Winflyer. . .and computer freezing. . .

coolio_4000

Id really appreciate any assistance with resolving my issue

below is my hijackthis log

Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 11:52:27 PM, on 4/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\oobe\SERVICES.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vVX6000.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\Navid\Desktop\hd\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Navid\LOCALS~1\Temp\RarSFX0\jccatch.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Data Collector Toolbar - {ACBD7024-CF3C-495F-9840-244CD16A5826} - C:\WINDOWS\system32\svchost.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R300 Series on ibm-4ck1th1rqmi] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P54 "Auto EPSON Stylus Photo R300 Series on ibm-4ck1th1rqmi" /O26 "\\IBM-4CK1TH1RQMI\EPSONSty" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series on DPR1260 (dlink-fccbe5 USB Port_1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P67 "EPSON Stylus Photo R300 Series on DPR1260 (dlink-fccbe5 USB Port_1)" /O17 "dlink-fccbe5_9100" /M "Stylus Photo R300"
O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\DOCUME~1\Navid\LOCALS~1\Temp\RarSFX0\jc_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\DOCUME~1\Navid\LOCALS~1\Temp\RarSFX0\jc_link.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161020853843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161020848656
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3469D179-8861-441E-8AC3-D5319E16984F}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

coolio_4000

anyone?:(

coolio_4000

still nobody? :sad2:

Thomas

Hello coolio_4000,

You've got a malware toolbar installed there, and likely more not yet seen in this view. Let's get a more detailed look and then start some repairs.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button (if the "Uncheck All" button shows, click that, then click "Check All"). Next, Under Main Log, uncheck the following:

System Restore
Temp Cleanup
Process Modules

Then under Options, place a check next to the following:

Backup Registry Hives

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder)

You can use extra posts here if needed for that.

Thomas

Since this is not your first request here, just an FYI - when you add posts in your thread like you did, it gives the appearance you have received a response.

coolio_4000

Deckard's System Scanner v20071014.68
Run by Navid on 2008-05-06 19:48:37
Computer is in Normal Mode.

---

Backed up registry hives.



-- HijackThis (run as Navid.exe)

---

Logfile of HijackThis v1.99.1
Scan saved at 7:49:28 PM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\oobe\SERVICES.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vVX6000.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\Navid\desktop\dss.exe
C:\DOCUME~1\Navid\Desktop\hd\Navid.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Navid\LOCALS~1\Temp\RarSFX0\jccatch.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Data Collector Toolbar - {ACBD7024-CF3C-495F-9840-244CD16A5826} - C:\WINDOWS\system32\svchost.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R300 Series on ibm-4ck1th1rqmi] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P54 "Auto EPSON Stylus Photo R300 Series on ibm-4ck1th1rqmi" /O26 "\\IBM-4CK1TH1RQMI\EPSONSty" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series on DPR1260 (dlink-fccbe5 USB Port_1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P67 "EPSON Stylus Photo R300 Series on DPR1260 (dlink-fccbe5 USB Port_1)" /O17 "dlink-fccbe5_9100" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\DOCUME~1\Navid\LOCALS~1\Temp\RarSFX0\jc_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\DOCUME~1\Navid\LOCALS~1\Temp\RarSFX0\jc_link.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161020853843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161020848656
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3469D179-8861-441E-8AC3-D5319E16984F}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


-- HijackThis Fixed Entries (C:\DOCUME~1\Navid\Desktop\hd\backups\)

---

backup-20060530-135205-391 O4 - HKLM\..\Run: [SpywareQuake.com] C:\Program Files\SpywareQuake.com\Spyware-Quake.exe /h
backup-20060908-174157-621 O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB
backup-20070614-154048-245 O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp387.tmp.dll (file missing)
backup-20070614-154048-465 O2 - BHO: (no name) - {9ff714ae-3a67-44d1-9325-45db84feabdf} - C:\WINDOWS\system32\icmapi.dll (file missing)
backup-20070614-154048-548 O2 - BHO: (no name) - {6E51F22A-1EAF-9792-2636-3B9DB5E359B6} - C:\DOCUME~1\Navid\APPLIC~1\16PROG~1\cool user.exe (file missing)
backup-20080329-205801-180 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20080329-205801-191 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
backup-20080329-205801-366 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080329-205801-596 O16 - DPF: {68459DB3-59C9-449D-815B-65F729385C16} (VoiceSecure Control) - http://www.voice4web.com/vs.cab
backup-20080329-205801-805 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
backup-20080329-205801-970 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com

-- File Associations

---

.reg - regfile - shell\open\command - regedit.exe"%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R0 JGOGO (JMicron Hot-Plug Driver) - c:\windows\system32\drivers\jgogo.sys <Not Verified; JMicron; SCSI Port upper filter driver>
R0 JRAID - c:\windows\system32\drivers\jraid.sys <Not Verified; JMicron Technology Corp.; JMicron JR036X RAID Driver>

S3 Motorola_NA USBLAN - c:\windows\system32\drivers\motblan.sys (file missing)
S3 MotoSwitchService (MotoSwitch Service) - c:\windows\system32\drivers\motswch.sys <Not Verified; Motorola INC.; Motorola Switching Filter Driver>
S3 MRVW245 (Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x)) - c:\windows\system32\drivers\wn121txp.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11n NIC>
S3 P2k (Motorola USB Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled

---

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6270
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6270
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Scheduled Tasks

---

2008-04-29 22:32:00 284 --a

---

C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-06 and 2008-05-06

---

2008-05-05 23:49:53 0 d--h

---

C:\$AVG8.VAULT$
2008-05-05 23:45:14 0 d

---

C:\WINDOWS\system32\drivers\Avg
2008-05-05 23:45:07 0 d

---

C:\Program Files\AVG
2008-05-05 23:45:07 0 d

---

C:\Documents and Settings\All Users\Application Data\avg8
2008-04-28 23:13:48 1571427 --a

---

C:\WINDOWS\system32\wupdate.dll
2008-04-28 23:13:48 0 d

---

C:\WINDOWS\system32\3044
2008-04-28 23:13:47 152576 --a

---

C:\WINDOWS\system32\svchost.dll <Not Verified; ; FlashPlayer>
2008-04-27 13:17:07 0 d

---

C:\Documents and Settings\Navid\.SunDownloadManager
2008-04-26 22:57:36 0 d

---

C:\Documents and Settings\Navid\Application Data\skypePM
2008-04-26 22:57:36 32 --a

---

C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-26 22:56:23 0 d

---

C:\Documents and Settings\Navid\Application Data\Skype
2008-04-26 22:56:11 0 d

---

C:\Program Files\Skype
2008-04-26 22:56:11 0 d

---

C:\Program Files\Common Files\Skype
2008-04-26 22:56:01 0 d

---

C:\Documents and Settings\All Users\Application Data\Skype
2008-04-21 01:43:14 0 d

---

C:\Program Files\Common Files\xing shared
2008-04-17 19:47:17 0 d

---

C:\epson
2008-04-12 21:05:14 0 d

---

C:\Program Files\EPSON
2008-04-08 01:12:20 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-08 01:12:15 0 d

---

C:\Program Files\Windows Live
2008-04-08 01:12:04 0 d

---

C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-06 02:31:07 0 d

---

C:\Program Files\Common Files\DirectX


-- Find3M Report

---

2008-05-06 19:48:06 0 d

---

C:\Documents and Settings\Navid\Application Data\DNA
2008-05-06 19:28:47 0 d

---

C:\Program Files\Symantec AntiVirus
2008-05-05 23:36:03 0 d

---

C:\Program Files\Common Files\Adobe
2008-04-26 22:56:11 0 d

---

C:\Program Files\Common Files
2008-04-21 01:43:09 0 d

---

C:\Program Files\Common Files\Real
2008-04-18 15:48:11 0 d

---

C:\Documents and Settings\Navid\Application Data\Real
2008-04-08 00:48:11 0 d

---

C:\Program Files\Project64 1.6
2008-04-04 23:48:22 0 d

---

C:\Documents and Settings\Navid\Application Data\BitTorrent
2008-04-04 23:01:54 0 d

---

C:\Program Files\Sunbelt Software
2008-04-04 22:45:44 0 d

---

C:\Program Files\DAP
2008-04-04 22:43:50 50688 --a

---

C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-04-03 21:54:03 0 d

---

C:\Documents and Settings\Navid\Application Data\Hamachi
2008-03-31 00:40:45 0 d

---

C:\Documents and Settings\Navid\Application Data\Malwarebytes
2008-03-31 00:40:37 0 d

---

C:\Program Files\Malwarebytes' Anti-Malware
2008-03-29 21:45:23 39 --ah

---

C:\WINDOWS\smth
2008-03-29 21:44:05 0 d

---

C:\Program Files\VITO Technology
2008-03-29 20:51:42 0 d--h

---

C:\Program Files\WindowsUpdate
2008-03-28 11:40:40 0 d

---

C:\Program Files\Common Files\Totem Shared
2008-03-27 22:12:11 0 d

---

C:\Program Files\CCleaner
2008-03-26 14:34:59 0 d

---

C:\Program Files\TomTom HOME
2008-03-26 14:31:03 0 d

---

C:\Documents and Settings\Navid\Application Data\TomTom
2008-03-26 14:30:49 0 d

---

C:\Program Files\TomTom HOME 2
2008-03-26 14:24:47 0 d--h

---

C:\Program Files\InstallShield Installation Information
2008-03-26 13:47:58 0 d

---

C:\Program Files\TomTom DesktopSuite
2008-03-23 19:02:28 2550 --a

---

C:\WINDOWS\unins000.dat
2008-03-23 18:45:28 691545 --a

---

C:\WINDOWS\unins000.exe
2008-03-22 04:19:46 0 d

---

C:\Program Files\Microsoft LifeCam
2008-03-19 21:42:28 0 d

---

C:\Documents and Settings\Navid\Application Data\Teleca
2008-03-19 21:30:02 0 d

---

C:\Documents and Settings\Navid\Application Data\VoipBuster
2008-03-15 10:46:22 0 d

---

C:\Documents and Settings\Navid\Application Data\Adobe
2008-03-15 10:41:13 0 d

---

C:\Program Files\BitTorrent
2008-03-15 10:41:10 0 d

---

C:\Program Files\DNA


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACBD7024-CF3C-495F-9840-244CD16A5826}]
04/28/2008 11:13 PM 152576 --a

---

C:\WINDOWS\system32\svchost.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [12/05/2007 02:41 AM]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [12/05/2007 02:41 AM]
"RTHDCPL"="RTHDCPL.EXE" [01/29/2008 04:47 PM C:\WINDOWS\RTHDCPL.exe]
"PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [05/28/2007 11:14 AM]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [10/13/2006 05:01 PM]
"VX6000"="C:\WINDOWS\vVX6000.exe" [10/13/2006 05:04 PM]
"nwiz"="nwiz.exe" [12/05/2007 02:41 AM C:\WINDOWS\system32\nwiz.exe]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"Auto EPSON Stylus Photo R300 Series on ibm-4ck1th1rqmi"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"EPSON Stylus Photo R300 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/21/2008 01:42 AM]
"EPSON Stylus Photo R300 Series on DPR1260 (dlink-fccbe5 USB Port_1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/05/2008 11:45 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [08/31/2004 09:49 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [04/10/2008 07:17 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"Network Sub Spooler"=C:\WINDOWS\system32\oobe\SERVICES.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=&quot;Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure]
C:\WINDOWS\system32\JMRaidTool.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Inside Book]
C:\DOCUME~1\Navid\APPLIC~1\FRAGSO~1\DVD DEAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
"C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
C:\WINDOWS\vVX6000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet




-- Hosts

---

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

60 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-06 19:50:20

---

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

---

-- System Information

---

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
CPU 1: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 2047.48 MiB / 1370.58 MiB
Pagefile Memory (total/avail): 3941.65 MiB / 3381.74 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.53 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 34.35 GiB free.
D: is Fixed (NTFS) - 38.28 GiB total, 3.34 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - - 38.28 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 38.28 GiB - D:

\\.\PHYSICALDRIVE0 - WDC WD800JB-00JJC0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center

---

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
AV: Symantec AntiVirus Corporate Edition v9.0.2.1000 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:OTI@Home User Interface"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:wmplayer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"="C:\\Program Files\\Motorola\\RSD Lite\\SDL.exe:*:Enabled:SDL"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Warcraft III\\War3.exe"="C:\\Program Files\\Warcraft III\\War3.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\CitizenLab\\psiphon\\psiphon.exe"="C:\\Program Files\\CitizenLab\\psiphon\\psiphon.exe:*:Enabled:psiphon"
"C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module"
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"="C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe:*:Enabled:Update Service"
"C:\\Program Files\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"="C:\\Program Files\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe:*:Enabled:DXP SyncML Module"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Documents and Settings\\Navid\\My Documents\\gamer\\perfect dark emulator\\Mupen64K 0.7.9\\mupen64k-0-7-9.exe"="C:\\Documents and Settings\\Navid\\My Documents\\gamer\\perfect dark emulator\\Mupen64K 0.7.9\\mupen64k-0-7-9.exe:*:Enabled:mupen64k-0-7-9"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "


-- Environment Variables

---

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Navid\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NAVID-8Z7M1KNHI
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Navid
LOGONSERVER=\\NAVID-8Z7M1KNHI
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\PC Connectivity Solution\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Intuwave\Shared\mRouterRuntime
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Navid\LOCALS~1\Temp
TMP=C:\DOCUME~1\Navid\LOCALS~1\Temp
USERDOMAIN=NAVID-8Z7M1KNHI
USERNAME=Navid
USERPROFILE=C:\Documents and Settings\Navid
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles

---

Navid (admin)
Administrator (new local, admin)


