-04-23 19:51:18 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-04-23 19:51:18 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-04-23 19:51:18 0 dr------- C:\Documents and Settings\All Users\Documents
2007-04-23 19:51:18 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-04-23 19:51:06 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-04-23 19:51:06 0 d-------- C:\WINDOWS\system32\CatRoot
2007-04-23 19:51:01 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-04-23 19:51:01 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-04-23 19:51:01 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-04-23 19:51:01 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-04-23 19:50:38 0 d-------- C:\Documents and Settings
2007-04-23 19:50:37 0 d--hs---- C:\System Volume Information
2007-04-23 19:45:25 0 d-------- C:\WINDOWS
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\WinSxS
2007-04-23 19:45:25 0 dr------- C:\WINDOWS\Web
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\twain_32
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\wins
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\wbem
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\usmt
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\spool
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\ShellExt
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\Setup
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\ras
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\oobe
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\npp
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\mui
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\inetsrv
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\IME
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\icsxml
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\ias
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\export
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\drivers
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-23 19:45:25 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\dhcp
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\config
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\3076
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\2052
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\1054
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\1042
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\1041
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\1037
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\1033
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\1031
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\1028
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\1025
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\security
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\Resources
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\repair
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\Provisioning
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\PeerNet
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\pchealth
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\mui
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\msapps
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\msagent
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\Media
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\java
2007-04-23 19:45:25 0 d--h----- C:\WINDOWS\inf
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\ime
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\Help
2007-04-23 19:45:25 0 dr--s---- C:\WINDOWS\Fonts
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\Driver Cache
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\Debug
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\Cursors
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\Connection Wizard
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\Config
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\AppPatch
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\addins
2007-04-23 13:52:08 0 d-------- C:\WINDOWS\system32\Adobe
2007-04-23 13:52:08 0 d-------- C:\Documents and Settings\Contol\Application Data\Adobe
2007-04-23 13:46:26 0 d-------- C:\Program Files\SetUp
2007-04-23 13:33:05 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-23 13:29:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-04-23 13:26:05 0 d-------- C:\Documents and Settings\Contol\Application Data\AVG7
2007-04-23 13:25:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft(2)
2007-04-23 13:25:44 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7(2)
2007-04-23 13:23:05 0 d-------- C:\Program Files\Lavasoft
2007-04-23 13:20:13 0 d-------- C:\WINDOWS\pss
2007-04-23 13:15:58 0 d-------- C:\WINDOWS\system32\SCDRV
2007-04-23 13:07:25 0 d-------- C:\WINDOWS\SHELLNEW
2007-04-23 13:04:32 2097152 --a------ C:\Documents and Settings\Contol\ntuser.dat
2007-04-23 12:53:46 32768 --a------ C:\WINDOWS\VMZoom.exe <Not Verified; Vimicro; >
2007-04-23 12:53:46 24576 --a------ C:\WINDOWS\VMPipe.dll <Not Verified; ; ZSMCSecret Dynamic Link Library>
