[zdanska]

Hallo, am new to the site and need some help

Since 2 days ago I always got a pop-up message evertime I turn on my computer like:

Security Warning!

Trojan.W32.Looksky detected on your machine. This virus is distributed via the Internet through e-mail and Active-X objects. The worm has its own SMTP engine which means it gathers e-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data.
This process should be removed from your system.

and

Type: Virus
System Affected: Windows 2000, NT, ME, XP, Vista
Security risk (0-5): 5
Recommendations: Click Yes to remove it from your PC immediately.

I've downloaded a Combo fix and SuperAntiApyware and followed all the instructions step by step but again and again I kept getting the pop-up message and it changed my desktop background too. I combo fix it for threetimes, is that OK?



Here is my last HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:28 PM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BillingExplorer Ver 4.43 DeskPro 4.0\billing16.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.c...a...&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.c...spx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: MSVPS System - {47C54F02-1B28-45F1-AE46-B5CDFB6E7926} - C:\WINDOWS\duocore.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer = 124.81.123.110,202.155.0.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer = 124.81.123.110,202.155.0.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer = 124.81.123.110,202.155.0.20
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: wmpenv - {B75C69B9-E6E2-4759-878E-37E2BB21F2A6} - C:\WINDOWS\wmpenv.dll
O21 - SSODL: wmpconf - {288A45DA-FA02-4110-9025-569438C10762} - C:\WINDOWS\wmpconf.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 5797 bytes




This is my last Combo Fix log:

ComboFix 07-08-09.3 - "Danny" 2007-08-11 2:45:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.159 [GMT 7:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Danny\Desktop.\Spyware&Malware Protection.url
C:\DOCUME~1\Danny\Desktop\Error Cleaner.url
C:\DOCUME~1\Danny\Desktop\Privacy Protector.url
C:\DOCUME~1\Danny\FAVORI~1.\Error Cleaner.url
C:\DOCUME~1\Danny\FAVORI~1.\Privacy Protector.url
C:\DOCUME~1\Danny\FAVORI~1.\Spyware&Malware Protection.url
C:\WINDOWS\dat.txt
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm


((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))