-- Add/Remove Programs

---

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}\Setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM Ad Hack --> "C:\Program Files\AIM\unins000.exe"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitTorrent --> "C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EVGA Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\setup.exe" -l0x9 -removeonly
Gigabyte Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x9 -removeonly
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hamachi 1.0.2.2 --> C:\Program Files\Hamachi\uninstall.exe
HijackThis 1.99.1 --> C:\Documents and Settings\Navid\Desktop\hd\HijackThis.exe /uninstall
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft LifeCam --> MsiExec.exe /X{8CFC7570-DD90-486E-A239-E31D455BDE93}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mobile Video Converter Evaluation Edition V1.0.4 --> "C:\Program Files\Mobile Video Converter\unins000.exe"
Motorola Driver Installation --> MsiExec.exe /I{D1C9C454-5602-4F25-9842-DCF49FEAC531}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Splitter & Joiner 3.21 --> "C:\Program Files\MP3 Splitter & Joiner\unins000.exe"
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Nokia Connectivity Cable Driver --> MsiExec.exe /X{3BFFC6B8-4EC0-4240-858C-998FD4077983}
Nokia PC Suite --> MsiExec.exe /I{D89AC4DF-7A00-4D0B-BA99-D582C7974A09}
Nokia Software Updater --> MsiExec.exe /X{1CF28795-FDB8-47BB-AFEA-63F85DFCD0C9}
NVIDIA Drivers --> C:\WINDOWS\System32\nvuninst.exe UninstallGUI
P900 ThemeEditor 1.60 --> "C:\Program Files\VITO Technology\P900 ThemeEditor\unins000.exe"
PC Connectivity Solution --> MsiExec.exe /I{AB2347E4-153B-4194-AA3B-97C0A662B369}
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
psiphon --> MsiExec.exe /X{A57A98F0-51DE-4528-ACD6-BB8C7573ECCB}
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RadioComm v11.0.3 --> MsiExec.exe /X{99358B32-829A-479B-A30C-5C0A192763DB}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RM Converter 4.12 --> "C:\Program Files\RM Converter\unins000.exe"
Rm To AVI VCD SVCD DVD MPEG Converter Pro 2.6 --> "C:\Program Files\Rm To AVI VCD SVCD DVD MPEG Converter\unins000.exe"
RSD_LITE_3_6 --> MsiExec.exe /X{6E8D3944-E463-46D3-B52D-B6EB39D70752}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson PC Suite for Smartphones --> C:\WINDOWS\Installer\{E1252473-6306-4d5d-904D-B06AA7F38161}\setup.exe /uninstall
Sony Ericsson PC Suite for Smartphones --> MsiExec.exe /I{1E76BE75-F256-4BA4-A9A3-F433AD3D2D00}
Sony Ericsson Symbian 9 Drivers --> C:\Program Files\Sony Ericsson\Sony Ericsson Symbian 9 Drivers\ZEBRUninstall.exe
Sony Ericsson Video Converter 1.0 --> "C:\Program Files\Sony Ericsson Video Converter\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SUPER © Version 2007.bld.21 (Jan 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Symantec AntiVirus --> MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TBS WMP Plug-in --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
TomTom HOME --> C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
TomTom HOME --> C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
Total Video Converter 3.02 --> "C:\Program Files\Total Video Converter\unins000.exe"
Total Video Player 1.03 --> "C:\Program Files\Total Video Player\unins000.exe"
Update Service --> C:\Program Files\Sony Ericsson\Update Service\uninst.exe
Warcraft III --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinFlyer --> "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,UnInstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log

---

Event Record #/Type18844 / Error
Event Submitted/Written: 05/06/2008 07:49:34 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab&gt; with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type18843 / Error
Event Submitted/Written: 05/06/2008 07:49:34 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab&gt; with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type18702 / Error
Event Submitted/Written: 05/03/2008 09:55:45 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module quicktime.qts, version 7.1.3.100, fault address 0x0006f424.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type18690 / Error
Event Submitted/Written: 05/03/2008 09:42:41 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module quicktime.qts, version 7.1.3.100, fault address 0x0006f424.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type18684 / Success
Event Submitted/Written: 05/03/2008 09:27:57 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log

---

No Errors/Warnings found.


-- System Event Log

---

Event Record #/Type27713 / Error
Event Submitted/Written: 05/06/2008 07:28:33 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Parallel port driver service failed to start due to the following error:
%%1058

Event Record #/Type27690 / Error
Event Submitted/Written: 05/06/2008 01:35:56 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Parallel port driver service failed to start due to the following error:
%%1058

Event Record #/Type27659 / Error
Event Submitted/Written: 05/05/2008 11:20:12 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Event Record #/Type27637 / Error
Event Submitted/Written: 05/05/2008 09:46:13 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Parallel port driver service failed to start due to the following error:
%%1058

Event Record #/Type27615 / Error
Event Submitted/Written: 05/05/2008 04:41:31 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Parallel port driver service failed to start due to the following error:
%%1058



-- End of Deckard's System Scanner: finished at 2008-05-06 19:50:20

---

Thomas

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download SDFix.exe and save it to your desktop.

Then disconnect from net access. If cable/dsl physically disconnect the modem cable, if dial-up disconnect the phone line. This will keep infection from reinstalling right now.

===================================================


Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).


In Safe Mode, click the SDFix.exe and allow it to extract to it's own folder (C:\SDFix). Navigate to that folder and double click RunThis.bat to start the script.

Next type Y to begin the script. Once the fix has run it will prompt you to restart your computer. Press any key to restart at this time. Your system will take longer that normal to restart as the fixtool will be running and removing files.

When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

Then open the C:\SDFix folder and copy and paste the contents of the results file Report.txt back here.

=============================

After the reboot open the Malwarebytes software you already have installed.

Select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

============================

Then still making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following:

System Restore
Temp Cleanup
Process Modules

Then under Extra Log, uncheck all the boxes except this one:

Security Center

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder)

Post that along with the Malwarebytes log and the SDFix report.txt log please.

coolio_4000

thank you!


SDFix: Version 1.180
Run by Administrator on Tue 05/06/2008 at 11:14 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\svchost.dll - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 23:23:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1F7B8BF3-E26D-9328-D399-435BF694A98D}]
"abociampekoeccjkijnkkbogkcnlgfncgb"=hex:61,62,61,69,6d,6c,68,6a,6d,66,65,69,68,6d,6c,6e,70,70,66,61,70,..
"bbociampekoeccjkijemfgphcpmddhjbdgal"=hex:61,62,6e,62,69,61,63,63,66,63,6c,64,62,69,62,64,6f,69,6b,6c,62,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:OTI@Home User Interface"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:wmplayer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"="C:\\Program Files\\Motorola\\RSD Lite\\SDL.exe:*:Enabled:SDL"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Warcraft III\\War3.exe"="C:\\Program Files\\Warcraft III\\War3.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\CitizenLab\\psiphon\\psiphon.exe"="C:\\Program Files\\CitizenLab\\psiphon\\psiphon.exe:*:Enabled:psiphon"
"C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module"
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"="C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe:*:Enabled:Update Service"
"C:\\Program Files\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"="C:\\Program Files\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe:*:Enabled:DXP SyncML Module"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Documents and Settings\\Navid\\My Documents\\gamer\\perfect dark emulator\\Mupen64K 0.7.9\\mupen64k-0-7-9.exe"="C:\\Documents and Settings\\Navid\\My Documents\\gamer\\perfect dark emulator\\Mupen64K 0.7.9\\mupen64k-0-7-9.exe:*:Enabled:mupen64k-0-7-9"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 30 Aug 2002 1,086,182 A..HR --- "C:\WINDOWS\SETDC.tmp"
Fri 30 Aug 2002 13,608 A..HR --- "C:\WINDOWS\SETEB.tmp"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Sun 18 Mar 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Wed 31 Jan 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 30 Aug 2002 1,700,352 A..HR --- "C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll"
Fri 30 Aug 2002 74,802 A..HR --- "C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll"
Fri 30 Aug 2002 995,383 A..HR --- "C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll"
Fri 30 Aug 2002 995,384 A..HR --- "C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll"
Fri 30 Aug 2002 401,462 A..HR --- "C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll"
Fri 30 Aug 2002 921,088 A..HR --- "C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll"
Fri 30 Aug 2002 50,688 A..HR --- "C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll"
Fri 30 Aug 2002 322,560 A..HR --- "C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll"
Fri 30 Aug 2002 50,688 A..HR --- "C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcirt.dll"
Fri 30 Aug 2002 323,072 A..HR --- "C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll"
Fri 30 Aug 2002 1,703,936 A..HR --- "C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll"
Fri 30 Aug 2002 921,600 A..HR --- "C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll"
Wed 6 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 28 Jul 2006 337,320 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Mon 9 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Mon 9 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Mon 9 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Mon 9 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Mon 9 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Mon 9 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Mon 9 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Mon 9 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Mon 9 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Mon 9 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Mon 9 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Mon 9 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Tue 8 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT3.tmp"
Tue 6 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT3.tmp"
Thu 7 Jun 2001 339,968 A..H. --- "C:\Documents and Settings\Navid\My Documents\Gamer\perfect dark emulator\Mupen64K 0.7.9\MSVCR70.dll"
Wed 4 Aug 2004 299,520 A..H. --- "C:\Documents and Settings\Navid\My Documents\My Pictures\My Pictures\test folder\Temp\setb0.tmp"
Wed 4 Aug 2004 230,400 A..H. --- "C:\Documents and Settings\Navid\My Documents\My Pictures\My Pictures\test folder\Temp\setb1.tmp"
Wed 4 Aug 2004 2,105,344 A..H. --- "C:\Documents and Settings\Navid\My Documents\My Pictures\My Pictures\test folder\Temp\setb3.tmp"
Wed 4 Aug 2004 102,400 A..H. --- "C:\Documents and Settings\Navid\My Documents\My Pictures\My Pictures\test folder\Temp\setb4.tmp"
Wed 4 Aug 2004 299,520 A..H. --- "C:\Documents and Settings\Navid\Desktop\DC++ unfinished files\New Folder (2)\My Pictures\test folder\Temp\setb0.tmp"
Wed 4 Aug 2004 230,400 A..H. --- "C:\Documents and Settings\Navid\Desktop\DC++ unfinished files\New Folder (2)\My Pictures\test folder\Temp\setb1.tmp"
Wed 4 Aug 2004 2,105,344 A..H. --- "C:\Documents and Settings\Navid\Desktop\DC++ unfinished files\New Folder (2)\My Pictures\test folder\Temp\setb3.tmp"
Wed 4 Aug 2004 102,400 A..H. --- "C:\Documents and Settings\Navid\Desktop\DC++ unfinished files\New Folder (2)\My Pictures\test folder\Temp\setb4.tmp"

Finished!





Malwarebytes' Anti-Malware 1.09
Database version: 572

Scan type: Quick Scan
Objects scanned: 35664
Time elapsed: 7 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)











Deckard's System Scanner v20071014.68
Run by Navid on 2008-05-06 23:47:21
Computer is in Normal Mode.

---

-- HijackThis (run as Navid.exe)

---

Logfile of HijackThis v1.99.1
Scan saved at 11:47:27 PM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vVX6000.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Navid\desktop\dss.exe
C:\DOCUME~1\Navid\Desktop\hd\Navid.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Navid\LOCALS~1\Temp\RarSFX0\jccatch.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Data Collector Toolbar - {ACBD7024-CF3C-495F-9840-244CD16A5826} - C:\WINDOWS\system32\svchost.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R300 Series on ibm-4ck1th1rqmi] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P54 "Auto EPSON Stylus Photo R300 Series on ibm-4ck1th1rqmi" /O26 "\\IBM-4CK1TH1RQMI\EPSONSty" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series on DPR1260 (dlink-fccbe5 USB Port_1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P67 "EPSON Stylus Photo R300 Series on DPR1260 (dlink-fccbe5 USB Port_1)" /O17 "dlink-fccbe5_9100" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\DOCUME~1\Navid\LOCALS~1\Temp\RarSFX0\jc_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\DOCUME~1\Navid\LOCALS~1\Temp\RarSFX0\jc_link.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161020853843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161020848656
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3469D179-8861-441E-8AC3-D5319E16984F}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


-- HijackThis Fixed Entries (C:\DOCUME~1\Navid\Desktop\hd\backups\)

---

backup-20060530-135205-391 O4 - HKLM\..\Run: [SpywareQuake.com] C:\Program Files\SpywareQuake.com\Spyware-Quake.exe /h
backup-20060908-174157-621 O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB
backup-20070614-154048-245 O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp387.tmp.dll (file missing)
backup-20070614-154048-465 O2 - BHO: (no name) - {9ff714ae-3a67-44d1-9325-45db84feabdf} - C:\WINDOWS\system32\icmapi.dll (file missing)
backup-20070614-154048-548 O2 - BHO: (no name) - {6E51F22A-1EAF-9792-2636-3B9DB5E359B6} - C:\DOCUME~1\Navid\APPLIC~1\16PROG~1\cool user.exe (file missing)
backup-20080329-205801-180 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20080329-205801-191 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
backup-20080329-205801-366 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080329-205801-596 O16 - DPF: {68459DB3-59C9-449D-815B-65F729385C16} (VoiceSecure Control) - http://www.voice4web.com/vs.cab
backup-20080329-205801-805 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
backup-20080329-205801-970 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com

-- File Associations

---

.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R0 JGOGO (JMicron Hot-Plug Driver) - c:\windows\system32\drivers\jgogo.sys <Not Verified; JMicron; SCSI Port upper filter driver>
R0 JRAID - c:\windows\system32\drivers\jraid.sys <Not Verified; JMicron Technology Corp.; JMicron JR036X RAID Driver>
R3 catchme - c:\docume~1\navid\locals~1\temp\catchme.sys (file missing)

S3 Motorola_NA USBLAN - c:\windows\system32\drivers\motblan.sys (file missing)
S3 MotoSwitchService (MotoSwitch Service) - c:\windows\system32\drivers\motswch.sys <Not Verified; Motorola INC.; Motorola Switching Filter Driver>
S3 MRVW245 (Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x)) - c:\windows\system32\drivers\wn121txp.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11n NIC>
S3 P2k (Motorola USB Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled

---

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6270
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6270
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Scheduled Tasks

---

2008-05-06 22:32:00 284 --a

---

C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-06 and 2008-05-06

---

2008-05-06 23:07:07 0 d

---

C:\WINDOWS\ERUNT
2008-05-05 23:49:53 0 d--h

---

C:\$AVG8.VAULT$
2008-05-05 23:45:14 0 d

---

C:\WINDOWS\system32\drivers\Avg
2008-05-05 23:45:07 0 d

---

C:\Program Files\AVG
2008-05-05 23:45:07 0 d

---

C:\Documents and Settings\All Users\Application Data\avg8
2008-04-28 23:13:48 1707299 --a

---

C:\WINDOWS\system32\wupdate.dll
2008-04-28 23:13:48 0 d

---

C:\WINDOWS\system32\3044
2008-04-27 13:17:07 0 d

---

C:\Documents and Settings\Navid\.SunDownloadManager
2008-04-26 22:57:36 0 d

---

C:\Documents and Settings\Navid\Application Data\skypePM
2008-04-26 22:57:36 32 --a

---

C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-26 22:56:23 0 d

---

C:\Documents and Settings\Navid\Application Data\Skype
2008-04-26 22:56:11 0 d

---

C:\Program Files\Skype
2008-04-26 22:56:11 0 d

---

C:\Program Files\Common Files\Skype
2008-04-26 22:56:01 0 d

---

C:\Documents and Settings\All Users\Application Data\Skype
2008-04-21 01:43:14 0 d

---

C:\Program Files\Common Files\xing shared
2008-04-17 19:47:17 0 d

---

C:\epson
2008-04-12 21:05:14 0 d

---

C:\Program Files\EPSON
2008-04-08 01:12:20 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-08 01:12:15 0 d

---

C:\Program Files\Windows Live
2008-04-08 01:12:04 0 d

---

C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-06 02:31:07 0 d

---

C:\Program Files\Common Files\DirectX


-- Find3M Report

---

2008-05-06 23:41:58 0 d

---

C:\Documents and Settings\Navid\Application Data\DNA
2008-05-06 23:21:21 0 d

---

C:\Program Files\Symantec AntiVirus
2008-05-05 23:36:03 0 d

---

C:\Program Files\Common Files\Adobe
2008-04-26 22:56:11 0 d

---

C:\Program Files\Common Files
2008-04-21 01:43:09 0 d

---

C:\Program Files\Common Files\Real
2008-04-18 15:48:11 0 d

---

C:\Documents and Settings\Navid\Application Data\Real
2008-04-08 00:48:11 0 d

---

C:\Program Files\Project64 1.6
2008-04-04 23:48:22 0 d

---

C:\Documents and Settings\Navid\Application Data\BitTorrent
2008-04-04 23:01:54 0 d