2007-04-23 12:22:22 0 d-------- C:\WINDOWS\nview
2007-04-23 12:16:31 0 d-------- C:\Program Files\Marvell
2007-04-23 12:15:16 30208 --a------ C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2007-04-23 12:15:15 1285632 --a------ C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2007-04-23 12:15:13 765952 --a------ C:\WINDOWS\system\crlds3d.dll <Not Verified; Sensaura Ltd; Sensaura 3DPA>
2007-04-23 12:15:12 0 d-------- C:\WINDOWS\VirtualEar
2007-04-23 12:15:11 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2007-04-23 12:15:11 0 d-------- C:\Program Files\Analog Devices
2007-04-23 12:15:10 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2007-04-23 12:15:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-23 12:14:58 0 d-------- C:\Program Files\Common Files\InstallShield
2007-04-23 12:13:21 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-23 12:13:20 0 d-------- C:\Program Files\Intel
2007-04-23 12:12:59 5824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-04-23 12:10:07 0 d-------- C:\Program Files\Caffe
2007-04-23 12:08:31 0 d-------- C:\Documents and Settings\Contol\Application Data\Identities
2007-04-23 12:08:22 0 d--h----- C:\Documents and Settings\Contol\Templates
2007-04-23 12:08:22 0 dr------- C:\Documents and Settings\Contol\Start Menu
2007-04-23 12:08:22 0 dr-h----- C:\Documents and Settings\Contol\SendTo
2007-04-23 12:08:22 0 dr-h----- C:\Documents and Settings\Contol\Recent
2007-04-23 12:08:22 0 d--h----- C:\Documents and Settings\Contol\PrintHood
2007-04-23 12:08:22 0 d--h----- C:\Documents and Settings\Contol\NetHood
2007-04-23 12:08:22 0 dr------- C:\Documents and Settings\Contol\My Documents
2007-04-23 12:08:22 0 d--h----- C:\Documents and Settings\Contol\Local Settings
2007-04-23 12:08:22 0 dr------- C:\Documents and Settings\Contol\Favorites
2007-04-23 12:08:22 0 d-------- C:\Documents and Settings\Contol\Desktop
2007-04-23 12:08:22 0 d--hs---- C:\Documents and Settings\Contol\Cookies
2007-04-23 12:08:22 0 dr-h----- C:\Documents and Settings\Contol\Application Data
2007-04-23 12:07:15 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-04-23 12:07:13 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-04-23 12:07:13 0 d-------- C:\WINDOWS\Prefetch
2007-04-23 12:07:12 229376 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT
2007-04-23 12:07:12 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-04-23 12:07:12 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2007-04-23 12:07:12 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-04-23 12:07:12 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-04-23 12:07:04 225280 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-04-23 12:07:04 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-04-23 12:07:04 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2007-04-23 12:07:04 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-04-23 12:07:04 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-04-23 12:04:36 0 d-------- C:\WINDOWS\system32\xircom
2007-04-23 12:04:36 0 d-------- C:\Program Files\microsoft frontpage
2007-04-23 12:04:34 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-04-23 12:04:31 0 d--h----- C:\WINDOWS\$hf_mig$
2007-04-23 12:04:18 0 -rahs---- C:\MSDOS.SYS
2007-04-23 12:04:18 0 -rahs---- C:\IO.SYS
2007-04-23 12:04:18 0 --a------ C:\CONFIG.SYS
2007-04-23 12:04:18 0 --a------ C:\AUTOEXEC.BAT
2007-04-23 12:03:30 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-04-23 12:03:21 0 dr------- C:\WINDOWS\Offline Web Pages
2007-04-23 12:03:21 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-23 12:03:11 0 d--h----- C:\Program Files\WindowsUpdate
2007-04-23 12:02:55 0 d-------- C:\WINDOWS\system32\DirectX
2007-04-23 12:02:32 0 d---s---- C:\WINDOWS\Tasks
2007-04-23 12:02:31 0 d-------- C:\Program Files\Common Files\MSSoap
2007-04-23 12:02:28 0 d-------- C:\WINDOWS\system32\Macromed
2007-04-23 12:02:28 0 d-------- C:\WINDOWS\srchasst
2007-04-23 12:02:22 0 d-------- C:\Program Files\Movie Maker
2007-04-23 12:02:17 0 d-------- C:\WINDOWS\system32\Restore
2007-04-23 12:02:03 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-23 12:01:46 0 d-------- C:\WINDOWS\Registration
2007-04-23 12:01:21 0 d-------- C:\Program Files\Online Services
2007-04-23 12:01:17 0 d-------- C:\Program Files\Messenger
2007-04-23 12:01:14 0 d-------- C:\Program Files\MSN Gaming Zone
2007-04-23 12:00:48 0 d-------- C:\Program Files\Windows NT
2007-04-23 12:00:46 0 d-------- C:\WINDOWS\system32\MsDtc
2007-04-23 12:00:45 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2007-05-10 10:17:18 174 --a------ C:\WINDOWS\system32\TC0CLMON.DAT
2007-04-23 19:51:18 62 --ahs---- C:\Documents and Settings\Contol\Application Data\desktop.ini
2007-03-22 20:25:02 124928 -----n--- C:\WINDOWS\system32\prntvpt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"BigDog303"="C:\\WINDOWS\\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Caffe-Server"="c:\\program files\\Caffe\\Server.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"AutoUpdate"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\
Notification Packages REG_MULTI_SZ scecli\