2007-08-10 22:16 15 --a------ C:\WINDOWS\system32\mslck.dat
2007-08-10 22:09 12 --a------ C:\WINDOWS\system32\Mlkf.dll
2007-08-10 22:07 153,088 --a------ C:\WINDOWS\system32\fldlckun.exe
2007-08-10 22:07 <DIR> d-------- C:\Program Files\FolderAccess
2007-08-10 22:03 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-08-10 21:47 38,400 --a------ C:\WINDOWS\system32\UUCODE32.DLL
2007-08-10 21:47 <DIR> d-------- C:\Program Files\BillingExplorer Ver 4.43 DeskPro 4.0
2007-08-10 20:04 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-10 20:04 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-08-10 19:33 158,752 --a------ C:\DOCUME~1\Danny\APPLIC~1\installer_en[1].exe
2007-08-10 19:29 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-08-10 19:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-10 19:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-10 19:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-10 19:02 <DIR> d-------- C:\DOCUME~1\Danny\APPLIC~1\SUPERAntiSpyware.com
2007-08-10 18:41 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 18:25 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-10 18:08 <DIR> d-------- C:\Deckard
2007-08-10 17:52 <DIR> d-------- C:\SmitfraudFix
2007-08-10 17:42 888,569 --a------ C:\SmitfraudFix.exe
2007-08-10 17:29 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-10 17:24 1,814 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-10 17:04 <DIR> d-------- C:\Program Files\Microsoft AntiSpyware
2007-08-10 16:38 610,304 --a------ C:\WINDOWS\system32\eraser.dll
2007-08-10 16:38 282,624 --a------ C:\WINDOWS\system32\erasext.dll
2007-08-10 16:38 233,472 --a------ C:\WINDOWS\system32\eraserl.exe
2007-08-10 16:38 <DIR> d-------- C:\Program Files\Eraser
2007-08-10 13:12 <DIR> d-------- C:\Program Files\Crawler
2007-08-10 11:16 <DIR> d-------- C:\DOCUME~1\Danny\APPLIC~1\TrustedAntivirus
2007-08-10 11:15 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-08-10 11:15 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-08-10 05:41 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-08-10 05:41 36,864 --a------ C:\WINDOWS\system32\LckFldService.exe
2007-08-10 04:07 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-10 03:56 221,184 --a------ C:\WINDOWS\wmpconf.dll
2007-08-10 03:56 188,416 --a------ C:\WINDOWS\wmpenv.dll
2007-08-10 02:25 77,824 --a------ C:\WINDOWS\system32\FLKill.exe
2007-08-10 02:25 256 --a------ C:\sccfg.sys
2007-08-10 02:25 <DIR> d-------- C:\Program Files\Folder Lock
2007-08-10 02:19 282,624 --a------ C:\WINDOWS\system32\wgp.exe
2007-08-10 02:19 212,992 --a------ C:\WINDOWS\system32\wodShellMenu.dll
2007-08-08 18:32 <DIR> d--h----- C:\WINDOWS\PIF
2007-08-08 08:39 <DIR> d-------- C:\DOCUME~1\Danny\APPLIC~1\Google
2007-08-08 08:38 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-08-08 08:38 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-08 08:38 <DIR> d-------- C:\Program Files\Google
2007-08-08 08:38 <DIR> d-------- C:\Program Files\DAP
2007-08-08 08:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-08 01:22 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2007-08-08 01:22 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-08-08 01:22 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2007-08-08 01:22 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-08-08 01:22 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll
2007-08-08 01:22 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll
2007-08-08 01:22 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll
2007-08-08 01:22 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-08-08 01:22 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-08-08 01:22 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-08-08 01:22 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll
2007-08-08 01:22 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-08-07 09:01 <DIR> d-------- C:\DOCUME~1\Danny\APPLIC~1\ACD Systems
2007-08-07 09:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
2007-08-07 08:59 <DIR> d-------- C:\Program Files\ACD Systems
2007-08-06 21:23 <DIR> d---s---- C:\DOCUME~1\Danny\UserData
2007-08-06 13:50 <DIR> d-------- C:\WINDOWS\ShellNew
2007-08-06 13:50 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-08-06 13:25 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-08-06 13:25 <DIR> d-------- C:\Program Files\Winamp
2007-08-03 18:15 <DIR> d-------- C:\DOCUME~1\Danny\APPLIC~1\MSN6
2007-08-03 18:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
2007-08-02 15:49 77,824 --a------ C:\WINDOWS\system32\ODBCTL32.dll
2007-08-02 15:49 71,680 --a------ C:\WINDOWS\ST5UNST.EXE
2007-08-02 15:49 403,216 --a------ C:\WINDOWS\system32\MsRepl35.dll
2007-08-02 15:49 37,136 --a------ C:\WINDOWS\system32\MSJInt35.dll
2007-08-02 15:49 29,696 --a------ C:\WINDOWS\system32\VB5StKit.dll
2007-08-02 15:49 251,664 --a------ C:\WINDOWS\system32\MSRD2x35.dll
2007-08-02 15:49 24,336 --a------ C:\WINDOWS\system32\MSJtEr35.dll
2007-08-02 15:49 1,039,360 --a------ C:\WINDOWS\system32\MSJet35.dll
2007-08-02 14:53 <DIR> d--hs---- C:\RECYCLER
2007-08-02 14:42 <DIR> d-------- C:\client
2007-08-02 13:18 <DIR> d-------- C:\DOCUME~1\Danny\APPLIC~1\Lavasoft
2007-08-02 13:18 <DIR> d-------- C:\Ad-Aware SE Personal
2007-08-02 12:54 83,672 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-08-02 12:54 73,224 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-08-02 12:54 <DIR> d-------- C:\WINDOWS\system32\CBA
2007-08-02 12:54 <DIR> d-------- C:\Program Files\Symantec
2007-08-02 12:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-02 12:53 <DIR> d-------- C:\Program Files\Symantec_Client_Security
2007-08-02 12:53 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-02 12:51 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-02 12:51 <DIR> d-------- C:\Program Files\Yahoo!
2007-08-02 12:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-08-02 12:50 2,775 --a------ C:\WINDOWS\mozver.dat
2007-08-01 21:01 32 --a------ C:\WINDOWS\popcinfo.dat
2007-07-30 23:49 65,536 --a------ C:\WINDOWS\system32\sonypvi3.dll
2007-07-30 23:49 64,964 --a------ C:\WINDOWS\system32\drivers\sonypvd3.sys
2007-07-30 23:49 619,390 --a------ C:\WINDOWS\system32\drivers\sonypvf3.sys
2007-07-30 23:49 423,454 --a------ C:\WINDOWS\system32\drivers\sonypvt3.sys
2007-07-30 23:49 4,464 --a------ C:\WINDOWS\system32\SonyPVC3.dll
2007-07-30 23:49 18,110 --a------ C:\WINDOWS\system32\drivers\sonypvl3.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 11:35]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-08-08 08:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 14:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
"wmpenv"= {C4B187F6-D5B1-4EEB-AD91-8CDD48F4F651} - C:\WINDOWS\wmpenv.dll [2007-08-10 00:43 188416]
"wmpconf"= {EF30A982-A319-4258-A9D9-CCCEB89FE253} - C:\WINDOWS\wmpconf.dll [2007-08-10 00:43 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurePCCleaner]
C:\Program Files\SecurePCCleaner\GDC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys
R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys
R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys
R2 NAVAPEL;NAVAPEL;\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
R3 NAVAP;NAVAP;\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
S3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{0917d714-454f-11dc-b1c4-001921f55535}]
AutoRun\command- My Zodiak v03A Setup.exe