---

C:\Program Files\Sunbelt Software
2008-04-04 22:45:44 0 d

---

C:\Program Files\DAP
2008-04-04 22:43:50 50688 --a

---

C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-04-03 21:54:03 0 d

---

C:\Documents and Settings\Navid\Application Data\Hamachi
2008-03-31 00:40:45 0 d

---

C:\Documents and Settings\Navid\Application Data\Malwarebytes
2008-03-31 00:40:37 0 d

---

C:\Program Files\Malwarebytes' Anti-Malware
2008-03-29 21:45:23 39 --ah

---

C:\WINDOWS\smth
2008-03-29 21:44:05 0 d

---

C:\Program Files\VITO Technology
2008-03-29 20:51:42 0 d--h

---

C:\Program Files\WindowsUpdate
2008-03-28 11:40:40 0 d

---

C:\Program Files\Common Files\Totem Shared
2008-03-27 22:12:11 0 d

---

C:\Program Files\CCleaner
2008-03-26 14:34:59 0 d

---

C:\Program Files\TomTom HOME
2008-03-26 14:31:03 0 d

---

C:\Documents and Settings\Navid\Application Data\TomTom
2008-03-26 14:30:49 0 d

---

C:\Program Files\TomTom HOME 2
2008-03-26 14:24:47 0 d--h

---

C:\Program Files\InstallShield Installation Information
2008-03-26 13:47:58 0 d

---

C:\Program Files\TomTom DesktopSuite
2008-03-23 19:02:28 2550 --a

---

C:\WINDOWS\unins000.dat
2008-03-23 18:45:28 691545 --a

---

C:\WINDOWS\unins000.exe
2008-03-22 04:19:46 0 d

---

C:\Program Files\Microsoft LifeCam
2008-03-19 21:42:28 0 d

---

C:\Documents and Settings\Navid\Application Data\Teleca
2008-03-19 21:30:02 0 d

---

C:\Documents and Settings\Navid\Application Data\VoipBuster
2008-03-15 10:46:22 0 d

---

C:\Documents and Settings\Navid\Application Data\Adobe
2008-03-15 10:41:13 0 d

---

C:\Program Files\BitTorrent
2008-03-15 10:41:10 0 d

---

C:\Program Files\DNA


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACBD7024-CF3C-495F-9840-244CD16A5826}]
C:\WINDOWS\system32\svchost.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [12/05/2007 02:41 AM]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [12/05/2007 02:41 AM]
"RTHDCPL"="RTHDCPL.EXE" [01/29/2008 04:47 PM C:\WINDOWS\RTHDCPL.exe]
"PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [05/28/2007 11:14 AM]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [10/13/2006 05:01 PM]
"VX6000"="C:\WINDOWS\vVX6000.exe" [10/13/2006 05:04 PM]
"nwiz"="nwiz.exe" [12/05/2007 02:41 AM C:\WINDOWS\system32\nwiz.exe]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"Auto EPSON Stylus Photo R300 Series on ibm-4ck1th1rqmi"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"EPSON Stylus Photo R300 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/21/2008 01:42 AM]
"EPSON Stylus Photo R300 Series on DPR1260 (dlink-fccbe5 USB Port_1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/05/2008 11:45 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [08/31/2004 09:49 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [04/10/2008 07:17 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=&quot;Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure]
C:\WINDOWS\system32\JMRaidTool.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Inside Book]
C:\DOCUME~1\Navid\APPLIC~1\FRAGSO~1\DVD DEAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
"C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
C:\WINDOWS\vVX6000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet




-- End of Deckard's System Scanner: finished at 2008-05-06 23:48:02

---

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

---

-- Security Center

---

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
AV: Symantec AntiVirus Corporate Edition v9.0.2.1000 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:OTI@Home User Interface"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:wmplayer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"="C:\\Program Files\\Motorola\\RSD Lite\\SDL.exe:*:Enabled:SDL"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Warcraft III\\War3.exe"="C:\\Program Files\\Warcraft III\\War3.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\CitizenLab\\psiphon\\psiphon.exe"="C:\\Program Files\\CitizenLab\\psiphon\\psiphon.exe:*:Enabled:psiphon"
"C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module"
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"="C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe:*:Enabled:Update Service"
"C:\\Program Files\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"="C:\\Program Files\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe:*:Enabled:DXP SyncML Module"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Documents and Settings\\Navid\\My Documents\\gamer\\perfect dark emulator\\Mupen64K 0.7.9\\mupen64k-0-7-9.exe"="C:\\Documents and Settings\\Navid\\My Documents\\gamer\\perfect dark emulator\\Mupen64K 0.7.9\\mupen64k-0-7-9.exe:*:Enabled:mupen64k-0-7-9"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "


-- End of Deckard's System Scanner: finished at 2008-05-06 23:48:02

---

Thomas

Bit of more stealth-like malware there. SDFix got one tough part, and so still a null embedded key we will need to remove.


Click here and download RegDelNull.zip. Unzip the file and when you have done this, read the Eula and then copy and paste RegDelNull.exe to your C folder (so it will then be C:\RegDelNull.exe).

Go again to Start - Run, type cmd (and OK). At the prompt copy and paste the below commands (hit Enter after each line).

cd\

regdelnull hkcu -s

(be sure to place a space after hkcu)

Your registry will be scanned, and if any Null entries are found, the scan will stop and you will be asked to confirm deletion. For now, type n and hit Enter let the scan continue until it has finished.

When it has finished, click on the Icon in the top left hand corner of the Command Prompt and choose Edit > Select All and then Edit > Copy. Rightclick on your Desktop and create a text file. Open it and position your mouse inside the file, rightclick again and choose Paste. Save the file and post the contents here please.

coolio_4000

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Navid>cd\

C:\>regdelnull hkcu -s

RegDelNull v1.10 - Delete Registry keys with embedded Nulls
Copyright (C) 2005-2006 Mark Russinovich
Sysinternals - www.sysinternals.com

Null-embedded key (Nulls are replaced by '*'):

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1F7B8B
F3-E26D-9328-D399-435BF694A98D}*

Delete? (y/n) n

Scan complete.


C:\>

Thomas

That located it, and now you can say Yes to removing it.

Go again to Start - Run, type cmd (and OK). At the prompt copy and paste the below commands (hit Enter after each line).

cd\

regdelnull hkcu -s

(be sure to place a space after hkcu)

Your registry will be scanned, and if any Null entries are found, the scan will stop and you will be asked to confirm deletion. This time type "y" for yes,hit Enter and let the scan continue until it has finished.

When it has finished, click on the Icon in the top left hand corner of the Command Prompt and choose Edit > Select All and then Edit > Copy. Rightclick on your Desktop and create a text file. Open it and position your mouse inside the file, rightclick again and choose Paste. Save the file and post the contents here please. Type exit to close the command window.

---

Go to Start - Run, type firewall.cpl (and Enter). Click the Exceptions tab, and locate the Firefox entry. Uncheck that, and click the OK.

Then open Firefox and see if you have any troubles with net access using it. Browsers have their own methods of working through firewalls, so checking why your Firefox has that firewall exception. You can always recheck the exception if no access.

---

Then
Go here and run the Kaspersky online scan, and post back the log it creates (it requires IE).

To use the scan, accept the agreement and make sure you allow the ActiveX object to download and install (check the "yellow bar" at the top of IE if needed to allow this). Once the download has completed click Next, then Scan Settings, then make sure the "extended option" is checked (leave all others as they are) and click OK. Then click "My Computer" to begin the scan. Save the Report as a text file and post that back here.

To save it as a text file, still with the page in Internet Explorer, go to the top of the page and select File - Save As... Then make sure in the "Save as type" drop down you change it to "Text File(*.txt)".

---

Still making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following:

System Restore
Temp Cleanup
Process Modules

Then under Extra Log, uncheck all the boxes except this one:

Security Center

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder)

Please post that, the RegDelNull results and the Kaspersky log.

coolio_4000

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Navid>cd\

C:\>regdelnull hkcu -s

RegDelNull v1.10 - Delete Registry keys with embedded Nulls
Copyright (C) 2005-2006 Mark Russinovich
Sysinternals - www.sysinternals.com
Null-embedded key (Nulls are replaced by '*'):

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1F7B8B
F3-E26D-9328-D399-435BF694A98D}*

Delete? (y/n) y
Key successfully deleted.

Scan complete.


C:\>






Kaspersky Online ScannerWelcome to the Kaspersky Online Scanner! Use it to
scan your PC for viruses and other malware for free
Warning: if you have installed Kaspersky Online Scanner Pro, please
manually uninstall it using "Add/Remove Programs" before installing this
version! Otherwise this version will not function correctly.

Benefits:


Kaspersky Anti-Virus exceptional detection rates and thorough scanning
Hourly AV database updates available each time the Online Scanner is
launched
Heuristic analysis to detect unknown viruses
Simple installation (just click on a link)

Requirements and limitations:


When using this service for the first time, you have to run with
Administrator privileges in order to install the product. Also, you will
need to download and install files about 400 KB in size followed by 9 MB
of virus definitions.
However, if you use the Online Scanner again, you will only need to
download the files that have been updated since your last scan.
The Online Scanner service offered by Kaspersky Lab uses Microsoft ActiveX
technology. Microsoft ActiveX Technology and the Kaspersky Online Scanner
work only with MS Internet Explorer 6.0 or higher.
We cannot guarantee that the Online Scanner will function correctly if you
are using any other browser or any Internet Explorer extensions (such as
AvantBrowser). If you use a different browser, you can use the Kaspersky
File Scanner to scan individual files.
The free Kaspersky Online Scanner does not scan boot sectors and MBRs, so
it cannot detect malicious code located in these areas.
Please note: The free Kaspersky Online Scanner does not protect against
malicious code, and cannot prevent future infections. It only detects
malware that has already penetrated your computer. We strongly recommend
that you install a full antivirus solution to protect your system.

Privacy statement:

The Kaspersky Online Scanner will collect information about the malicious
programs found on your computer during the scanning process. The
information will be sent to the Kaspersky Virus Lab for statistical
purposes. No personal information about you or specific information about
your system will be collected or transmitted to Kaspersky Lab.





Clean infected files. Protect your PC from future infection.
BUY KASPERSKY ANTI-VIRUS NOW





Select: All, None, Suspicious Selected objects: 0




Scan settings:
Here you can configure the scanning process.

Scan using the following antivirus database:
standard - detect viruses, worms, Trojans,
rootkits
extended - protect your computer from Spyware,
adware, dialers and potentially dangerous
software such as remote access utilities, prank
programs and jokes. We do not recommend this
option to beginners or inexperienced users.

Scan options:
Scan Archives - scan files inside archives
Note: affects all targets except 'A
File...' scan target.
Scan Mail Bases - scan e-mails/attachments
inside mail base files
Note: affects all targets except 'My
Email' and 'A File...' scan targets.







Initialize Kaspersky Online Scanner
(downloading and installing Kaspersky Online
Scanner ActiveX from the server into your
computer)





Update Kaspersky Anti-Virus Databases [100%]:
(downloading and installing the latest Kaspersky
Anti-Virus Databases)





Please wait to update the virus definitions...
Downloading from url:
http://dnl-us6.kaspersky-labs.com
Downloading remote file: master.xml
Downloading remote file: kavset.xml
Downloading remote file: updcfg.xml
Downloading remote file: kernel.avc
Downloading remote file: krnun001.avc
Downloading remote file: krnun002.avc
Downloading remote file: krnun003.avc
Downloading remote file: krnun004.avc
Downloading remote file: krnengn.avc
Downloading remote file: krn004.avc
Downloading remote file: krn005.avc
Downloading remote file: fa001.avc
Downloading remote file: base082c.avc
Downloading remote file: base128c.avc
Downloading remote file: base146c.avc
Downloading remote file: base147c.avc
Downloading remote file: base148c.avc
Downloading remote file: base149c.avc
Downloading remote file: base150c.avc
Downloading remote file: base151c.avc
Downloading remote file: base152c.avc
Downloading remote file: base153c.avc
Downloading remote file: base154c.avc
Downloading remote file: base155c.avc
Downloading remote file: base156c.avc
Downloading remote file: base157c.avc
Downloading remote file: base158c.avc
Downloading remote file: base159c.avc
Downloading remote file: base160c.avc
Downloading remote file: base161c.avc
Downloading remote file: base162c.avc
Downloading remote file: base163c.avc
Downloading remote file: base164c.avc
Downloading remote file: base165c.avc
Downloading remote file: base166c.avc
Downloading remote file: base167c.avc
Downloading remote file: base168c.avc
Downloading remote file: base169c.avc
Downloading remote file: base170c.avc
Downloading remote file: base171c.avc
Downloading remote file: base172c.avc
Downloading remote file: base173c.avc
Downloading remote file: base174c.avc
Downloading remote file: dailyc.avc
Downloading remote file: ext026c.avc
Downloading remote file: ext027c.avc
Downloading remote file: ext028c.avc
Downloading remote file: ext029c.avc
Downloading remote file: ext030c.avc
Downloading remote file: ext031c.avc
Downloading remote file: daily-ec.avc
Downloading remote file: base024.avc
Downloading remote file: base101.avc
Downloading remote file: base139.avc
Downloading remote file: base158.avc
Downloading remote file: base159.avc
Downloading remote file: base162.avc
Downloading remote file: base163.avc
Downloading remote file: base164.avc
Downloading remote file: unp000.avc
Downloading remote file: unp001.avc
Downloading remote file: unp002.avc
Downloading remote file: unp003.avc
Downloading remote file: unp004.avc
Downloading remote file: unp005.avc
Downloading remote file: unp016.avc
Downloading remote file: unp017.avc
Downloading remote file: unp023.avc
Downloading remote file: unp024.avc
Downloading remote file: unp029.avc
Downloading remote file: unp031.avc
Downloading remote file: unp032.avc
Downloading remote file: unp033.avc
Downloading remote file: unp034.avc
Downloading remote file: unp038.avc
Downloading remote file: unp039.avc
Downloading remote file: daily.avc
Downloading remote file: daily-ex.avc
Downloading remote file: mail.avc
Downloading remote file: ext001.avc
Downloading remote file: gen004.avc
Downloading remote file: gen005.avc
Downloading remote file: ca.avc
Downloading remote file: fa.avc
Downloading remote file: eicar.avc
Downloading remote file: verdicts.ini
Downloading remote file: black.lst
Downloading remote file: avp.set
Downloading remote file: avp_ext.set
Downloading remote file: avp_x.set
Downloading remote file: avp.vnd
Downloading remote file: avp.klb
Update finished. Ready to scan.
Next
Please select a target to scan:
You can configure the scanning process by
pressing "Scan Settings" button.