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~2\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Bluetooth Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\Bluetooth Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Toshiba\\BLUETO~1\\TOSBTM~1.EXE "
"item"="Bluetooth Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VM303_STI"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Smax4"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMax4PNP"
"hkey"="HKLM"
"command"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
WudfServiceGroup REG_MULTI_SZ WUDFSvc\
bthsvcs REG_MULTI_SZ BthServ\


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e734404-f51e-11db-9c52-0017317838d5}]
Shell\Auto\command infrom.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e734406-f51e-11db-9c52-0017317838d5}]
Shell\AutoRun\command New Document.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e73441f-f51e-11db-9c52-0017317838d5}]
Shell\AutoRun\command E:\ie.exe
Shell\explore\Command E:\ie.exe
Shell\open\Command E:\ie.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e73442e-f51e-11db-9c52-0017317838d5}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e734438-f51e-11db-9c52-0017317838d5}]
Shell\Auto\command boot.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e73443d-f51e-11db-9c52-0017317838d5}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e734444-f51e-11db-9c52-0017317838d5}]
Shell\Auto\command E:\sxs2.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs2.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e734448-f51e-11db-9c52-0017317838d5}]
Shell\AutoRun\command New Document.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70874951-f8f2-11db-9c53-0017317838d5}]
Shell\Auto\command infrom.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70874954-f8f2-11db-9c53-0017317838d5}]
Shell\Auto\command E:\infrom.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b490377e-fdba-11db-9c5d-0017317838d5}]
Shell\Auto\command RavMonE.exe e
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5687622-fc95-11db-9c5c-0009dd50281f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5687624-fc95-11db-9c5c-0009dd50281f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs


-- End of Deckard's System Scanner: finished at 2007-05-10 at 11:42:57 ---------


Extra.Txt

Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 3.00GHz
CPU 1: Intel® Pentium® D CPU 3.00GHz
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 511.23 MiB / 185.27 MiB
Pagefile Memory (total/avail): 1250.06 MiB / 828.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1948.9 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 62.03 GiB free.
D: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.467 v7.5.467 (GRISOFT)


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Contol\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CONTROL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Contol
LOGONSERVER=\\CONTROL
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Contol\LOCALS~1\Temp
TMP=C:\DOCUME~1\Contol\LOCALS~1\Temp
USERDOMAIN=CONTROL
USERNAME=Contol
USERPROFILE=C:\Documents and Settings\Contol
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Contol (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
A4 TECH USB PC Camera H --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}\setup.exe" -l0x9
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIRC --> "\\Ebctc-10\mirc\mirc.exe" -uninstall
MSXML 6.0 Parser --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Nero 7 --> MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Ran Online --> "C:\Documents and Settings\Contol\My Documents\des\uninstall.exe"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TOSHIBA Bluetooth Stack for Windows --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
TOSHIBA MFP Driver --> C:\WINDOWS\ISUNINST.EXE -futc0.isu -cC:\WINDOWS\system32\utc0.dll
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- End of Deckard's System Scanner: finished at 2007-05-10 at 11:42:57 ---------


#6 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 10 May 2007 - 08:23 PM

Kaspersky log showed the following infected file which we need to delete

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\Documents and Settings\Contol\My Documents\Nero-7.8.5.0_eng_trial.exe<=file
Exit Explorer, and reboot as normal afterwards.

No Firewall Onboard

Also I do not see a firewall application installed. Perhaps you have a hardware firewall but a combination of both a software firewall and a hardware firewall is better. Just be sure there are no conflicts. Please do not rely solely on the Windows XP firewall. Using a software firewall other than the XP firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice:
Test your Firewall - Please test your firewall and make sure it is working properly.
Test Firewall

There are some registry entries that should be fixed and I am researching the best way to do it. Otherwise how is your computer running?
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#7 Hurricane Andrew

Hurricane Andrew

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 10 May 2007 - 10:13 PM

My computer seems to be working fine. I have the deleted detected carrying a malware. I have tested the scanners on Hackerwatch and it says I am secured. What concers are those files seens on registry like infrom.exe and ravmone.exe which I believe aren't built-in windows systems files. Can you help me how to remove it?