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 02:48:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-11 2:49:10
C:\ComboFix-quarantined-files.txt ... 2007-08-11 02:48
C:\ComboFix2.txt ... 2007-08-10 18:44

--- E O F ---




This is a SUPERAntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/11/2007 at 03:57 AM

Application Version : 3.9.1008

Core Rules Database Version : 3283
Trace Rules Database Version: 1294

Scan type : Complete Scan
Total Scan Time : 01:02:00

Memory items scanned : 319
Memory threats detected : 0
Registry items scanned : 5540
Registry threats detected : 28
File items scanned : 42542
File threats detected : 14

Trojan.Net-MSV/VPS-G
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}\InprocServer32
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}\InprocServer32#ThreadingModel
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}\ProgID
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}\Programmable
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}\TypeLib
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}\VersionIndependentProgID
C:\WINDOWS\DUOCORE.DLL

Trojan.VideoCach/Gen
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\win32
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\FLAGS
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\HELPDIR
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid32
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib#Version
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib#Version

Trojan.Net-MSV/VPS
HKCR\MSVPS.MSVPSApp
HKCR\MSVPS.MSVPSApp\CLSID
HKCR\MSVPS.MSVPSApp\CurVer

Desktop Hijacker.AboutYourPrivacy
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\images
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\privacy_danger
C:\Documents and Settings\Danny\Favorites\Error Cleaner.url
C:\Documents and Settings\Danny\Favorites\Privacy Protector.url
C:\Documents and Settings\Danny\Favorites\Spyware&Malware Protection.url
C:\QOOBOX\QUARANTINE\C\WINDOWS\PRIVACY_DANGER\IMAGES\CAPT.GIF.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\PRIVACY_DANGER\IMAGES\DANGER.JPG.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\PRIVACY_DANGER\IMAGES\DOWN.GIF.VIR


Is there anything I should do to kill this? I hope I've given enough information about it
Thank's a million if someone could help me



Regards,
Danny Zakaria

Edited by zdanska, 11 August 2007 - 05:32 AM.

[Advertisements]

Hello Danny and welcome
I see you downloaded smitfraudfix did you run it ?
Lest do this

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log back here for me please.

IMPORTANT: Do NOT run any other options until you are asked to do so!

[don77]

Hello Danny and welcome
I see you downloaded smitfraudfix did you run it ?
Lest do this

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log back here for me please.

IMPORTANT: Do NOT run any other options until you are asked to do so!

[zdanska]

SmitFraudFix v2.210

Scan done at 18:47:12.34, Sat 08/11/2007
Run from C:\Documents and Settings\Danny\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BillingExplorer Ver 4.43 DeskPro 4.0\billing16.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

[don77]

That log got cut off could you post it again please

[zdanska]

Sorry.. Here it is:


SmitFraudFix v2.210

Scan done at 18:47:12.34, Sat 08/11/2007
Run from C:\Documents and Settings\Danny\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BillingExplorer Ver 4.43 DeskPro 4.0\billing16.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\main_uninstaller.exe FOUND !
C:\WINDOWS\privacy_danger FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Danny


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Danny\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Danny\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="about:home"
"SubscribedURL"="about:home"
"FriendlyName"="my current home page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 124.81.123.110
DNS Server Search Order: 202.155.0.20

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer=124.81.123.110,202.155.0.20
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer=124.81.123.110,202.155.0.20
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer=124.81.123.110,202.155.0.20


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

[don77]

Thank you, I would like to see another log as well please after you run the fix with smitfraudfix I would like to see a DSS log please

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.