Critical Areas
scan critical areas of your hard disks
specified in %windir% and %tmp% system variables
Memory
scan disk modules of running processes
My Computer
scan all your hard and mapped disks
My Email
scan all your hard and mapped disks only for the
following extensions: *.PST; *.MSG; *.OST;
*.MDB; *.DBX; *.EML; *.MBS
Folders...
scan selected folders
A File...
scan a one file





Warning: The Kaspersky Online Scanner may not
run successfully while any other Anti-Virus
software is running. If you have Anti-Virus
software installed, please disable your AV
protection before running the Kaspersky Online
Scanner.
Scan complete.
Verdict: Your computer is infected
The following infected files/objects were
detected:


Report is empty.
Please note: The free Kaspersky Online Scanner
does not provide comprehensive protection and
cannot prevent future infections. It only
detects malware that has already penetrated your
storage devices. We strongly recommend that you
use a fully-functional antivirus solution to
protect your computer at all times.

Please wait, this process may take a long time
depending on the selected target. If you want to
continue browsing, open a new window.

Scan Progress [99%]:







Total number of scanned objects:188525
Number of viruses found:26
Number of infected objects:79
Number of suspicious objects:6
Duration of the scan process:02:42:52
New Scan








Get a Free Trial


Buy Kaspersky Anti-Virus


Help


Virus Encyclopedia


Kaspersky Lab






Product Info
You have Kaspersky Online Scanner version 5.0.98.0
installed. The current anti-virus database was
released on Thursday, May 08, 2008 and contains
745909 records.

System Info
Operating System: Microsoft Windows XP
Professional, Service Pack 2 (Build 2600)Please
wait while the Kaspersky Online Scanner is
initializing and updating...








Copyright (C) Kaspersky Lab 1997 - 2007
Portions Copyright (C) Lan Crypto
Deckard's System Scanner v20071014.68
Run by Navid on 2008-05-08 01:42:52
Computer is in Normal Mode.

---

-- HijackThis (run as Navid.exe)

---

Logfile of HijackThis v1.99.1
Scan saved at 1:43:08 AM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vVX6000.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Documents and Settings\Navid\desktop\dss.exe
C:\DOCUME~1\Navid\Desktop\hd\Navid.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Navid\LOCALS~1\Temp\RarSFX0\jccatch.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Data Collector Toolbar - {ACBD7024-CF3C-495F-9840-244CD16A5826} - C:\WINDOWS\system32\svchost.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R300 Series on ibm-4ck1th1rqmi] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P54 "Auto EPSON Stylus Photo R300 Series on ibm-4ck1th1rqmi" /O26 "\\IBM-4CK1TH1RQMI\EPSONSty" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series on DPR1260 (dlink-fccbe5 USB Port_1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P67 "EPSON Stylus Photo R300 Series on DPR1260 (dlink-fccbe5 USB Port_1)" /O17 "dlink-fccbe5_9100" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\DOCUME~1\Navid\LOCALS~1\Temp\RarSFX0\jc_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\DOCUME~1\Navid\LOCALS~1\Temp\RarSFX0\jc_link.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161020853843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161020848656
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3469D179-8861-441E-8AC3-D5319E16984F}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


-- HijackThis Fixed Entries (C:\DOCUME~1\Navid\Desktop\hd\backups\)

---

backup-20060530-135205-391 O4 - HKLM\..\Run: [SpywareQuake.com] C:\Program Files\SpywareQuake.com\Spyware-Quake.exe /h
backup-20060908-174157-621 O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB
backup-20070614-154048-245 O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp387.tmp.dll (file missing)
backup-20070614-154048-465 O2 - BHO: (no name) - {9ff714ae-3a67-44d1-9325-45db84feabdf} - C:\WINDOWS\system32\icmapi.dll (file missing)
backup-20070614-154048-548 O2 - BHO: (no name) - {6E51F22A-1EAF-9792-2636-3B9DB5E359B6} - C:\DOCUME~1\Navid\APPLIC~1\16PROG~1\cool user.exe (file missing)
backup-20080329-205801-180 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20080329-205801-191 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
backup-20080329-205801-366 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080329-205801-596 O16 - DPF: {68459DB3-59C9-449D-815B-65F729385C16} (VoiceSecure Control) - http://www.voice4web.com/vs.cab
backup-20080329-205801-805 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
backup-20080329-205801-970 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com

-- File Associations

---

.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R0 JGOGO (JMicron Hot-Plug Driver) - c:\windows\system32\drivers\jgogo.sys <Not Verified; JMicron; SCSI Port upper filter driver>
R0 JRAID - c:\windows\system32\drivers\jraid.sys <Not Verified; JMicron Technology Corp.; JMicron JR036X RAID Driver>
R1 NetworkX - c:\windows\system32\ckldrv.sys

S3 catchme - c:\docume~1\navid\locals~1\temp\catchme.sys (file missing)
S3 Motorola_NA USBLAN - c:\windows\system32\drivers\motblan.sys (file missing)
S3 MotoSwitchService (MotoSwitch Service) - c:\windows\system32\drivers\motswch.sys <Not Verified; Motorola INC.; Motorola Switching Filter Driver>
S3 MRVW245 (Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x)) - c:\windows\system32\drivers\wn121txp.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11n NIC>
S3 P2k (Motorola USB Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R2 Crypkey License - crypserv.exe <Not Verified; Kenonic Controls Ltd.; CrypKey Software Licensing System>

S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled

---

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6270
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6270
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Scheduled Tasks

---

2008-05-06 22:32:00 284 --a

---

C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-08 and 2008-05-08

---

2008-05-08 01:12:32 0 d

---

C:\Documents and Settings\All Users\Application Data\Btrieve Technologies
2008-05-08 01:11:54 32768

---

n--- C:\WINDOWS\system32\REGTOOL5.DLL <Not Verified; Microsoft Corporation; Registry Access Functions>
2008-05-08 01:11:54 40000

---

n--- C:\WINDOWS\system32\drivers\PCSMHNT.SYS <Not Verified; Noregon Systems; Noregon RP1210A API>
2008-05-08 01:11:54 14602

---

n--- C:\WINDOWS\system32\drivers\PARCAII.SYS <Not Verified; Noregon Systems\Vansco Electronics; RP1210A API the CAII>
2008-05-08 01:11:54 24320

---

n--- C:\WINDOWS\system32\drivers\J1939NT.SYS <Not Verified; Noregon Systems; Noregon RP1210A API>
2008-05-08 01:11:54 23296

---

n--- C:\WINDOWS\system32\drivers\J1708NT.SYS <Not Verified; Noregon Systems; Noregon RP1210A API>
2008-05-08 01:11:54 82752

---

n--- C:\WINDOWS\system32\drivers\DLASIPNT.SYS <Not Verified; Noregon Systems; Noregon RP1210A API>
2008-05-08 01:11:54 32832

---

n--- C:\WINDOWS\system32\drivers\DLADRVNT.SYS <Not Verified; Noregon Systems; Noregon RP1210A API>
2008-05-08 01:11:54 23712

---

n--- C:\WINDOWS\system32\drivers\CATLNKNT.SYS <Not Verified; Noregon Systems; Noregon RP1210A API>
2008-05-08 01:11:54 23584

---

n--- C:\WINDOWS\system32\drivers\CANNT.SYS <Not Verified; Noregon Systems; Noregon RP1210A API>
2008-05-08 01:11:54 192512

---

n--- C:\WINDOWS\system32\CAIIDirect.dll <Not Verified; ; CCADirect Dynamic Link Library>
2008-05-08 01:11:54 286773

---

n--- C:\WINDOWS\CATserv.exe <Not Verified; Noregon Systems\Vansco Electronics; RP1210A API for the CAII>
2008-05-08 01:11:53 299066

---

n--- C:\WINDOWS\ca2rp32.dll <Not Verified; Noregon Systems\Vansco Electronics; RP1210A API for the CAII>
2008-05-08 01:11:53 26976

---

n--- C:\WINDOWS\CA2RP.DLL
2008-05-08 01:11:53 0 d

---

C:\Program Files\Caterpillar Inc
2008-05-08 01:11:44 52224 --a

---

C:\WINDOWS\system32\Crypserv.exe <Not Verified; Kenonic Controls Ltd.; CrypKey Software Licensing System>
2008-05-08 01:11:44 24608 --a

---

C:\WINDOWS\system32\Ckldrv.sys
2008-05-08 01:11:44 27648 -ra

---

C:\WINDOWS\Setup_ck.exe
2008-05-08 01:11:44 18432 --a

---

C:\WINDOWS\Setup_ck.dll
2008-05-08 01:11:44 11776 --a

---

C:\WINDOWS\Ckrfresh.exe
2008-05-08 01:11:44 165888 --a

---

C:\WINDOWS\Ckconfig.exe <Not Verified; Kenonic Controls; CKCONFIG Application>
2008-05-08 01:11:13 0 d

---

C:\Program Files\Bennet-Tec
2008-05-08 01:11:04 0 d

---

C:\Program Files\Common Files\Offboard Information Products
2008-05-08 01:11:04 0 d

---

C:\Documents and Settings\All Users\Application Data\Offboard Information Products
2008-05-08 01:11:03 0 d

---

C:\Program Files\Caterpillar Electronic Technician
2008-05-06 23:07:07 0 d

---

C:\WINDOWS\ERUNT
2008-05-05 23:49:53 0 d--h

---

C:\$AVG8.VAULT$
2008-05-05 23:45:14 0 d

---

C:\WINDOWS\system32\drivers\Avg
2008-05-05 23:45:07 0 d

---

C:\Program Files\AVG
2008-05-05 23:45:07 0 d

---

C:\Documents and Settings\All Users\Application Data\avg8
2008-04-28 23:13:48 1707299 --a

---

C:\WINDOWS\system32\wupdate.dll
2008-04-28 23:13:48 0 d

---

C:\WINDOWS\system32\3044
2008-04-27 13:17:07 0 d

---

C:\Documents and Settings\Navid\.SunDownloadManager
2008-04-26 22:57:36 0 d

---

C:\Documents and Settings\Navid\Application Data\skypePM
2008-04-26 22:57:36 32 --a

---

C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-26 22:56:23 0 d

---

C:\Documents and Settings\Navid\Application Data\Skype
2008-04-26 22:56:11 0 d

---

C:\Program Files\Skype
2008-04-26 22:56:11 0 d

---

C:\Program Files\Common Files\Skype
2008-04-26 22:56:01 0 d

---

C:\Documents and Settings\All Users\Application Data\Skype
2008-04-21 01:43:14 0 d

---

C:\Program Files\Common Files\xing shared
2008-04-17 19:47:17 0 d

---

C:\epson
2008-04-12 21:05:14 0 d

---

C:\Program Files\EPSON
2008-04-08 01:12:20 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-08 01:12:15 0 d

---

C:\Program Files\Windows Live
2008-04-08 01:12:04 0 d

---

C:\Documents and Settings\All Users\Application Data\WLInstaller


-- Find3M Report

---

2008-05-08 01:35:48 0 d

---

C:\Documents and Settings\Navid\Application Data\DNA
2008-05-08 01:15:17 0 d--h

---

C:\Program Files\InstallShield Installation Information
2008-05-08 01:11:04 0 d

---

C:\Program Files\Common Files
2008-05-07 14:35:34 0 d

---

C:\Program Files\Symantec AntiVirus
2008-05-05 23:36:03 0 d

---

C:\Program Files\Common Files\Adobe
2008-04-21 01:43:09 0 d

---

C:\Program Files\Common Files\Real
2008-04-18 15:48:11 0 d

---

C:\Documents and Settings\Navid\Application Data\Real
2008-04-08 00:48:11 0 d

---

C:\Program Files\Project64 1.6
2008-04-06 02:31:07 0 d

---

C:\Program Files\Common Files\DirectX
2008-04-04 23:48:22 0 d

---

C:\Documents and Settings\Navid\Application Data\BitTorrent
2008-04-04 23:01:54 0 d

---

C:\Program Files\Sunbelt Software
2008-04-04 22:45:44 0 d

---

C:\Program Files\DAP
2008-04-04 22:43:50 50688 --a

---

C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-04-03 21:54:03 0 d

---

C:\Documents and Settings\Navid\Application Data\Hamachi
2008-03-31 00:40:45 0 d

---

C:\Documents and Settings\Navid\Application Data\Malwarebytes
2008-03-31 00:40:37 0 d

---

C:\Program Files\Malwarebytes' Anti-Malware
2008-03-29 21:45:23 39 --ah

---

C:\WINDOWS\smth
2008-03-29 21:44:05 0 d

---

C:\Program Files\VITO Technology
2008-03-29 20:51:42 0 d--h

---

C:\Program Files\WindowsUpdate
2008-03-28 11:40:40 0 d

---

C:\Program Files\Common Files\Totem Shared
2008-03-27 22:12:11 0 d

---

C:\Program Files\CCleaner
2008-03-26 14:34:59 0 d

---

C:\Program Files\TomTom HOME
2008-03-26 14:31:03 0 d

---

C:\Documents and Settings\Navid\Application Data\TomTom
2008-03-26 14:30:49 0 d

---

C:\Program Files\TomTom HOME 2
2008-03-26 13:47:58 0 d

---

C:\Program Files\TomTom DesktopSuite
2008-03-23 19:02:28 2550 --a

---

C:\WINDOWS\unins000.dat
2008-03-23 18:45:28 691545 --a

---

C:\WINDOWS\unins000.exe
2008-03-22 04:19:46 0 d

---

C:\Program Files\Microsoft LifeCam
2008-03-19 21:42:28 0 d

---

C:\Documents and Settings\Navid\Application Data\Teleca
2008-03-19 21:30:02 0 d

---

C:\Documents and Settings\Navid\Application Data\VoipBuster
2008-03-15 10:46:22 0 d

---

C:\Documents and Settings\Navid\Application Data\Adobe
2008-03-15 10:41:13 0 d

---

C:\Program Files\BitTorrent
2008-03-15 10:41:10 0 d

---

C:\Program Files\DNA


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACBD7024-CF3C-495F-9840-244CD16A5826}]
C:\WINDOWS\system32\svchost.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [12/05/2007 02:41 AM]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [12/05/2007 02:41 AM]
"RTHDCPL"="RTHDCPL.EXE" [01/29/2008 04:47 PM C:\WINDOWS\RTHDCPL.exe]
"PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [05/28/2007 11:14 AM]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [10/13/2006 05:01 PM]
"VX6000"="C:\WINDOWS\vVX6000.exe" [10/13/2006 05:04 PM]
"nwiz"="nwiz.exe" [12/05/2007 02:41 AM C:\WINDOWS\system32\nwiz.exe]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"Auto EPSON Stylus Photo R300 Series on ibm-4ck1th1rqmi"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"EPSON Stylus Photo R300 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/21/2008 01:42 AM]
"EPSON Stylus Photo R300 Series on DPR1260 (dlink-fccbe5 USB Port_1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/05/2008 11:45 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [08/31/2004 09:49 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [04/10/2008 07:17 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=&quot;Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure]
C:\WINDOWS\system32\JMRaidTool.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Inside Book]
C:\DOCUME~1\Navid\APPLIC~1\FRAGSO~1\DVD DEAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
"C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
C:\WINDOWS\vVX6000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

*Newly Created Service* - CRYPKEY_LICENSE
*Newly Created Service* - NETWORKX



-- End of Deckard's System Scanner: finished at 2008-05-08 01:43:46

---

Thomas

Unfortunately that is not the right Kaspersky log. The one we need gives the details of all items found, and not just this summary. The null key looks removed, but I see now my thoughts on malware missed that you have two antivirus softwares installed (AVG8 and Norton), and these, along with SpySweeper, appear to be running when steps are being done. Since it is the free version you need to disable all of these, then uninstall AVG8 now. Too many conflicts and issues with two AV softwares on one system.