#8 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 11 May 2007 - 07:56 AM

Please do the following:

Backup the registry:

======
Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: If you should need to restore your registry, go to the folder and start ERDNT.exe

Then, go to start-->run

and type this in:
notepad

Paste this into the box:

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e73442e-f51e-11db-9c52-0017317838d5}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e734438-f51e-11db-9c52-0017317838d5}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e73443d-f51e-11db-9c52-0017317838d5}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e734444-f51e-11db-9c52-0017317838d5}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e734448-f51e-11db-9c52-0017317838d5}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70874951-f8f2-11db-9c53-0017317838d5}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70874954-f8f2-11db-9c53-0017317838d5}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b490377e-fdba-11db-9c5d-0017317838d5}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5687622-fc95-11db-9c5c-0009dd50281f}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5687624-fc95-11db-9c5c-0009dd50281f}]
Then click on the FILE menu and select save as
Save the file as regfix.reg. Save the file to the desktop.
IMPORTANT: make sure to save the file as "all types" and NOT as a text file
**

Now double click on regfix.reg and insert it into the registry.
Please run Deckard’s System Scanner again and post (reply) with the results.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#9 Hurricane Andrew

Hurricane Andrew

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 11 May 2007 - 08:49 PM

Here is the DSS Log after I have inserted the registry entry above. Haven't restarted my computer after inserting the register entry. Only the main.txt of DSS popped-up, the extra.txt didn't show up unlike the first time I run DSS.

From Main.Txt

Deckard's System Scanner v20070426.43
Run by Contol on 2007-05-12 at 10:56:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Contol.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:56:29 AM, on 5/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Caffe\Server.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Contol\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Contol.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [Caffe-Server] c:\program files\Caffe\Server.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1178076761359
O17 - HKLM\System\CCS\Services\Tcpip\..\{13165D5A-988F-4CC2-8AD1-717716E80A32}: NameServer = 203.177.255.10,203.127.225.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{13165D5A-988F-4CC2-8AD1-717716E80A32}: NameServer = 203.177.255.10,203.127.225.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{13165D5A-988F-4CC2-8AD1-717716E80A32}: NameServer = 203.177.255.10,203.127.225.10
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