Also a DSS log please

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[zdanska]

SmitFraudFix v2.210

Scan done at 19:01:07.12, Sat 08/11/2007
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\main_uninstaller.exe Deleted
C:\WINDOWS\privacy_danger\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer=124.81.123.110,202.155.0.20
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer=124.81.123.110,202.155.0.20
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer=124.81.123.110,202.155.0.20


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



Deckard's System Scanner v20070809.63
Run by Danny on 2007-08-11 at 19:12:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Danny.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:32 PM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Danny\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Danny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.c...a...&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.c...spx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60327
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: MSVPS System - {47C54F02-1B28-45F1-AE46-B5CDFB6E7926} - C:\WINDOWS\duocore.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer = 124.81.123.110,202.155.0.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer = 124.81.123.110,202.155.0.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer = 124.81.123.110,202.155.0.20
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: wmpenv - {E1AE036B-A4B7-4CC0-B53B-B758C69CE44F} - C:\WINDOWS\wmpenv.dll
O21 - SSODL: wmpconf - {6A60D9F0-54C7-4AA1-877B-72BB0E11D893} - C:\WINDOWS\wmpconf.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 5571 bytes

-- Files created between 2007-07-11 and 2007-08-11 -----------------------------

2007-08-11 19:08:25 32256 --a------ C:\WINDOWS\main_uninstaller.exe
2007-08-11 19:08:25 188416 --a------ C:\WINDOWS\duocore.dll <Not Verified; ; BhoNew Module>
2007-08-11 15:27:47 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-11 15:27:46 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-11 15:27:46 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-08-11 15:27:41 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-08-11 15:27:41 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-08-11 10:33:50 0 d-------- C:\New Folder
2007-08-10 22:16:32 15 --a------ C:\WINDOWS\system32\mslck.dat
2007-08-10 22:09:41 12 --a------ C:\WINDOWS\system32\Mlkf.dll
2007-08-10 22:07:14 153088 --a------ C:\WINDOWS\system32\fldlckun.exe
2007-08-10 22:07:14 0 d-------- C:\Program Files\FolderAccess
2007-08-10 22:03:39 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-08-10 21:47:08 38400 --a------ C:\WINDOWS\system32\UUCODE32.DLL <Not Verified; Catalyst Development Corporation; Catalyst SocketTools>
2007-08-10 21:47:08 0 d-------- C:\Program Files\BillingExplorer Ver 4.43 DeskPro 4.0
2007-08-10 20:04:10 0 d-------- C:\WINDOWS\system32\PreInstall
2007-08-10 20:04:08 0 d--h----- C:\WINDOWS\$hf_mig$
2007-08-10 19:29:55 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-08-10 19:03:04 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-08-10 19:02:59 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-08-10 19:02:59 0 d-------- C:\Documents and Settings\Danny\Application Data\SUPERAntiSpyware.com
2007-08-10 19:02:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-10 18:25:51 0 d-------- C:\Program Files\Trend Micro
2007-08-10 17:52:15 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-08-10 17:42:02 888569 --a------ C:\SmitfraudFix.exe
2007-08-10 17:29:43 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-08-10 17:29:43 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-08-10 17:29:43 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-08-10 17:29:43 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-08-10 17:29:43 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-08-10 17:29:43 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-08-10 17:29:43 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-08-10 17:29:43 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-08-10 17:29:43 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-08-10 17:29:43 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-08-10 17:29:43 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-10 17:29:43 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-08-10 17:29:43 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-08-10 17:29:43 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-08-10 17:24:36 1814 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-10 17:04:12 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-08-10 16:38:16 233472 --a------ C:\WINDOWS\system32\eraserl.exe <Not Verified; -; Eraser>
2007-08-10 16:38:15 282624 --a------ C:\WINDOWS\system32\erasext.dll <Not Verified; -; Eraser>
2007-08-10 16:38:15 610304 --a------ C:\WINDOWS\system32\eraser.dll <Not Verified; -; Eraser>
2007-08-10 16:38:14 0 d-------- C:\Program Files\Eraser
2007-08-10 13:12:04 0 d-------- C:\Program Files\Crawler
2007-08-10 11:16:09 0 d-------- C:\Documents and Settings\Danny\Application Data\TrustedAntivirus
2007-08-10 05:41:54 36864 --a------ C:\WINDOWS\system32\LckFldService.exe <Not Verified; ; LckFldService>
2007-08-10 05:41:53 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2007-08-10 03:56:28 188416 --a------ C:\WINDOWS\wmpenv.dll <Not Verified; ; IEXPLORE>
2007-08-10 03:56:28 221184 --a------ C:\WINDOWS\wmpconf.dll
2007-08-10 02:25:58 256 --a------ C:\sccfg.sys
2007-08-10 02:25:53 77824 --a------ C:\WINDOWS\system32\FLKill.exe <Not Verified; USPTO; Project1>
2007-08-10 02:25:51 0 d-------- C:\Program Files\Folder Lock