Please disable SpySweeper, as it may hinder the removal of some HijackThis entries. You can re-enable it after you're clean.

Go to the Options>Program Options
* Uncheck Load at Windows Startup
* Click Shields on the left.
* Click Internet Explorer and uncheck all items.
* Click Windows System and uncheck all items.
* Click Startup Programs and uncheck all items.
* Click Browser Add-Ons and uncheck all items.
* Exit Spysweeper.


Then right click the other security software taskbar icons and shut them down as well.

---

Close Internet Explorer and all running programs and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis.

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Navid\LOCALS~1\Temp\RarSFX0\jccatch.dl l (file missing)
O2 - BHO: Data Collector Toolbar - {ACBD7024-CF3C-495F-9840-244CD16A5826} - C:\WINDOWS\system32\svchost.dll (file missing)

---

Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

Do a search ( Start - Search/Find - Files or Folders) for the following hilighted files/folders (shown in Bold), and if found, delete them.

C:\WINDOWS\system32\wupdate.dll
C:\WINDOWS\system32\3044 <-- the entire folder

---

Go to Add/Remove Programs and uninstall/remove AVG8.


Reboot, and after the reboot do the steps again to run the Kaspersky scan, and post that and a new Deckards log back here please.

coolio_4000

---

KASPERSKY ONLINE SCANNER REPORT
Thursday, May 08, 2008 10:30:09 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/05/2008
Kaspersky Anti-Virus database records: 748843

---

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 189101
Number of viruses found: 27
Number of infected objects: 86
Number of suspicious objects: 6
Duration of the scan process: 02:10:28

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01D80000.VBN/javautil.zip Infected: Backdoor.Win32.Dumador.cx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01D80000.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01D80000.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01D80001.VBN/javautil.zip Infected: Backdoor.Win32.Dumador.cx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01D80001.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01D80001.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07640000.VBN/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aqe skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07640000.VBN/stream Infected: Trojan-Downloader.Win32.Zlob.aqe skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07640000.VBN NSIS: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07640000.VBN UPX: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07640000.VBN CryptZ: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A900000.VBN Infected: Trojan.Win32.Inject.au skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C380000.VBN Infected: Trojan.Win32.Inject.au skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D380000.VBN Infected: Trojan.Win32.Inject.au skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D4C0000.VBN Infected: Trojan-Downloader.Win32.Agent.bjk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D4C0001.VBN Infected: Trojan-Downloader.Win32.Agent.bjk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580000.VBN/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.pq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580000.VBN/stream/data0007 Infected: Trojan-Downloader.Win32.Zlob.pq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580000.VBN/stream Infected: Trojan-Downloader.Win32.Zlob.pq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580000.VBN NSIS: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580000.VBN UPX: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580000.VBN PE_Patch.UPX: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580000.VBN CryptZ: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580001.VBN Infected: Trojan-Downloader.Win32.Zlob.xf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580002.VBN Infected: Trojan-Downloader.Win32.Zlob.xf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580003.VBN Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DE00000.VBN Infected: Trojan.Win32.Inject.au skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DE80000.VBN Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E000000.VBN Infected: Trojan.Win32.Inject.au skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Navid\Application Data\Mozilla\Firefox\Profiles\chd8go2t.default\cert8.db Object is locked skipped
C:\Documents and Settings\Navid\Application Data\Mozilla\Firefox\Profiles\chd8go2t.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Navid\Application Data\Mozilla\Firefox\Profiles\chd8go2t.default\history.dat Object is locked skipped
C:\Documents and Settings\Navid\Application Data\Mozilla\Firefox\Profiles\chd8go2t.default\key3.db Object is locked skipped
C:\Documents and Settings\Navid\Application Data\Mozilla\Firefox\Profiles\chd8go2t.default\parent.lock Object is locked skipped
C:\Documents and Settings\Navid\Application Data\Mozilla\Firefox\Profiles\chd8go2t.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Navid\Application Data\Mozilla\Firefox\Profiles\chd8go2t.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Navid\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-2a931a45/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Navid\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-2a931a45 ZIP: infected - 1 skipped
C:\Documents and Settings\Navid\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-7a66219c/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Navid\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-7a66219c ZIP: infected - 1 skipped
C:\Documents and Settings\Navid\Application Data\Webroot\Spy Sweeper\Logs\SpySweeperLog.txt Object is locked skipped
C:\Documents and Settings\Navid\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Navid\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Navid\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Navid\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Navid\Local Settings\Application Data\Mozilla\Firefox\Profiles\chd8go2t.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Navid\Local Settings\Application Data\Mozilla\Firefox\Profiles\chd8go2t.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Navid\Local Settings\Application Data\Mozilla\Firefox\Profiles\chd8go2t.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Navid\Local Settings\Application Data\Mozilla\Firefox\Profiles\chd8go2t.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Navid\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Navid\Local Settings\History\History.IE5\MSHist012008050820080509\index.dat Object is locked skipped
C:\Documents and Settings\Navid\Local Settings\Temp\~DF43A3.tmp Object is locked skipped
C:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Navid\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Navid\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Navid.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Navid.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Navid.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{AE2ED2C7-F3A2-4D62-9FFF-C864F74E85F2}\RP76\A0037524.exe/file36 Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\System Volume Information\_restore{AE2ED2C7-F3A2-4D62-9FFF-C864F74E85F2}\RP76\A0037524.exe/file64 Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
C:\System Volume Information\_restore{AE2ED2C7-F3A2-4D62-9FFF-C864F74E85F2}\RP76\A0037524.exe/file65 Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
C:\System Volume Information\_restore{AE2ED2C7-F3A2-4D62-9FFF-C864F74E85F2}\RP76\A0037524.exe Inno: infected - 3 skipped
C:\System Volume Information\_restore{AE2ED2C7-F3A2-4D62-9FFF-C864F74E85F2}\RP93\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{678CBAAD-BFCD-45AA-9C5D-CACA783DA5EB}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\04022008_233247\NoLopBackups\1c2a1f.exe.060.infected Infected: Packed.Win32.PolyCrypt.d skipped
C:\_OTMoveIt\MovedFiles\04022008_233247\NoLopBackups\Cool User.exe.01.infected Infected: Trojan-Downloader.Win32.Swizzor.fg skipped
C:\_OTMoveIt\MovedFiles\04022008_233247\NoLopBackups\Dmkeflkc.exe.01921.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\_OTMoveIt\MovedFiles\04022008_233247\NoLopBackups\Dvd Dead.exe.01922.infected Infected: Packed.Win32.PolyCrypt.d skipped
C:\_OTMoveIt\MovedFiles\04022008_233247\NoLopBackups\Programitch.exe.01920.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\_OTMoveIt\MovedFiles\04022008_233247\NoLopBackups\Sta3e.exe.01437.infected Infected: Packed.Win32.PolyCrypt.d skipped
C:\_OTMoveIt\MovedFiles\04022008_233247\NoLopBackups\Third Pop Poll.exe.01923.infected Infected: Trojan.Win32.Obfuscated.en skipped
C:\_OTMoveIt\MovedFiles\04022008_233247\WINDOWS\Downloaded Program Files\cssweb.dll Infected: not-a-virus:AdWare.Win32.CSSWeb.b skipped
C:\_OTMoveIt\MovedFiles\04022008_233247\WINDOWS\system32\f3PSSavr.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\_OTMoveIt\MovedFiles\04022008_233247\WINDOWS\system32\gah95on6.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\_OTMoveIt\MovedFiles\04022008_233247\WINDOWS\win32.bmp Infected: Trojan-Clicker.JS.gen skipped
D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\6d2d00b38bbb51065358327978f98481_68c8d5b6-89fa-41f8-9a19-b7c29a5433ec Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a3065fa80db2b4863228093014a6e87_68c8d5b6-89fa-41f8-9a19-b7c29a5433ec Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf0b4a78344c016c320bfc2cb395c6a8_68c8d5b6-89fa-41f8-9a19-b7c29a5433ec Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom.zip/stmtdlr.exe Suspicious: Password-protected-EXE skipped
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom.zip ZIP: suspicious - 1 skipped
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip/optimize.exe Suspicious: Password-protected-EXE skipped
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip ZIP: suspicious - 1 skipped
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer6.zip/optimize.exe Suspicious: Password-protected-EXE skipped
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer6.zip ZIP: suspicious - 1 skipped
D:\Documents and Settings\Navid\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-6b9dccb7-5887ea5e.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
D:\Documents and Settings\Navid\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-6b9dccb7-5887ea5e.zip ZIP: infected - 1 skipped
D:\Documents and Settings\Navid\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{AE2ED2C7-F3A2-4D62-9FFF-C864F74E85F2}\RP50\A0021956.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.agt skipped
D:\System Volume Information\_restore{AE2ED2C7-F3A2-4D62-9FFF-C864F74E85F2}\RP50\A0021956.exe/stream Infected: Trojan-Downloader.Win32.Zlob.agt skipped
D:\System Volume Information\_restore{AE2ED2C7-F3A2-4D62-9FFF-C864F74E85F2}\RP50\A0021956.exe NSIS: infected - 2 skipped
D:\System Volume Information\_restore{AE2ED2C7-F3A2-4D62-9FFF-C864F74E85F2}\RP50\A0021956.exe UPX: infected - 2 skipped
D:\System Volume Information\_restore{AE2ED2C7-F3A2-4D62-9FFF-C864F74E85F2}\RP50\A0021956.exe PE_Patch.UPX: infected - 2 skipped
D:\System Volume Information\_restore{AE2ED2C7-F3A2-4D62-9FFF-C864F74E85F2}\RP50\A0021957.dll Infected: not-a-virus:AdWare.Win32.CSSWeb.b skipped
D:\System Volume Information\_restore{AE2ED2C7-F3A2-4D62-9FFF-C864F74E85F2}\RP50\A0021958.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
D:\System Volume Information\_restore{AE2ED2C7-F3A2-4D62-9FFF-C864F74E85F2}\RP50\A0021959.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
D:\System Volume Information\_restore{AE2ED2C7-F3A2-4D62-9FFF-C864F74E85F2}\RP52\A0029038.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
D:\System Volume Information\_restore{AE2ED2C7-F3A2-4D62-9FFF-C864F74E85F2}\RP88\A0042835.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP25\A0002377.tlb Infected: Trojan-Downloader.Win32.Zlob.cdu skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP25\A0002406.tlb Infected: Trojan-Downloader.Win32.Zlob.cdu skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP25\A0002486.tlb Infected: Trojan-Downloader.Win32.Zlob.cdu skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP25\A0003515.tlb Infected: Trojan-Downloader.Win32.Zlob.cdu skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP25\A0004515.tlb Infected: Trojan-Downloader.Win32.Zlob.cdu skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP26\A0004523.tlb Infected: Trojan-Downloader.Win32.Zlob.cdu skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP26\A0004554.tlb Infected: Trojan-Downloader.Win32.Zlob.cdu skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP26\A0004602.tlb Infected: Trojan-Downloader.Win32.Zlob.cdu skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP26\A0004619.tlb Infected: Trojan-Downloader.Win32.Zlob.cdu skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP26\A0004732.tlb Infected: Trojan-Downloader.Win32.Zlob.cdu skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP26\A0004744.tlb Infected: Trojan-Downloader.Win32.Zlob.cdu skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP26\A0004779.tlb Infected: Trojan-Downloader.Win32.Zlob.cdu skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP26\A0004796.tlb Infected: Trojan-Downloader.Win32.Zlob.cdu skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP26\A0004808.tlb Infected: Trojan-Downloader.Win32.Zlob.cdu skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP26\A0004826.tlb Infected: Trojan-Downloader.Win32.Zlob.cdu skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP26\A0005848.tlb Infected: Trojan-Downloader.Win32.Zlob.cdu skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP26\A0005878.tlb Infected: Trojan-Downloader.Win32.Zlob.cdu skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP26\A0005906.tlb Infected: Trojan-Downloader.Win32.Zlob.cdu skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP26\A0005928.tlb Infected: Trojan-Downloader.Win32.Zlob.cdu skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP26\A0005966.tlb Infected: Trojan-Downloader.Win32.Zlob.cdu skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP33\A0007728.exe Infected: Backdoor.Win32.Small.dc skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP33\A0007729.exe Infected: Trojan-PSW.Win32.Sagic.h skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP33\A0007730.exe Infected: Virus.Win32.Bube.b skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP33\A0007731.scr Infected: Trojan-PSW.Win32.Sagic.h skipped
D:\System Volume Information\_restore{B7007D0C-FC0E-4297-A5EC-1F3D18624407}\RP33\A0007732.scr Infected: Trojan-PSW.Win32.Sagic.h skipped
D:\WINDOWS\$NtUninstallKB824141$\sysmain.sdb Object is locked skipped
D:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
D:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\browser.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
D:\WINDOWS\$NtUninstallQ309521$\dxmasf.dll Object is locked skipped
D:\WINDOWS\$NtUninstallQ309521$\httpod51.dll Object is locked skipped
D:\WINDOWS\$NtUninstallQ309521$\sfcfiles.dll Object is locked skipped
D:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe Object is locked skipped
D:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.inf Object is locked skipped
D:\WINDOWS\$NtUninstallQ309521$\ssinc51.dll Object is locked skipped
D:\WINDOWS\$NtUninstallQ314862$\qmgr.dll Object is locked skipped
D:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe Object is locked skipped
D:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.inf Object is locked skipped
D:\WINDOWS\$NtUninstallQ315000$\netsetup.exe Object is locked skipped
D:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe Object is locked skipped
D:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.inf Object is locked skipped
D:\WINDOWS\$NtUninstallQ315000$\ssdpapi.dll Object is locked skipped
D:\WINDOWS\$NtUninstallQ315000$\ssdpsrv.dll Object is locked skipped
D:\WINDOWS\$NtUninstallQ315000$\upnp.dll Object is locked skipped
D:\WINDOWS\$NtUninstallQ323172$\reg00003 Object is locked skipped
D:\WINDOWS\$NtUninstallQ323172$\reg00005 Object is locked skipped
D:\WINDOWS\$NtUninstallQ323172$\reg00008 Object is locked skipped
D:\WINDOWS\$NtUninstallQ323172$\reg00009 Object is locked skipped
D:\WINDOWS\$NtUninstallQ323172$\reg00010 Object is locked skipped
D:\WINDOWS\$NtUninstallQ323172$\reg00011 Object is locked skipped
D:\WINDOWS\$NtUninstallQ328940$\reg00003 Object is locked skipped
D:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
D:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped

Scan process completed.

Kaspersky Online ScannerWelcome to the Kaspersky Online Scanner! Use it to
scan your PC for viruses and other malware for free
Warning: if you have installed Kaspersky Online Scanner Pro, please
manually uninstall it using "Add/Remove Programs" before installing this
version! Otherwise this version will not function correctly.