-- Files created between 2007-04-12 and 2007-05-12 -----------------------------

2007-05-12 01:22:58 0 d-------- C:\Program Files\e-Games
2007-05-10 10:05:42 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-07 19:58:28 5503 --a-----t C:\Documents and Settings\Contol\12760.DAT
2007-05-07 11:22:22 5503 --a-----t C:\Documents and Settings\Contol\18440.DAT
2007-05-05 18:21:41 14 --a------ C:\WINDOWS\popcinfo.dat
2007-05-05 04:27:22 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2007-05-05 04:10:47 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-05-04 21:43:42 0 d-------- C:\Program Files\MSXML 6.0
2007-05-04 21:43:00 0 d-------- C:\Program Files\MSXML 4.0
2007-05-04 19:17:31 0 d-------- C:\Documents and Settings\Contol\Application Data\Ahead
2007-05-04 19:15:53 0 d-------- C:\Program Files\Nero
2007-05-04 19:15:53 0 d-------- C:\Program Files\Common Files\Ahead
2007-05-04 19:15:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-05-04 09:09:18 0 d-------- C:\Program Files\MSBuild
2007-05-04 09:05:35 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-05-04 09:04:55 0 d-------- C:\Program Files\Reference Assemblies
2007-05-04 09:03:59 0 d-------- C:\f856a35a445a82b772
2007-05-04 09:03:29 0 d-------- C:\Program Files\Windows Media Connect 2
2007-05-04 09:01:59 0 d-------- C:\WINDOWS\system32\LogFiles
2007-05-04 09:01:59 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-04 08:56:40 0 d-------- C:\WINDOWS\RegisteredPackages
2007-05-04 08:54:45 0 d-------- C:\WINDOWS\system32\URTTemp
2007-05-04 03:32:11 0 d-------- C:\Program Files\Webzen
2007-05-03 10:16:43 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-05-03 10:16:15 0 d-------- C:\WINDOWS\network diagnostic
2007-05-02 11:37:44 0 d-------- C:\WINDOWS\system32\PreInstall
2007-05-02 11:33:24 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-05-02 11:27:36 0 d-------- C:\Documents and Settings\Contol\Application Data\Leadertech
2007-05-02 09:16:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Transparent
2007-05-02 09:16:40 0 d-------- C:\Program Files\Transparent
2007-04-29 12:47:46 0 d-------- C:\Program Files\EPSON
2007-04-29 03:03:21 0 d-------- C:\Documents and Settings\Contol\Application Data\AdobeAUM
2007-04-29 03:03:20 0 d-------- C:\Documents and Settings\Contol\Application Data\AdobeUM
2007-04-28 22:25:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-04-28 22:25:33 0 d-------- C:\WINDOWS\Downloaded Installations
2007-04-27 11:22:30 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-04-27 11:22:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-04-27 11:22:19 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-04-27 10:54:29 77824 --a------ C:\WINDOWS\system32\utc0.dll
2007-04-27 10:54:29 45056 --a------ C:\WINDOWS\system32\_isusr2k.dll
2007-04-27 10:40:04 0 d-------- C:\Program Files\Toshiba
2007-04-27 10:01:12 0 dr-h----- C:\Documents and Settings\Contol\Application Data\yahoo!
2007-04-27 08:18:23 0 d-------- C:\Program Files\Microsoft.NET
2007-04-27 08:18:12 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-04-27 08:07:27 0 d-------- C:\Documents and Settings\Contol\Application Data\Sharp
2007-04-27 07:52:05 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-04-27 07:52:04 0 d-------- C:\Documents and Settings\Contol\WINDOWS
2007-04-27 07:46:38 0 d-------- C:\WINDOWS\EffectResources
2007-04-27 07:46:37 0 d-------- C:\WINDOWS\CatRoot
2007-04-27 07:46:37 0 d-------- C:\Program Files\Vimicro
2007-04-27 07:38:55 0 d-------- C:\WINDOWS\LastGood(2)
2007-04-27 07:25:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-04-27 03:41:33 5503 --a-----t C:\Documents and Settings\Contol\17800.DAT
2007-04-26 23:35:12 0 d-------- C:\Program Files\NetGames(2)
2007-04-26 10:50:48 0 dr-h----- C:\$VAULT$.AVG
2007-04-24 12:08:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-04-24 11:44:57 0 d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2007-04-24 11:41:41 0 d-------- C:\Program Files\Yahoo!
2007-04-24 11:38:30 0 d--hs---- C:\Documents and Settings\Contol\UserData
2007-04-24 09:16:26 0 d-------- C:\Documents and Settings\Contol\Application Data\Lavasoft
2007-04-24 06:23:50 0 d-------- C:\Documents and Settings\Contol\Application Data\Google
2007-04-24 06:16:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-04-24 06:16:30 0 d-------- C:\Program Files\Google
2007-04-24 06:13:34 0 d-------- C:\Documents and Settings\Contol\Application Data\Macromedia
2007-04-23 20:40:13 5503 --a-----t C:\Documents and Settings\Contol\17640.DAT
2007-04-23 19:51:42 0 d--hs---- C:\WINDOWS\Installer
2007-04-23 19:51:41 0 d-------- C:\Program Files\Common Files\ODBC
2007-04-23 19:51:39 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-23 19:51:38 0 dr------- C:\Program Files
2007-04-23 19:51:18 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-04-23 19:51:18 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-04-23 19:51:18 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-04-23 19:51:18 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-04-23 19:51:18 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-04-23 19:51:18 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-04-23 19:51:18 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-04-23 19:51:18 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-04-23 19:51:18 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-04-23 19:51:18 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-04-23 19:51:18 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-04-23 19:51:18 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-04-23 19:51:18 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-04-23 19:51:18 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-04-23 19:51:18 0 dr------- C:\Documents and Settings\All Users\Documents