2007-08-10 02:19:55 212992 --a------ C:\WINDOWS\system32\wodShellMenu.dll <Not Verified; WeOnlyDo! COM; wodShellMenu Component>
2007-08-10 02:19:55 282624 --a------ C:\WINDOWS\system32\wgp.exe <Not Verified; WGP Security Software; WinGuard Pro>
2007-08-09 17:35:49 0 d-------- C:\WINDOWS\Sun
2007-08-09 17:35:49 0 d-------- C:\Documents and Settings\Danny\Application Data\Sun
2007-08-09 17:34:49 0 d-------- C:\Program Files\Java
2007-08-09 17:11:08 0 d-------- C:\Program Files\Common Files\Java
2007-08-08 18:32:04 0 d--h----- C:\WINDOWS\PIF
2007-08-08 08:39:52 0 d-------- C:\Documents and Settings\Danny\Application Data\Google
2007-08-08 08:38:22 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-08-08 08:38:06 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2007-08-08 08:38:02 0 d-------- C:\Program Files\DAP
2007-08-08 08:38:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-08-08 08:38:01 0 d-------- C:\Program Files\Google
2007-08-07 09:01:07 0 d-------- C:\Documents and Settings\Danny\Application Data\ACD Systems
2007-08-07 09:00:00 0 d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2007-08-07 08:59:18 0 d-------- C:\Program Files\ACD Systems
2007-08-06 21:23:53 0 d---s---- C:\Documents and Settings\Danny\UserData
2007-08-06 13:50:49 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-08-06 13:50:06 0 d-------- C:\WINDOWS\ShellNew
2007-08-06 13:25:20 0 d-------- C:\Program Files\Winamp
2007-08-05 09:41:21 0 dr-h----- C:\Documents and Settings\Danny\Recent
2007-08-03 18:15:09 0 d-------- C:\Documents and Settings\Danny\Application Data\MSN6
2007-08-03 18:15:09 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2007-08-02 15:49:46 77824 --a------ C:\WINDOWS\system32\ODBCTL32.dll <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2007-08-02 15:49:46 403216 --a------ C:\WINDOWS\system32\MsRepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2007-08-02 15:49:46 251664 --a------ C:\WINDOWS\system32\MSRD2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-08-02 15:49:46 37136 --a------ C:\WINDOWS\system32\MSJInt35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-08-02 15:49:46 1039360 --a------ C:\WINDOWS\system32\MSJet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-08-02 15:49:45 24336 --a------ C:\WINDOWS\system32\MSJtEr35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-08-02 15:49:21 29696 --a------ C:\WINDOWS\system32\VB5StKit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-08-02 15:49:21 71680 --a------ C:\WINDOWS\ST5UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-08-02 14:42:04 0 d-------- C:\client
2007-08-02 13:18:11 0 d-------- C:\Documents and Settings\Danny\Application Data\Lavasoft
2007-08-02 13:18:05 0 d-------- C:\Ad-Aware SE Personal
2007-08-02 12:54:04 0 d-------- C:\WINDOWS\system32\CBA
2007-08-02 12:54:03 0 d-------- C:\Program Files\Symantec
2007-08-02 12:54:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-08-02 12:53:57 0 d-------- C:\Program Files\Symantec_Client_Security
2007-08-02 12:53:57 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-02 12:51:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-08-02 12:51:44 0 d-------- C:\Program Files\Yahoo!
2007-08-02 12:51:10 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-02 12:50:50 2775 --a------ C:\WINDOWS\mozver.dat
2007-08-02 12:50:50 0 d-------- C:\Documents and Settings\Danny\Application Data\Mozilla
2007-08-02 06:55:17 0 d-------- C:\Documents and Settings\Danny\Application Data\Macromedia
2007-08-01 21:01:53 32 --a------ C:\WINDOWS\popcinfo.dat
2007-07-30 23:48:42 0 d-------- C:\Program Files\Common Files\muvee Technologies
2007-07-30 23:48:39 0 d-------- C:\Program Files\Sony Corporation
2007-07-28 23:03:37 0 d-------- C:\WINDOWS\Provisioning
2007-07-28 23:03:37 0 d-------- C:\WINDOWS\PeerNet
2007-07-28 23:03:37 0 d-------- C:\WINDOWS\ehome
2007-07-28 22:13:38 0 d-------- C:\WINDOWS\pss
2007-07-28 16:31:17 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-07-28 16:31:14 0 d-------- C:\WINDOWS\Prefetch
2007-07-28 16:15:00 0 d-------- C:\WINDOWS\NV824660.TMP
2007-07-28 16:01:40 0 d-------- C:\WINDOWS\setup.pss
2007-07-28 15:41:56 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-07-28 15:40:05 0 d-------- C:\WINDOWS\NV2721736.TMP
2007-07-28 03:22:28 0 d-------- C:\Program Files\Common Files\ODBC
2007-07-28 03:22:25 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-07-28 03:22:24 0 dr------- C:\Program Files
2007-07-28 03:22:24 0 d-------- C:\Program Files\Common Files
2007-07-28 03:21:59 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-07-28 03:21:59 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-07-28 03:21:59 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-07-28 03:21:59 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-07-28 03:21:59 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-07-28 03:21:59 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-07-28 03:21:59 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-07-28 03:21:59 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-07-28 03:21:59 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-07-28 03:21:59 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-07-28 03:21:59 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-07-28 03:21:59 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-07-28 03:21:59 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-07-28 03:21:59 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-07-28 03:21:59 0 dr------- C:\Documents and Settings\All Users\Documents
2007-07-28 03:21:59 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-07-28 03:21:46 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-07-28 03:21:46 0 d-------- C:\WINDOWS\system32\CatRoot