Benefits:


Kaspersky Anti-Virus exceptional detection rates and thorough scanning
Hourly AV database updates available each time the Online Scanner is
launched
Heuristic analysis to detect unknown viruses
Simple installation (just click on a link)

Requirements and limitations:


When using this service for the first time, you have to run with
Administrator privileges in order to install the product. Also, you will
need to download and install files about 400 KB in size followed by 9 MB
of virus definitions.
However, if you use the Online Scanner again, you will only need to
download the files that have been updated since your last scan.
The Online Scanner service offered by Kaspersky Lab uses Microsoft ActiveX
technology. Microsoft ActiveX Technology and the Kaspersky Online Scanner
work only with MS Internet Explorer 6.0 or higher.
We cannot guarantee that the Online Scanner will function correctly if you
are using any other browser or any Internet Explorer extensions (such as
AvantBrowser). If you use a different browser, you can use the Kaspersky
File Scanner to scan individual files.
The free Kaspersky Online Scanner does not scan boot sectors and MBRs, so
it cannot detect malicious code located in these areas.
Please note: The free Kaspersky Online Scanner does not protect against
malicious code, and cannot prevent future infections. It only detects
malware that has already penetrated your computer. We strongly recommend
that you install a full antivirus solution to protect your system.

Privacy statement:

The Kaspersky Online Scanner will collect information about the malicious
programs found on your computer during the scanning process. The
information will be sent to the Kaspersky Virus Lab for statistical
purposes. No personal information about you or specific information about
your system will be collected or transmitted to Kaspersky Lab.





Clean infected files. Protect your PC from future infection.
BUY KASPERSKY ANTI-VIRUS NOW





Select: All, None, Suspicious Selected objects: 0




Scan settings:
Here you can configure the scanning process.

Scan using the following antivirus database:
standard - detect viruses, worms, Trojans,
rootkits
extended - protect your computer from Spyware,
adware, dialers and potentially dangerous
software such as remote access utilities, prank
programs and jokes. We do not recommend this
option to beginners or inexperienced users.

Scan options:
Scan Archives - scan files inside archives
Note: affects all targets except 'A
File...' scan target.
Scan Mail Bases - scan e-mails/attachments
inside mail base files
Note: affects all targets except 'My
Email' and 'A File...' scan targets.







Initialize Kaspersky Online Scanner
(downloading and installing Kaspersky Online
Scanner ActiveX from the server into your
computer)





Update Kaspersky Anti-Virus Databases [100%]:
(downloading and installing the latest Kaspersky
Anti-Virus Databases)





Please wait to update the virus definitions...
Downloading from url:
http://dnl-us8.kaspersky-labs.com
Downloading remote file: master.xml
Downloading remote file: kavset.xml
Downloading remote file: fa001.avc
Downloading remote file: base138c.avc
Downloading remote file: base174c.avc
Downloading remote file: base175c.avc
Downloading remote file: base176c.avc
Downloading remote file: dailyc.avc
Downloading remote file: ext031c.avc
Downloading remote file: daily-ec.avc
Downloading remote file: base164.avc
Downloading remote file: daily.avc
Downloading remote file: gen005.avc
Downloading remote file: fa.avc
Downloading remote file: avp.set
Downloading remote file: avp_ext.set
Downloading remote file: avp_x.set
Downloading remote file: avp.klb
Update finished. Ready to scan.
Next
Please select a target to scan:
You can configure the scanning process by
pressing "Scan Settings" button.



Critical Areas
scan critical areas of your hard disks
specified in %windir% and %tmp% system variables
Memory
scan disk modules of running processes
My Computer
scan all your hard and mapped disks
My Email
scan all your hard and mapped disks only for the
following extensions: *.PST; *.MSG; *.OST;
*.MDB; *.DBX; *.EML; *.MBS
Folders...
scan selected folders
A File...
scan a one file





Warning: The Kaspersky Online Scanner may not
run successfully while any other Anti-Virus
software is running. If you have Anti-Virus
software installed, please disable your AV
protection before running the Kaspersky Online
Scanner.
Scan complete.
Verdict: Your computer is infected
The following infected files/objects were
detected:


Report is empty.
Please note: The free Kaspersky Online Scanner
does not provide comprehensive protection and
cannot prevent future infections. It only
detects malware that has already penetrated your
storage devices. We strongly recommend that you
use a fully-functional antivirus solution to
protect your computer at all times.

Please wait, this process may take a long time
depending on the selected target. If you want to
continue browsing, open a new window.

Scan Progress [99%]:







Total number of scanned objects:189101
Number of viruses found:27
Number of infected objects:86
Number of suspicious objects:6
Duration of the scan process:02:10:28
New Scan








Get a Free Trial


Buy Kaspersky Anti-Virus


Help


Virus Encyclopedia


Kaspersky Lab






Product Info
You have Kaspersky Online Scanner version 5.0.98.0
installed. The current anti-virus database was
released on Friday, May 09, 2008 and contains
748843 records.

System Info
Operating System: Microsoft Windows XP
Professional, Service Pack 2 (Build 2600)Please
wait while the Kaspersky Online Scanner is
initializing and updating...








Copyright (C) Kaspersky Lab 1997 - 2007
Portions Copyright (C) Lan Crypto

coolio_4000

Deckard's System Scanner v20071014.68
Run by Navid on 2008-05-08 20:09:07
Computer is in Normal Mode.

---

Backed up registry hives.



-- HijackThis (run as Navid.exe)

---

Logfile of HijackThis v1.99.1
Scan saved at 8:10:07 PM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Navid\desktop\dss.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\DOCUME~1\Navid\Desktop\hd\Navid.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R300 Series on ibm-4ck1th1rqmi] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P54 "Auto EPSON Stylus Photo R300 Series on ibm-4ck1th1rqmi" /O26 "\\IBM-4CK1TH1RQMI\EPSONSty" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series on DPR1260 (dlink-fccbe5 USB Port_1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P67 "EPSON Stylus Photo R300 Series on DPR1260 (dlink-fccbe5 USB Port_1)" /O17 "dlink-fccbe5_9100" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\DOCUME~1\Navid\LOCALS~1\Temp\RarSFX0\jc_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\DOCUME~1\Navid\LOCALS~1\Temp\RarSFX0\jc_link.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161020853843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161020848656
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3469D179-8861-441E-8AC3-D5319E16984F}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


-- HijackThis Fixed Entries (C:\DOCUME~1\Navid\Desktop\hd\backups\)

---

backup-20060530-135205-391 O4 - HKLM\..\Run: [SpywareQuake.com] C:\Program Files\SpywareQuake.com\Spyware-Quake.exe /h
backup-20060908-174157-621 O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB
backup-20070614-154048-245 O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp387.tmp.dll (file missing)
backup-20070614-154048-465 O2 - BHO: (no name) - {9ff714ae-3a67-44d1-9325-45db84feabdf} - C:\WINDOWS\system32\icmapi.dll (file missing)
backup-20070614-154048-548 O2 - BHO: (no name) - {6E51F22A-1EAF-9792-2636-3B9DB5E359B6} - C:\DOCUME~1\Navid\APPLIC~1\16PROG~1\cool user.exe (file missing)
backup-20080329-205801-180 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20080329-205801-191 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
backup-20080329-205801-366 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080329-205801-596 O16 - DPF: {68459DB3-59C9-449D-815B-65F729385C16} (VoiceSecure Control) - http://www.voice4web.com/vs.cab
backup-20080329-205801-805 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
backup-20080329-205801-970 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
backup-20080508-195846-779 O2 - BHO: Data Collector Toolbar - {ACBD7024-CF3C-495F-9840-244CD16A5826} - C:\WINDOWS\system32\svchost.dll (file missing)
backup-20080508-195846-925 O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Navid\LOCALS~1\Temp\RarSFX0\jccatch.dll (file missing)

-- File Associations

---

.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R0 JGOGO (JMicron Hot-Plug Driver) - c:\windows\system32\drivers\jgogo.sys <Not Verified; JMicron; SCSI Port upper filter driver>
R0 JRAID - c:\windows\system32\drivers\jraid.sys <Not Verified; JMicron Technology Corp.; JMicron JR036X RAID Driver>
R1 NetworkX - c:\windows\system32\ckldrv.sys
R2 CANNT - c:\windows\system32\drivers\cannt.sys <Not Verified; Noregon Systems; Noregon RP1210A API>
R2 CATLNKNT - c:\windows\system32\drivers\catlnknt.sys <Not Verified; Noregon Systems; Noregon RP1210A API>
R2 DLADRVNT - c:\windows\system32\drivers\dladrvnt.sys <Not Verified; Noregon Systems; Noregon RP1210A API>
R2 DLASIPNT - c:\windows\system32\drivers\dlasipnt.sys <Not Verified; Noregon Systems; Noregon RP1210A API>
R2 J1708NT - c:\windows\system32\drivers\j1708nt.sys <Not Verified; Noregon Systems; Noregon RP1210A API>
R2 J1939NT - c:\windows\system32\drivers\j1939nt.sys <Not Verified; Noregon Systems; Noregon RP1210A API>
R2 PCSMHNT - c:\windows\system32\drivers\pcsmhnt.sys <Not Verified; Noregon Systems; Noregon RP1210A API>

S2 PARCAII - c:\windows\system32\drivers\parcaii.sys <Not Verified; Noregon Systems\Vansco Electronics; RP1210A API the CAII>
S3 catchme - c:\docume~1\navid\locals~1\temp\catchme.sys (file missing)
S3 Motorola_NA USBLAN - c:\windows\system32\drivers\motblan.sys (file missing)
S3 MotoSwitchService (MotoSwitch Service) - c:\windows\system32\drivers\motswch.sys <Not Verified; Motorola INC.; Motorola Switching Filter Driver>
S3 MRVW245 (Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x)) - c:\windows\system32\drivers\wn121txp.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11n NIC>
S3 P2k (Motorola USB Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R2 Crypkey License - crypserv.exe <Not Verified; Kenonic Controls Ltd.; CrypKey Software Licensing System>

S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled

---

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6270
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6270
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Scheduled Tasks

---

2008-05-06 22:32:00 284 --a

---

C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-08 and 2008-05-08

---

2008-05-08 02:40:20 0 d

---

C:\Documents and Settings\All Users\Application Data\Electronic Technician
2008-05-08 01:12:32 0 d

---

C:\Documents and Settings\All Users\Application Data\Btrieve Technologies
2008-05-08 01:11:54 32768

---

n--- C:\WINDOWS\system32\REGTOOL5.DLL <Not Verified; Microsoft Corporation; Registry Access Functions>
2008-05-08 01:11:54 40000

---

n--- C:\WINDOWS\system32\drivers\PCSMHNT.SYS <Not Verified; Noregon Systems; Noregon RP1210A API>
2008-05-08 01:11:54 14602

---

n--- C:\WINDOWS\system32\drivers\PARCAII.SYS <Not Verified; Noregon Systems\Vansco Electronics; RP1210A API the CAII>
2008-05-08 01:11:54 24320

---

n--- C:\WINDOWS\system32\drivers\J1939NT.SYS <Not Verified; Noregon Systems; Noregon RP1210A API>
2008-05-08 01:11:54 23296

---

n--- C:\WINDOWS\system32\drivers\J1708NT.SYS <Not Verified; Noregon Systems; Noregon RP1210A API>
2008-05-08 01:11:54 82752

---

n--- C:\WINDOWS\system32\drivers\DLASIPNT.SYS <Not Verified; Noregon Systems; Noregon RP1210A API>
2008-05-08 01:11:54 32832

---

n--- C:\WINDOWS\system32\drivers\DLADRVNT.SYS <Not Verified; Noregon Systems; Noregon RP1210A API>
2008-05-08 01:11:54 23712

---

n--- C:\WINDOWS\system32\drivers\CATLNKNT.SYS <Not Verified; Noregon Systems; Noregon RP1210A API>
2008-05-08 01:11:54 23584

---

n--- C:\WINDOWS\system32\drivers\CANNT.SYS <Not Verified; Noregon Systems; Noregon RP1210A API>
2008-05-08 01:11:54 192512

---

n--- C:\WINDOWS\system32\CAIIDirect.dll <Not Verified; ; CCADirect Dynamic Link Library>
2008-05-08 01:11:54 286773

---

n--- C:\WINDOWS\CATserv.exe <Not Verified; Noregon Systems\Vansco Electronics; RP1210A API for the CAII>
2008-05-08 01:11:53 299066

---

n--- C:\WINDOWS\ca2rp32.dll <Not Verified; Noregon Systems\Vansco Electronics; RP1210A API for the CAII>
2008-05-08 01:11:53 26976

---

n--- C:\WINDOWS\CA2RP.DLL
2008-05-08 01:11:53 0 d

---

C:\Program Files\Caterpillar Inc
2008-05-08 01:11:44 52224 --a

---

C:\WINDOWS\system32\Crypserv.exe <Not Verified; Kenonic Controls Ltd.; CrypKey Software Licensing System>
2008-05-08 01:11:44 24608 --a

---

C:\WINDOWS\system32\Ckldrv.sys
2008-05-08 01:11:44 27648 -ra

---

C:\WINDOWS\Setup_ck.exe
2008-05-08 01:11:44 18432 --a

---

C:\WINDOWS\Setup_ck.dll
2008-05-08 01:11:44 11776 --a

---

C:\WINDOWS\Ckrfresh.exe
2008-05-08 01:11:44 165888 --a

---

C:\WINDOWS\Ckconfig.exe <Not Verified; Kenonic Controls; CKCONFIG Application>
2008-05-08 01:11:13 0 d

---

C:\Program Files\Bennet-Tec
2008-05-08 01:11:04 0 d

---

C:\Program Files\Common Files\Offboard Information Products
2008-05-08 01:11:04 0 d

---

C:\Documents and Settings\All Users\Application Data\Offboard Information Products
2008-05-08 01:11:03 0 d

---

C:\Program Files\Caterpillar Electronic Technician
2008-05-06 23:07:07 0 d

---

C:\WINDOWS\ERUNT
2008-05-05 23:49:53 0 d--h

---

C:\$AVG8.VAULT$
2008-05-05 23:45:07 0 d

---

C:\Program Files\AVG
2008-05-05 23:45:07 0 d

---

C:\Documents and Settings\All Users\Application Data\avg8
2008-04-27 13:17:07 0 d

---

C:\Documents and Settings\Navid\.SunDownloadManager
2008-04-26 22:57:36 0 d

---

C:\Documents and Settings\Navid\Application Data\skypePM
2008-04-26 22:57:36 32 --a

---

C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-26 22:56:23 0 d

---

C:\Documents and Settings\Navid\Application Data\Skype
2008-04-26 22:56:11 0 d

---

C:\Program Files\Skype
2008-04-26 22:56:11 0 d

---

C:\Program Files\Common Files\Skype
2008-04-26 22:56:01 0 d

---

C:\Documents and Settings\All Users\Application Data\Skype
2008-04-21 01:43:14 0 d

---

C:\Program Files\Common Files\xing shared
2008-04-17 19:47:17 0 d

---

C:\epson
2008-04-12 21:05:14 0 d

---

C:\Program Files\EPSON
2008-04-08 01:12:20 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-08 01:12:15 0 d