2007-04-23 19:51:18 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-04-23 19:51:06 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-04-23 19:51:06 0 d-------- C:\WINDOWS\system32\CatRoot
2007-04-23 19:51:01 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-04-23 19:51:01 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-04-23 19:51:01 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-04-23 19:51:01 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-04-23 19:50:38 0 d-------- C:\Documents and Settings
2007-04-23 19:50:37 0 d--hs---- C:\System Volume Information
2007-04-23 19:45:25 0 d-------- C:\WINDOWS
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\WinSxS
2007-04-23 19:45:25 0 dr------- C:\WINDOWS\Web
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\twain_32
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\wins
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\wbem
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\usmt
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\spool
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\ShellExt
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\Setup
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\ras
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\oobe
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\npp
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\mui
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\inetsrv
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\IME
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\icsxml
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\ias
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\export
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\drivers
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-23 19:45:25 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\dhcp
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\config
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\3076
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\2052
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\1054
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\1042
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\1041
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\1037
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\1033
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\1031
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\1028
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system32\1025
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\system
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\security
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\Resources
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\repair
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\Provisioning
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\PeerNet
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\pchealth
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\mui
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\msapps
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\msagent
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\Media
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\java
2007-04-23 19:45:25 0 d--h----- C:\WINDOWS\inf
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\ime
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\Help
2007-04-23 19:45:25 0 dr--s---- C:\WINDOWS\Fonts
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\Driver Cache
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\Debug
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\Cursors
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\Connection Wizard
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\Config
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\AppPatch
2007-04-23 19:45:25 0 d-------- C:\WINDOWS\addins
2007-04-23 13:52:08 0 d-------- C:\WINDOWS\system32\Adobe
2007-04-23 13:52:08 0 d-------- C:\Documents and Settings\Contol\Application Data\Adobe
2007-04-23 13:46:26 0 d-------- C:\Program Files\SetUp
2007-04-23 13:33:05 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-23 13:29:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-04-23 13:26:05 0 d-------- C:\Documents and Settings\Contol\Application Data\AVG7
2007-04-23 13:25:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft(2)
2007-04-23 13:25:44 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7(2)
2007-04-23 13:23:05 0 d-------- C:\Program Files\Lavasoft
2007-04-23 13:20:13 0 d-------- C:\WINDOWS\pss
2007-04-23 13:15:58 0 d-------- C:\WINDOWS\system32\SCDRV
2007-04-23 13:07:25 0 d-------- C:\WINDOWS\SHELLNEW
2007-04-23 13:04:32 2097152 --a------ C:\Documents and Settings\Contol\ntuser.dat