2007-07-28 03:21:41 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-07-28 03:21:41 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-07-28 03:21:41 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-07-28 03:21:41 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-07-28 03:21:22 0 d-------- C:\Documents and Settings
2007-07-28 03:16:19 0 d-a------ C:\WINDOWS
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\WinSxS
2007-07-28 03:16:19 0 dr------- C:\WINDOWS\Web
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\twain_32
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\wins
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\wbem
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\usmt
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\spool
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\ShellExt
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\Setup
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\ras
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\oobe
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\npp
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\mui
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\inetsrv
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\IME
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\icsxml
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\ias
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\export
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\drivers
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-07-28 03:16:19 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\dhcp
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\config
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\3076
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\2052
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1054
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1042
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1041
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1037
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1033
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1031
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1028
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1025
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\security
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Resources
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\repair
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\mui
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\msapps
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\msagent
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Media
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\java
2007-07-28 03:16:19 0 d--h----- C:\WINDOWS\inf
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\ime
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Help
2007-07-28 03:16:19 0 dr--s---- C:\WINDOWS\Fonts
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Driver Cache
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Debug
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Cursors
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Connection Wizard
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Config
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\AppPatch
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\addins
2007-07-27 23:42:20 5248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-07-27 23:42:20 155136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-07-27 23:42:19 0 d-------- C:\Program Files\D-Tools
2007-07-27 23:42:07 0 d-------- C:\WINDOWS\Downloaded Installations
2007-07-27 23:22:50 442368 -ra------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2007-07-27 23:22:48 0 d-------- C:\Program Files\EA GAMES
2007-07-27 22:45:02 0 d-------- C:\Program Files\MIKSOFT
2007-07-27 22:37:44 0 d-------- C:\Documents and Settings\Danny\Application Data\Syntrillium
2007-07-27 22:36:17 0 d-------- C:\Program Files\coolpro2
2007-07-27 22:23:17 0 d-------- C:\Documents and Settings\Danny\Application Data\Ulead Systems
2007-07-27 22:07:42 0 d-------- C:\Documents and Settings\Danny\Application Data\Help
2007-07-27 22:06:34 0 d-------- C:\Driver
2007-07-27 22:06:32 0 d-------- C:\WINDOWS\system32\windows media
2007-07-27 22:06:28 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-07-27 22:06:25 0 d-------- C:\Program Files\Windows Media Components
2007-07-27 22:06:12 0 d-------- C:\WMSDK
2007-07-27 22:05:34 0 d-------- C:\WINDOWS\system32\Adobe
2007-07-27 22:05:34 0 d-------- C:\Documents and Settings\Danny\Application Data\InterTrust
2007-07-27 22:05:34 0 d-------- C:\Documents and Settings\Danny\Application Data\Adobe
2007-07-27 22:03:36 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-07-27 22:03:17 0 d-------- C:\My Music
2007-07-27 22:03:13 0 d-------- C:\Program Files\Real
2007-07-27 22:03:13 0 d-------- C:\Program Files\Common Files\Real
2007-07-27 22:02:23 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2007-07-27 22:01:42 0 d-------- C:\WINDOWS\system32\QuickTime
2007-07-27 22:01:40 0 d-------- C:\Program Files\QuickTime
2007-07-27 22:01:12 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-07-27 22:00:35 0 d-------- C:\Program Files\Common Files\Ulead Systems
2007-07-27 21:55:57 0 d-------- C:\Program Files\Ulead Systems
2007-07-27 21:54:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-07-27 21:41:01 0 d-------- C:\Documents and Settings\Danny\Application Data\CyberLink
2007-07-27 21:41:00 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-27 21:16:17 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-27 21:11:43 0 d-------- C:\Documents and Settings\Danny\Application Data\Ahead