---

C:\Program Files\Windows Live
2008-04-08 01:12:04 0 d

---

C:\Documents and Settings\All Users\Application Data\WLInstaller


-- Find3M Report

---

2008-05-08 20:05:42 0 d

---

C:\Program Files\Symantec AntiVirus
2008-05-08 20:03:48 0 d

---

C:\Documents and Settings\Navid\Application Data\DNA
2008-05-08 01:15:17 0 d--h

---

C:\Program Files\InstallShield Installation Information
2008-05-08 01:11:04 0 d

---

C:\Program Files\Common Files
2008-05-05 23:36:03 0 d

---

C:\Program Files\Common Files\Adobe
2008-04-21 01:43:09 0 d

---

C:\Program Files\Common Files\Real
2008-04-18 15:48:11 0 d

---

C:\Documents and Settings\Navid\Application Data\Real
2008-04-08 00:48:11 0 d

---

C:\Program Files\Project64 1.6
2008-04-06 02:31:07 0 d

---

C:\Program Files\Common Files\DirectX
2008-04-04 23:48:22 0 d

---

C:\Documents and Settings\Navid\Application Data\BitTorrent
2008-04-04 23:01:54 0 d

---

C:\Program Files\Sunbelt Software
2008-04-04 22:45:44 0 d

---

C:\Program Files\DAP
2008-04-04 22:43:50 50688 --a

---

C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-04-03 21:54:03 0 d

---

C:\Documents and Settings\Navid\Application Data\Hamachi
2008-03-31 00:40:45 0 d

---

C:\Documents and Settings\Navid\Application Data\Malwarebytes
2008-03-31 00:40:37 0 d

---

C:\Program Files\Malwarebytes' Anti-Malware
2008-03-29 21:45:23 39 --ah

---

C:\WINDOWS\smth
2008-03-29 21:44:05 0 d

---

C:\Program Files\VITO Technology
2008-03-29 20:51:42 0 d--h

---

C:\Program Files\WindowsUpdate
2008-03-28 11:40:40 0 d

---

C:\Program Files\Common Files\Totem Shared
2008-03-27 22:12:11 0 d

---

C:\Program Files\CCleaner
2008-03-26 14:34:59 0 d

---

C:\Program Files\TomTom HOME
2008-03-26 14:31:03 0 d

---

C:\Documents and Settings\Navid\Application Data\TomTom
2008-03-26 14:30:49 0 d

---

C:\Program Files\TomTom HOME 2
2008-03-26 13:47:58 0 d

---

C:\Program Files\TomTom DesktopSuite
2008-03-23 19:02:28 2550 --a

---

C:\WINDOWS\unins000.dat
2008-03-23 18:45:28 691545 --a

---

C:\WINDOWS\unins000.exe
2008-03-22 04:19:46 0 d

---

C:\Program Files\Microsoft LifeCam
2008-03-19 21:42:28 0 d

---

C:\Documents and Settings\Navid\Application Data\Teleca
2008-03-19 21:30:02 0 d

---

C:\Documents and Settings\Navid\Application Data\VoipBuster
2008-03-15 10:46:22 0 d

---

C:\Documents and Settings\Navid\Application Data\Adobe
2008-03-15 10:41:13 0 d

---

C:\Program Files\BitTorrent
2008-03-15 10:41:10 0 d

---

C:\Program Files\DNA


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [12/05/2007 02:41 AM]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [12/05/2007 02:41 AM]
"RTHDCPL"="RTHDCPL.EXE" [01/29/2008 04:47 PM C:\WINDOWS\RTHDCPL.exe]
"PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [05/28/2007 11:14 AM]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [10/13/2006 05:01 PM]
"VX6000"="C:\WINDOWS\vVX6000.exe" [10/13/2006 05:04 PM]
"nwiz"="nwiz.exe" [12/05/2007 02:41 AM C:\WINDOWS\system32\nwiz.exe]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"Auto EPSON Stylus Photo R300 Series on ibm-4ck1th1rqmi"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"EPSON Stylus Photo R300 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/21/2008 01:42 AM]
"EPSON Stylus Photo R300 Series on DPR1260 (dlink-fccbe5 USB Port_1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [08/31/2004 09:49 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/08/2008 09:10 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=&quot;Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure]
C:\WINDOWS\system32\JMRaidTool.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Inside Book]
C:\DOCUME~1\Navid\APPLIC~1\FRAGSO~1\DVD DEAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
"C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
C:\WINDOWS\vVX6000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet




-- End of Deckard's System Scanner: finished at 2008-05-08 20:10:52

---

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

---

-- System Information

---

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
CPU 1: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 2047.48 MiB / 1423.44 MiB
Pagefile Memory (total/avail): 3941.65 MiB / 3467.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.95 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 34.61 GiB free.
D: is Fixed (NTFS) - 38.28 GiB total, 3.34 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - - 38.28 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 38.28 GiB - D:

\\.\PHYSICALDRIVE0 - WDC WD800JB-00JJC0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center

---

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.

coolio_4000

AV: Symantec AntiVirus Corporate Edition v9.0.2.1000 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:OTI@Home User Interface"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:wmplayer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"="C:\\Program Files\\Motorola\\RSD Lite\\SDL.exe:*:Enabled:SDL"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Warcraft III\\War3.exe"="C:\\Program Files\\Warcraft III\\War3.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\CitizenLab\\psiphon\\psiphon.exe"="C:\\Program Files\\CitizenLab\\psiphon\\psiphon.exe:*:Enabled:psiphon"
"C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module"
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"="C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe:*:Enabled:Update Service"
"C:\\Program Files\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"="C:\\Program Files\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe:*:Enabled:DXP SyncML Module"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Documents and Settings\\Navid\\My Documents\\gamer\\perfect dark emulator\\Mupen64K 0.7.9\\mupen64k-0-7-9.exe"="C:\\Documents and Settings\\Navid\\My Documents\\gamer\\perfect dark emulator\\Mupen64K 0.7.9\\mupen64k-0-7-9.exe:*:Enabled:mupen64k-0-7-9"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Disabled:Firefox"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "


-- Environment Variables

---

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Navid\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NAVID-8Z7M1KNHI
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Navid
LOGONSERVER=\\NAVID-8Z7M1KNHI
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\PC Connectivity Solution\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Intuwave\Shared\mRouterRuntime
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Navid\LOCALS~1\Temp
TMP=C:\DOCUME~1\Navid\LOCALS~1\Temp
USERDOMAIN=NAVID-8Z7M1KNHI
USERNAME=Navid
USERPROFILE=C:\Documents and Settings\Navid
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles

---

Navid (admin)
Administrator (admin)


-- Add/Remove Programs

---

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}\Setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM Ad Hack --> "C:\Program Files\AIM\unins000.exe"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
BitTorrent --> "C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Caterpillar Electronic Technician --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{6CE72A93-3CA5-4151-9A18-B1DB5310D752} /l1033 Uninstall from Add/Remove Programs
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Communication Adapter II --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Caterpillar Inc\Communication Adapter II\Uninst.isu" -c"C:\Program Files\Caterpillar Inc\Communication Adapter II\CA2unist.dll"
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EVGA Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\setup.exe" -l0x9 -removeonly
Gigabyte Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x9 -removeonly
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hamachi 1.0.2.2 --> C:\Program Files\Hamachi\uninstall.exe
HijackThis 1.99.1 --> C:\Documents and Settings\Navid\Desktop\hd\HijackThis.exe /uninstall
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft LifeCam --> MsiExec.exe /X{8CFC7570-DD90-486E-A239-E31D455BDE93}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mobile Video Converter Evaluation Edition V1.0.4 --> "C:\Program Files\Mobile Video Converter\unins000.exe"
Motorola Driver Installation --> MsiExec.exe /I{D1C9C454-5602-4F25-9842-DCF49FEAC531}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Splitter & Joiner 3.21 --> "C:\Program Files\MP3 Splitter & Joiner\unins000.exe"
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Nokia Connectivity Cable Driver --> MsiExec.exe /X{3BFFC6B8-4EC0-4240-858C-998FD4077983}
Nokia PC Suite --> MsiExec.exe /I{D89AC4DF-7A00-4D0B-BA99-D582C7974A09}
Nokia Software Updater --> MsiExec.exe /X{1CF28795-FDB8-47BB-AFEA-63F85DFCD0C9}
NVIDIA Drivers --> C:\WINDOWS\System32\nvuninst.exe UninstallGUI
P900 ThemeEditor 1.60 --> "C:\Program Files\VITO Technology\P900 ThemeEditor\unins000.exe"
PC Connectivity Solution --> MsiExec.exe /I{AB2347E4-153B-4194-AA3B-97C0A662B369}
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
psiphon --> MsiExec.exe /X{A57A98F0-51DE-4528-ACD6-BB8C7573ECCB}
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RadioComm v11.0.3 --> MsiExec.exe /X{99358B32-829A-479B-A30C-5C0A192763DB}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RM Converter 4.12 --> "C:\Program Files\RM Converter\unins000.exe"
Rm To AVI VCD SVCD DVD MPEG Converter Pro 2.6 --> "C:\Program Files\Rm To AVI VCD SVCD DVD MPEG Converter\unins000.exe"
RSD_LITE_3_6 --> MsiExec.exe /X{6E8D3944-E463-46D3-B52D-B6EB39D70752}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson PC Suite for Smartphones --> C:\WINDOWS\Installer\{E1252473-6306-4d5d-904D-B06AA7F38161}\setup.exe /uninstall
Sony Ericsson PC Suite for Smartphones --> MsiExec.exe /I{1E76BE75-F256-4BA4-A9A3-F433AD3D2D00}
Sony Ericsson Symbian 9 Drivers --> C:\Program Files\Sony Ericsson\Sony Ericsson Symbian 9 Drivers\ZEBRUninstall.exe
Sony Ericsson Video Converter 1.0 --> "C:\Program Files\Sony Ericsson Video Converter\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SUPER © Version 2007.bld.21 (Jan 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Symantec AntiVirus --> MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TBS WMP Plug-in --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
TomTom HOME --> C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
TomTom HOME --> C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
Total Video Converter 3.02 --> "C:\Program Files\Total Video Converter\unins000.exe"
Total Video Player 1.03 --> "C:\Program Files\Total Video Player\unins000.exe"
Update Service --> C:\Program Files\Sony Ericsson\Update Service\uninst.exe
Warcraft III --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinFlyer --> "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,UnInstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log

---

Event Record #/Type18927 / Success
Event Submitted/Written: 05/08/2008 09:46:44 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type18877 / Error
Event Submitted/Written: 05/07/2008 11:47:49 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application DAP.exe, version 8.6.5.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type18844 / Error
Event Submitted/Written: 05/06/2008 07:49:34 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab&gt; with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type18843 / Error
Event Submitted/Written: 05/06/2008 07:49:34 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab&gt; with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type18702 / Error
Event Submitted/Written: 05/03/2008 09:55:45 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module quicktime.qts, version 7.1.3.100, fault address 0x0006f424.
Processing media-specific event for [firefox.exe!ws!]



-- Security Event Log

---

No Errors/Warnings found.


-- System Event Log

---

Event Record #/Type27911 / Error
Event Submitted/Written: 05/08/2008 08:05:32 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The PARCAII service failed to start due to the following error:
%%20

Event Record #/Type27910 / Error
Event Submitted/Written: 05/08/2008 08:05:32 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Parallel port driver service failed to start due to the following error:
%%1058

Event Record #/Type27882 / Error
Event Submitted/Written: 05/08/2008 07:31:07 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The PARCAII service failed to start due to the following error:
%%20

Event Record #/Type27881 / Error
Event Submitted/Written: 05/08/2008 07:31:07 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Parallel port driver service failed to start due to the following error:
%%1058

Event Record #/Type27856 / Error
Event Submitted/Written: 05/08/2008 09:11:25 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The PARCAII service failed to start due to the following error:
%%20
-- End of Deckard's System Scanner: finished at 2008-05-08 20:10:52

---

Thomas

The Kaspersky log shows mostly normally locked system functions. Then some infection removed already by various scans done, and some in System Restore as well. We will be clearing all that out shortly. Although you can clear the Java cache for the few other items Kaspersky found, at least one of those is just the Java upgrade activity. Some Firefox error there related to Quicktime - did you add an FF extension, or something else that would call on Quicktime functions?


Close all open browsers. Then go to Start > Settings > Control Panel > Java and select the General Tab.

Under Temporary Internet Files, click Settings, then click Delete Files. And OK to close the display.

---

As far as infection goes the system looks clean now. Since we have the information and this opportunity, we can check all those startups disabled in msconfig for any orphaned items now.


Go to Start - Run, type msconfig (and Enter).

Under the Startup and Services tabs, click Enable All, then Apply/OK to close msconfig. Allow the reboot at this time. You can expect to receive alerts/error messages at reboot after this, but we will be addressing all this during the repairs.

---

After the reboot, still making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following:

System Restore
Temp Cleanup
Process Modules

Then under Extra Log, uncheck all the boxes.

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder)

Thomas

Before you do that enable step, please disable SpySweeper again, and keep it disabled.

coolio_4000

Thank you for the quick replies and support.

I don't know about anything that would affect the quicktime player.

Deckard's System Scanner v20071014.68
Run by Navid on 2008-05-09 18:15:33
Computer is in Normal Mode.