2007-04-23 12:53:46 32768 --a------ C:\WINDOWS\VMZoom.exe <Not Verified; Vimicro; >
2007-04-23 12:53:46 24576 --a------ C:\WINDOWS\VMPipe.dll <Not Verified; ; ZSMCSecret Dynamic Link Library>
2007-04-23 12:22:22 0 d-------- C:\WINDOWS\nview
2007-04-23 12:16:31 0 d-------- C:\Program Files\Marvell
2007-04-23 12:15:16 30208 --a------ C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2007-04-23 12:15:15 1285632 --a------ C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2007-04-23 12:15:13 765952 --a------ C:\WINDOWS\system\crlds3d.dll <Not Verified; Sensaura Ltd; Sensaura 3DPA>
2007-04-23 12:15:12 0 d-------- C:\WINDOWS\VirtualEar
2007-04-23 12:15:11 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2007-04-23 12:15:11 0 d-------- C:\Program Files\Analog Devices
2007-04-23 12:15:10 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2007-04-23 12:15:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-23 12:14:58 0 d-------- C:\Program Files\Common Files\InstallShield
2007-04-23 12:13:21 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-23 12:13:20 0 d-------- C:\Program Files\Intel
2007-04-23 12:12:59 5824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-04-23 12:10:07 0 d-------- C:\Program Files\Caffe
2007-04-23 12:08:31 0 d-------- C:\Documents and Settings\Contol\Application Data\Identities
2007-04-23 12:08:22 0 d--h----- C:\Documents and Settings\Contol\Templates
2007-04-23 12:08:22 0 dr------- C:\Documents and Settings\Contol\Start Menu
2007-04-23 12:08:22 0 dr-h----- C:\Documents and Settings\Contol\SendTo
2007-04-23 12:08:22 0 dr-h----- C:\Documents and Settings\Contol\Recent
2007-04-23 12:08:22 0 d--h----- C:\Documents and Settings\Contol\PrintHood
2007-04-23 12:08:22 0 d--h----- C:\Documents and Settings\Contol\NetHood
2007-04-23 12:08:22 0 d-------- C:\Documents and Settings\Contol\My Documents
2007-04-23 12:08:22 0 d--h----- C:\Documents and Settings\Contol\Local Settings
2007-04-23 12:08:22 0 dr------- C:\Documents and Settings\Contol\Favorites
2007-04-23 12:08:22 0 d-------- C:\Documents and Settings\Contol\Desktop
2007-04-23 12:08:22 0 d--hs---- C:\Documents and Settings\Contol\Cookies
2007-04-23 12:08:22 0 dr-h----- C:\Documents and Settings\Contol\Application Data
2007-04-23 12:07:15 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-04-23 12:07:13 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-04-23 12:07:13 0 d-------- C:\WINDOWS\Prefetch
2007-04-23 12:07:12 229376 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT
2007-04-23 12:07:12 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-04-23 12:07:12 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2007-04-23 12:07:12 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-04-23 12:07:12 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-04-23 12:07:04 225280 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-04-23 12:07:04 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-04-23 12:07:04 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2007-04-23 12:07:04 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-04-23 12:07:04 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-04-23 12:04:36 0 d-------- C:\WINDOWS\system32\xircom
2007-04-23 12:04:36 0 d-------- C:\Program Files\microsoft frontpage
2007-04-23 12:04:34 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-04-23 12:04:31 0 d--h----- C:\WINDOWS\$hf_mig$
2007-04-23 12:04:18 0 -rahs---- C:\MSDOS.SYS
2007-04-23 12:04:18 0 -rahs---- C:\IO.SYS
2007-04-23 12:04:18 0 --a------ C:\CONFIG.SYS
2007-04-23 12:04:18 0 --a------ C:\AUTOEXEC.BAT
2007-04-23 12:03:30 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-04-23 12:03:21 0 dr------- C:\WINDOWS\Offline Web Pages
2007-04-23 12:03:21 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-23 12:03:11 0 d--h----- C:\Program Files\WindowsUpdate
2007-04-23 12:02:55 0 d-------- C:\WINDOWS\system32\DirectX
2007-04-23 12:02:32 0 d---s---- C:\WINDOWS\Tasks
2007-04-23 12:02:31 0 d-------- C:\Program Files\Common Files\MSSoap
2007-04-23 12:02:28 0 d-------- C:\WINDOWS\system32\Macromed
2007-04-23 12:02:28 0 d-------- C:\WINDOWS\srchasst
2007-04-23 12:02:22 0 d-------- C:\Program Files\Movie Maker
2007-04-23 12:02:17 0 d-------- C:\WINDOWS\system32\Restore
2007-04-23 12:02:03 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-23 12:01:46 0 d-------- C:\WINDOWS\Registration
2007-04-23 12:01:21 0 d-------- C:\Program Files\Online Services
2007-04-23 12:01:17 0 d-------- C:\Program Files\Messenger
2007-04-23 12:01:14 0 d-------- C:\Program Files\MSN Gaming Zone
2007-04-23 12:00:48 0 d-------- C:\Program Files\Windows NT
2007-04-23 12:00:46 0 d-------- C:\WINDOWS\system32\MsDtc
2007-04-23 12:00:45 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2007-05-12 08:33:48 174 --a------ C:\WINDOWS\system32\TC0CLMON.DAT
2007-04-23 19:51:18 62 --ahs---- C:\Documents and Settings\Contol\Application Data\desktop.ini
2007-03-22 20:25:02 124928 -----n--- C:\WINDOWS\system32\prntvpt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"BigDog303"="C:\\WINDOWS\\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Caffe-Server"="c:\\program files\\Caffe\\Server.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"AutoUpdate"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\
Notification Packages REG_MULTI_SZ scecli\