2007-07-27 21:09:37 0 d-------- C:\Program Files\Nero
2007-07-27 21:09:37 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-27 21:09:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-27 20:52:58 0 d-------- C:\WINDOWS\system32\Lang
2007-07-27 20:52:49 0 d-------- C:\MyWorks
2007-07-27 20:52:36 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-27 20:51:18 0 d-------- C:\Program Files\CyberLink
2007-07-27 20:48:31 49152 -ra------ C:\WINDOWS\system32\ChCfg.exe
2007-07-27 20:48:09 0 d-------- C:\WINDOWS\system32\RTCOM
2007-07-27 20:47:06 0 d-------- C:\Program Files\Realtek
2007-07-27 20:47:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-27 20:44:17 520192 -ra------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-07-27 20:44:17 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2007-07-27 20:41:23 0 d-------- C:\WINDOWS\nview
2007-07-27 20:39:00 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-07-27 20:38:42 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-07-27 20:36:55 0 d-------- C:\WINDOWS\system32\Tools
2007-07-27 20:36:46 0 d-------- C:\Program Files\Common Files\InstallShield
2007-07-27 20:36:18 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows ® Codename Longhorn DDK provider; Windows ® Codename Longhorn DDK driver>
2007-07-27 20:33:55 0 d--hs---- C:\WINDOWS\Installer
2007-07-27 20:33:52 0 d-------- C:\Documents and Settings\Danny\Application Data\Identities
2007-07-27 20:33:42 0 d--h----- C:\Documents and Settings\Danny\Templates
2007-07-27 20:33:42 0 dr------- C:\Documents and Settings\Danny\Start Menu
2007-07-27 20:33:42 0 dr-h----- C:\Documents and Settings\Danny\SendTo
2007-07-27 20:33:42 0 d--h----- C:\Documents and Settings\Danny\PrintHood
2007-07-27 20:33:42 3932160 --ah----- C:\Documents and Settings\Danny\NTUSER.DAT
2007-07-27 20:33:42 0 d--h----- C:\Documents and Settings\Danny\NetHood
2007-07-27 20:33:42 0 dr------- C:\Documents and Settings\Danny\My Documents
2007-07-27 20:33:42 0 d--h----- C:\Documents and Settings\Danny\Local Settings
2007-07-27 20:33:42 0 dr------- C:\Documents and Settings\Danny\Favorites
2007-07-27 20:33:42 0 d-------- C:\Documents and Settings\Danny\Desktop
2007-07-27 20:33:42 0 d---s---- C:\Documents and Settings\Danny\Cookies
2007-07-27 20:33:42 0 dr-h----- C:\Documents and Settings\Danny\Application Data
2007-07-27 20:33:08 0 d--hs---- C:\System Volume Information
2007-07-27 20:33:06 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-07-27 20:33:06 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-07-27 20:33:06 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-07-27 20:33:06 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-07-27 20:33:06 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-07-27 20:33:06 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-07-27 20:33:06 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-07-27 20:33:06 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-07-27 20:33:06 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-07-27 20:33:06 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-07-27 20:29:53 0 d-------- C:\WINDOWS\system32\xircom
2007-07-27 20:29:53 0 d-------- C:\Program Files\microsoft frontpage
2007-07-27 20:29:42 0 -rahs---- C:\MSDOS.SYS
2007-07-27 20:29:42 0 -rahs---- C:\IO.SYS
2007-07-27 20:29:42 245760 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-07-27 20:29:42 0 --a------ C:\CONFIG.SYS
2007-07-27 20:29:42 50 --a------ C:\AUTOEXEC.BAT
2007-07-27 20:28:57 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-07-27 20:28:49 0 dr------- C:\WINDOWS\Offline Web Pages
2007-07-27 20:28:49 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-07-27 20:28:24 0 d-------- C:\WINDOWS\system32\DirectX
2007-07-27 20:27:31 0 d---s---- C:\WINDOWS\Tasks
2007-07-27 20:27:27 0 d-------- C:\Program Files\Common Files\MSSoap
2007-07-27 20:27:22 0 d-------- C:\WINDOWS\srchasst
2007-07-27 20:27:21 0 d-------- C:\WINDOWS\system32\Macromed
2007-07-27 20:27:19 0 d-------- C:\Program Files\Movie Maker
2007-07-27 20:27:14 0 d-------- C:\WINDOWS\system32\Restore
2007-07-27 20:27:14 0 d-------- C:\WINDOWS\PCHealth
2007-07-27 20:26:44 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-27 20:26:41 0 d-------- C:\WINDOWS\Registration
2007-07-27 20:26:38 0 d--h----- C:\Program Files\WindowsUpdate
2007-07-27 20:26:38 0 d-------- C:\Program Files\Online Services
2007-07-27 20:26:35 0 d-------- C:\Program Files\Messenger
2007-07-27 20:26:28 0 d-------- C:\Program Files\MSN Gaming Zone
2007-07-27 20:25:40 0 d-------- C:\Program Files\Windows NT
2007-07-27 20:25:37 0 d-------- C:\WINDOWS\system32\MsDtc
2007-07-27 20:25:36 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2007-08-10 20:11:05 3267 --a------ C:\Documents and Settings\Danny\Application Data\update.log
2007-07-28 03:21:59 62 --ahs---- C:\Documents and Settings\Danny\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}]
08/10/2007 10:03 PM 188416 --a------ C:\WINDOWS\duocore.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [08/22/2004 05:05 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [07/30/2002 11:35 AM]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [08/08/2007 08:38 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/16/2006 02:35 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wmpenv"= {E1AE036B-A4B7-4CC0-B53B-B758C69CE44F} - C:\WINDOWS\wmpenv.dll [08/10/2007 12:43 AM 188416]
"wmpconf"= {6A60D9F0-54C7-4AA1-877B-72BB0E11D893} - C:\WINDOWS\wmpconf.dll [08/10/2007 12:43 AM 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurePCCleaner]
C:\Program Files\SecurePCCleaner\GDC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0917d714-454f-11dc-b1c4-001921f55535}]
AutoRun\command- My Zodiak v03A Setup.exe