---

-- HijackThis (run as Navid.exe)

---

Logfile of HijackThis v1.99.1
Scan saved at 6:15:44 PM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vVX6000.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Media Player\setup_wm.exe
C:\Documents and Settings\Navid\desktop\dss.exe
C:\DOCUME~1\Navid\Desktop\hd\Navid.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R300 Series on ibm-4ck1th1rqmi] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P54 "Auto EPSON Stylus Photo R300 Series on ibm-4ck1th1rqmi" /O26 "\\IBM-4CK1TH1RQMI\EPSONSty" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series on DPR1260 (dlink-fccbe5 USB Port_1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P67 "EPSON Stylus Photo R300 Series on DPR1260 (dlink-fccbe5 USB Port_1)" /O17 "dlink-fccbe5_9100" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Inside Book] C:\DOCUME~1\Navid\APPLIC~1\FRAGSO~1\DVD DEAD.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\DOCUME~1\Navid\LOCALS~1\Temp\RarSFX0\jc_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\DOCUME~1\Navid\LOCALS~1\Temp\RarSFX0\jc_link.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161020853843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161020848656
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3469D179-8861-441E-8AC3-D5319E16984F}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


-- HijackThis Fixed Entries (C:\DOCUME~1\Navid\Desktop\hd\backups\)

---

backup-20060530-135205-391 O4 - HKLM\..\Run: [SpywareQuake.com] C:\Program Files\SpywareQuake.com\Spyware-Quake.exe /h
backup-20060908-174157-621 O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB
backup-20070614-154048-245 O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp387.tmp.dll (file missing)
backup-20070614-154048-465 O2 - BHO: (no name) - {9ff714ae-3a67-44d1-9325-45db84feabdf} - C:\WINDOWS\system32\icmapi.dll (file missing)
backup-20070614-154048-548 O2 - BHO: (no name) - {6E51F22A-1EAF-9792-2636-3B9DB5E359B6} - C:\DOCUME~1\Navid\APPLIC~1\16PROG~1\cool user.exe (file missing)
backup-20080329-205801-180 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20080329-205801-191 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
backup-20080329-205801-366 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080329-205801-596 O16 - DPF: {68459DB3-59C9-449D-815B-65F729385C16} (VoiceSecure Control) - http://www.voice4web.com/vs.cab
backup-20080329-205801-805 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
backup-20080329-205801-970 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
backup-20080508-195846-779 O2 - BHO: Data Collector Toolbar - {ACBD7024-CF3C-495F-9840-244CD16A5826} - C:\WINDOWS\system32\svchost.dll (file missing)
backup-20080508-195846-925 O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Navid\LOCALS~1\Temp\RarSFX0\jccatch.dll (file missing)

-- File Associations

---

.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R0 JGOGO (JMicron Hot-Plug Driver) - c:\windows\system32\drivers\jgogo.sys <Not Verified; JMicron; SCSI Port upper filter driver>
R0 JRAID - c:\windows\system32\drivers\jraid.sys <Not Verified; JMicron Technology Corp.; JMicron JR036X RAID Driver>
R1 NetworkX - c:\windows\system32\ckldrv.sys
R2 CANNT - c:\windows\system32\drivers\cannt.sys <Not Verified; Noregon Systems; Noregon RP1210A API>
R2 CATLNKNT - c:\windows\system32\drivers\catlnknt.sys <Not Verified; Noregon Systems; Noregon RP1210A API>
R2 DLADRVNT - c:\windows\system32\drivers\dladrvnt.sys <Not Verified; Noregon Systems; Noregon RP1210A API>
R2 DLASIPNT - c:\windows\system32\drivers\dlasipnt.sys <Not Verified; Noregon Systems; Noregon RP1210A API>
R2 J1708NT - c:\windows\system32\drivers\j1708nt.sys <Not Verified; Noregon Systems; Noregon RP1210A API>
R2 J1939NT - c:\windows\system32\drivers\j1939nt.sys <Not Verified; Noregon Systems; Noregon RP1210A API>
R2 PCSMHNT - c:\windows\system32\drivers\pcsmhnt.sys <Not Verified; Noregon Systems; Noregon RP1210A API>

S2 PARCAII - c:\windows\system32\drivers\parcaii.sys <Not Verified; Noregon Systems\Vansco Electronics; RP1210A API the CAII>
S3 catchme - c:\docume~1\navid\locals~1\temp\catchme.sys (file missing)
S3 Motorola_NA USBLAN - c:\windows\system32\drivers\motblan.sys (file missing)
S3 MotoSwitchService (MotoSwitch Service) - c:\windows\system32\drivers\motswch.sys <Not Verified; Motorola INC.; Motorola Switching Filter Driver>
S3 MRVW245 (Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x)) - c:\windows\system32\drivers\wn121txp.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11n NIC>
S3 P2k (Motorola USB Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R2 Crypkey License - crypserv.exe <Not Verified; Kenonic Controls Ltd.; CrypKey Software Licensing System>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled

---

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6270
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6270
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Scheduled Tasks

---

2008-05-06 22:32:00 284 --a

---

C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-09 and 2008-05-09

---

2008-05-08 02:40:20 0 d

---

C:\Documents and Settings\All Users\Application Data\Electronic Technician
2008-05-08 01:12:32 0 d

---

C:\Documents and Settings\All Users\Application Data\Btrieve Technologies
2008-05-08 01:11:54 32768

---

n--- C:\WINDOWS\system32\REGTOOL5.DLL <Not Verified; Microsoft Corporation; Registry Access Functions>
2008-05-08 01:11:54 40000

---

n--- C:\WINDOWS\system32\drivers\PCSMHNT.SYS <Not Verified; Noregon Systems; Noregon RP1210A API>
2008-05-08 01:11:54 14602

---

n--- C:\WINDOWS\system32\drivers\PARCAII.SYS <Not Verified; Noregon Systems\Vansco Electronics; RP1210A API the CAII>
2008-05-08 01:11:54 24320

---

n--- C:\WINDOWS\system32\drivers\J1939NT.SYS <Not Verified; Noregon Systems; Noregon RP1210A API>
2008-05-08 01:11:54 23296

---

n--- C:\WINDOWS\system32\drivers\J1708NT.SYS <Not Verified; Noregon Systems; Noregon RP1210A API>
2008-05-08 01:11:54 82752

---

n--- C:\WINDOWS\system32\drivers\DLASIPNT.SYS <Not Verified; Noregon Systems; Noregon RP1210A API>
2008-05-08 01:11:54 32832

---

n--- C:\WINDOWS\system32\drivers\DLADRVNT.SYS <Not Verified; Noregon Systems; Noregon RP1210A API>
2008-05-08 01:11:54 23712

---

n--- C:\WINDOWS\system32\drivers\CATLNKNT.SYS <Not Verified; Noregon Systems; Noregon RP1210A API>
2008-05-08 01:11:54 23584

---

n--- C:\WINDOWS\system32\drivers\CANNT.SYS <Not Verified; Noregon Systems; Noregon RP1210A API>
2008-05-08 01:11:54 192512

---

n--- C:\WINDOWS\system32\CAIIDirect.dll <Not Verified; ; CCADirect Dynamic Link Library>
2008-05-08 01:11:54 286773

---

n--- C:\WINDOWS\CATserv.exe <Not Verified; Noregon Systems\Vansco Electronics; RP1210A API for the CAII>
2008-05-08 01:11:53 299066

---

n--- C:\WINDOWS\ca2rp32.dll <Not Verified; Noregon Systems\Vansco Electronics; RP1210A API for the CAII>
2008-05-08 01:11:53 26976

---

n--- C:\WINDOWS\CA2RP.DLL
2008-05-08 01:11:53 0 d

---

C:\Program Files\Caterpillar Inc
2008-05-08 01:11:44 52224 --a

---

C:\WINDOWS\system32\Crypserv.exe <Not Verified; Kenonic Controls Ltd.; CrypKey Software Licensing System>
2008-05-08 01:11:44 24608 --a

---

C:\WINDOWS\system32\Ckldrv.sys
2008-05-08 01:11:44 27648 -ra

---

C:\WINDOWS\Setup_ck.exe
2008-05-08 01:11:44 18432 --a

---

C:\WINDOWS\Setup_ck.dll
2008-05-08 01:11:44 11776 --a

---

C:\WINDOWS\Ckrfresh.exe
2008-05-08 01:11:44 165888 --a

---

C:\WINDOWS\Ckconfig.exe <Not Verified; Kenonic Controls; CKCONFIG Application>
2008-05-08 01:11:13 0 d

---

C:\Program Files\Bennet-Tec
2008-05-08 01:11:04 0 d

---

C:\Program Files\Common Files\Offboard Information Products
2008-05-08 01:11:04 0 d

---

C:\Documents and Settings\All Users\Application Data\Offboard Information Products
2008-05-08 01:11:03 0 d

---

C:\Program Files\Caterpillar Electronic Technician
2008-05-06 23:07:07 0 d

---

C:\WINDOWS\ERUNT
2008-05-05 23:49:53 0 d--h

---

C:\$AVG8.VAULT$
2008-05-05 23:45:07 0 d

---

C:\Program Files\AVG
2008-05-05 23:45:07 0 d

---

C:\Documents and Settings\All Users\Application Data\avg8
2008-04-27 13:17:07 0 d

---

C:\Documents and Settings\Navid\.SunDownloadManager
2008-04-26 22:57:36 0 d

---

C:\Documents and Settings\Navid\Application Data\skypePM
2008-04-26 22:57:36 32 --a

---

C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-26 22:56:23 0 d

---

C:\Documents and Settings\Navid\Application Data\Skype
2008-04-26 22:56:11 0 d

---

C:\Program Files\Skype
2008-04-26 22:56:11 0 d

---

C:\Program Files\Common Files\Skype
2008-04-26 22:56:01 0 d

---

C:\Documents and Settings\All Users\Application Data\Skype
2008-04-21 01:43:14 0 d

---

C:\Program Files\Common Files\xing shared
2008-04-17 19:47:17 0 d

---

C:\epson
2008-04-12 21:05:14 0 d

---

C:\Program Files\EPSON


-- Find3M Report

---

2008-05-09 18:13:03 0 d

---

C:\Program Files\Symantec AntiVirus
2008-05-09 18:10:36 0 d

---

C:\Documents and Settings\Navid\Application Data\DNA
2008-05-08 01:15:17 0 d--h

---

C:\Program Files\InstallShield Installation Information
2008-05-08 01:11:04 0 d

---

C:\Program Files\Common Files
2008-05-05 23:36:03 0 d

---

C:\Program Files\Common Files\Adobe
2008-04-21 01:43:09 0 d

---

C:\Program Files\Common Files\Real
2008-04-18 15:48:11 0 d

---

C:\Documents and Settings\Navid\Application Data\Real
2008-04-08 01:12:57 0 d

---

C:\Program Files\Windows Live
2008-04-08 01:12:26 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-08 00:48:11 0 d

---

C:\Program Files\Project64 1.6
2008-04-06 02:31:07 0 d

---

C:\Program Files\Common Files\DirectX
2008-04-04 23:48:22 0 d

---

C:\Documents and Settings\Navid\Application Data\BitTorrent
2008-04-04 23:01:54 0 d

---

C:\Program Files\Sunbelt Software
2008-04-04 22:45:44 0 d

---

C:\Program Files\DAP
2008-04-04 22:43:50 50688 --a

---

C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-04-03 21:54:03 0 d

---

C:\Documents and Settings\Navid\Application Data\Hamachi
2008-03-31 00:40:45 0 d

---

C:\Documents and Settings\Navid\Application Data\Malwarebytes
2008-03-31 00:40:37 0 d

---

C:\Program Files\Malwarebytes' Anti-Malware
2008-03-29 21:45:23 39 --ah

---

C:\WINDOWS\smth
2008-03-29 21:44:05 0 d

---

C:\Program Files\VITO Technology
2008-03-29 20:51:42 0 d--h

---

C:\Program Files\WindowsUpdate
2008-03-28 11:40:40 0 d

---

C:\Program Files\Common Files\Totem Shared
2008-03-27 22:12:11 0 d

---

C:\Program Files\CCleaner
2008-03-26 14:34:59 0 d

---

C:\Program Files\TomTom HOME
2008-03-26 14:31:03 0 d

---

C:\Documents and Settings\Navid\Application Data\TomTom
2008-03-26 14:30:49 0 d

---

C:\Program Files\TomTom HOME 2
2008-03-26 13:47:58 0 d

---

C:\Program Files\TomTom DesktopSuite
2008-03-23 19:02:28 2550 --a

---

C:\WINDOWS\unins000.dat
2008-03-23 18:45:28 691545 --a

---

C:\WINDOWS\unins000.exe
2008-03-22 04:19:46 0 d

---

C:\Program Files\Microsoft LifeCam
2008-03-19 21:42:28 0 d

---

C:\Documents and Settings\Navid\Application Data\Teleca
2008-03-19 21:30:02 0 d

---

C:\Documents and Settings\Navid\Application Data\VoipBuster
2008-03-15 10:46:22 0 d

---

C:\Documents and Settings\Navid\Application Data\Adobe
2008-03-15 10:41:13 0 d

---

C:\Program Files\BitTorrent
2008-03-15 10:41:10 0 d

---

C:\Program Files\DNA


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 02:41 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 02:41 AM]
"RTHDCPL"="RTHDCPL.EXE" [01/29/2008 04:47 PM C:\WINDOWS\RTHDCPL.exe]
"PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [05/28/2007 11:14 AM]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [10/13/2006 05:01 PM]
"VX6000"="C:\WINDOWS\vVX6000.exe" [10/13/2006 05:04 PM]
"nwiz"="nwiz.exe" [12/05/2007 02:41 AM C:\WINDOWS\system32\nwiz.exe]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"Auto EPSON Stylus Photo R300 Series on ibm-4ck1th1rqmi"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"EPSON Stylus Photo R300 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/21/2008 01:42 AM]
"EPSON Stylus Photo R300 Series on DPR1260 (dlink-fccbe5 USB Port_1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [10/06/2004 05:56 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 03:57 PM]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [11/08/2006 02:27 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01/12/2006 04:40 PM]
"GBB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [06/02/2006 01:46 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06/09/2004 08:31 PM]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 07:43 PM C:\WINDOWS\Alcmtr.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [08/31/2004 09:49 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/08/2008 09:10 AM]
"Inside Book"="C:\DOCUME~1\Navid\APPLIC~1\FRAGSO~1\DVD DEAD.exe" []
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 03:35 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [1/11/2008 10:16:38 PM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [5/11/2007 12:29:22 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=&quot;Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-05-09 18:16:06

---

Thomas

Not too bad - much fewer registry remnants than I normally see. Just an updater and some leftover Lop adware startups to fix now. And a few other orphans.

Close Internet Explorer and all running programs and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis.

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKCU\..\Run: [Inside Book] C:\DOCUME~1\Navid\APPLIC~1\FRAGSO~1\DVD DEAD.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)


Then best to be sure on that Lop folder, though likely long gone.


Go to Start > Run and type:

cmd.exe

and ok. Copy and paste the below string after the prompt >

dir /s /a "c:\FRAGSO*.*" > c:\find.txt & start notepad c:\find.txt

Your drive will be scanned and when finished, Notepad will pop up with some information. Copy and paste it in this thread.

coolio_4000

Volume in drive C has no label.
Volume Serial Number is 7082-1112

Directory of c:\Program Files

02/05/2007 04:00 PM <DIR> Frag soft dupe
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
1 Dir(s) 37,174,046,720 bytes free

Thomas

A now empty folder remaining. Navigate to (right click Start, left click Explore and use the + symbols to expand the list) the following folder and delete it:

c:\Program Files\Frag soft dupe


Looks good now. You did well. Before we clean up our work, how are things running there?

coolio_4000

MUCH better than before!

Thank you SO VERY MUCH

Can you tell me which firewall to have on?

Thomas

If your Norton install includes a firewall that will be fine. You can also review the security tips Here, which includes a link to other software if needed.


For cleanup now, Kaspersky and MBAM, if you don't plan to use them again, uninstall through Add/Remove Programs. Though you may opt to keep MBAM for periodic updated scans there.

You can also at this time delete the files/folders of the tools we used. To assist with some of that download OTMoveIt2 and save the file to your desktop. This will help by automatically removing some of the tools we used.

Please double-click OTMoveIt.exe to run it and click on Cleanup (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator"). When you do this list of malware removal programs will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. After the list has downloaded, you'll be asked if you want to begin cleanup process? Select Yes.

OTMoveIt will search for and delete/uninstall all the tools that we have used to fix your problems and all their backup folders and then delete itself when you next reboot. At the end of the run you will receive a prompt to reboot, but save that for the next step resetting Restore.


Then reset the System Restore. To do this, right-click My Computer and select Properties. Click the System Restore tab in the window that appears, and check the box that says "Turn off System Restore on all drives" and click Apply.

You will be asked if you are sure, click Yes. This will delete the restore points. Then click OK in the Properties window and reboot your computer.

When your desktop appears, right-click My Computer and select Properties once more. Uncheck the "Turn off System Restore..." box and click Apply. OK.

That should do it.