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~2\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Bluetooth Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\Bluetooth Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Toshiba\\BLUETO~1\\TosBtMng.exe "
"item"="Bluetooth Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VM303_STI"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Smax4"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMax4PNP"
"hkey"="HKLM"
"command"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
WudfServiceGroup REG_MULTI_SZ WUDFSvc\
bthsvcs REG_MULTI_SZ BthServ\


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e734404-f51e-11db-9c52-0017317838d5}]
Shell\Auto\command infrom.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e734406-f51e-11db-9c52-0017317838d5}]
Shell\AutoRun\command New Document.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e73441f-f51e-11db-9c52-0017317838d5}]
Shell\AutoRun\command E:\ie.exe
Shell\explore\Command E:\ie.exe
Shell\open\Command E:\ie.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ad1b6a9-ff4f-11db-9c5e-0017317838d5}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ad1b6aa-ff4f-11db-9c5e-0017317838d5}]
Shell\Auto\command RavMonE.exe e
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e


-- End of Deckard's System Scanner: finished at 2007-05-12 at 10:57:26 ---------


#10 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 11 May 2007 - 08:57 PM

I will have to study this. We got a few of the registry entries but not all.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#11 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 12 May 2007 - 08:27 AM

STEP 1.
======
SDFix

http://downloads.and...Tools/SDFix.exe
Also download SDFix.exe
and save it to the Desktop.

====
Start the computer in Safe Mode :
-When the machine first starts again, tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
-Select the option for Safe Mode using the arrow keys.
-Press Enter to boot into Safe Mode.

====
Open the SDFix folder on the Desktop, and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
The process removes any Trojan Services or Registry Entries found, and then prompts you to press any key to Reboot.

Press any key to restart the PC.
When the PC restarts the SDFix will run again and complete the removal process
It then displays Finished
Press any key to end the script and load the Desktop icons.

Once the Desktop icons load, the SDFix report opens on screen and saves itself in the SDFix folder as Report.txt.

STEP 2.
======
I need you to search for a file named autorun.inf
I have a few autorun.inf files myself located in different places, so you may have more than one. But I am very interested in the contents of the files. I am looking for lines like
shellexecute=wscript.exe FS6519.dll.vbs
and maybe the others like Document.exe, etc.

The easiest way is to use the search facility and then with the search results you have the Window with the Name and the Location. If you just left-click (maybe twice) the file name under the Name, it opens with Notepad and you see the contents.
Please copy and paste the contents along with the file location and save that to post and reply so I can view them, and then close the file.

For example – I have a file C:\Intel\wireless_7.1.4.6_generic_125315\autorun.inf

The contents are:

[autorun]
ICON=AUTORUN.EXE
OPEN=AUTORUN.EXE


Please post (reply) with the Report.txt and information about the autorun.inf files.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#12 Hurricane Andrew

Hurricane Andrew

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 17 May 2007 - 12:15 AM

Here is the SDFix Log


SDFix: Version 1.84

Run by Contol - Thu 05/17/2007 - 14:00:08.56

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Contol\Desktop\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found...




Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Caffe\\Server.exe"="C:\\Program Files\\Caffe\\Server.exe:*:Enabled:Server"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:
---------------


Checking For Files with Hidden Attributes:

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Contol\Local Settings\Application Data\Microsoft\Media Player\MTVN\Downloads366F8C0\BIT225.tmp

Finished


AUTORUN.INF at
C:\Program Files\Nero\Nero 7\Core\SecurDisc containing the following
[AutoRun]
open=discinfo.exe

#13 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 18 May 2007 - 12:35 PM

Hi Hurricane Andrew,

Please do the following:

STEP 1.
======
Flash Disinfector by sUBs
Please download Flash_Disinfector.exe by sUBs and save it to your desktop:
  • Double-click Flash_Disinfector.exe to run it.
  • Follow any prompts that may appear.
  • Wait until the program has finished scanning, then please exit the program.
    The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.
Please restart your computer

If you still have Deckard’s System Scanner present on your computer, please do the following:
  • Close all applications and windows.
  • Go to start =>run => copy the following bold text into the box and click OK
    ”%userprofile%\desktop\dss.exe” /config
    A pop-up box will appear, please make sure the Main Log and Hijack This, File Dump, Registry Dump is checked, click the Scan button.
  • When the scan is complete, you will see the main.txt <- this one will be maximized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt to your post. in your reply

Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#14 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 05 June 2007 - 11:00 PM

Because no reply was made. This topic is now closed. If you wish it reopened, please send us an email
(Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.


Also follow the recommendations in Tony Klein's article
So how did I get infected in the first place?
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users