-- End of Deckard's System Scanner: finished at 2007-08-11 at 19:13:11 ---------






But I didn't got an extra.txt , I DSS it yesterday, should I post it too???

[don77]

I don't need the extra txt

Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
O2 - BHO: MSVPS System - {47C54F02-1B28-45F1-AE46-B5CDFB6E7926} - C:\WINDOWS\duocore.dll
O21 - SSODL: wmpenv - {E1AE036B-A4B7-4CC0-B53B-B758C69CE44F} - C:\WINDOWS\wmpenv.dll
O21 - SSODL: wmpconf - {6A60D9F0-54C7-4AA1-877B-72BB0E11D893} - C:\WINDOWS\wmpconf.dll

Close out HJT

Next

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\WINDOWS\main_uninstaller.exe
  C:\WINDOWS\duocore.dll
  C:\WINDOWS\wmpenv.dll
  C:\WINDOWS\wmpconf.dll
  
  
  
• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
• Click the red Moveit! button.
• Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
• Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Restart your computer even if OT doesn't ask to

Next
Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Post back a fresh HJT log for me as well please
Let me know how the machine is running

[zdanska]

I run OTMoveIt.exe and copied the following files:

C:\WINDOWS\main_uninstaller.exe
C:\WINDOWS\duocore.dll
C:\WINDOWS\wmpenv.dll
C:\WINDOWS\wmpconf.dll

Then Moveit!, after deleting, the program closed just like that and didn't leave me any log text...



Here's the ActiveScan log:



Incident Status Location

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\restart.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Danny\Cookies\[email protected][2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Danny\Cookies\danny@clickbank[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Danny\Cookies\danny@statcounter[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Danny\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Danny\Desktop\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Danny\My Documents\My Completed Downloads\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Danny\My Documents\My Completed Downloads\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Danny\My Documents\My Completed Downloads\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Danny\My Documents\My Completed Downloads\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Danny\My Documents\My Completed Downloads\SmitfraudFix.zip[SmitfraudFix/restart.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Adware:Adware/Trymedia Not disinfected E:\My Data.{21EC2020-3AEA-1069-A2DD-08002B30309D}\Word_Notepad\KudosSetup-dm.exe





HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:21 PM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://www.crawler.c...a...&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =

http://www.crawler.c...spx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =

http://dnl.crawler.c...aspx?TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://www.crawler.c...spx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://dnl.crawler.c...aspx?TbId=60327
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} -

C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: MSVPS System - {47C54F02-1B28-45F1-AE46-B5CDFB6E7926} - C:\WINDOWS\duocore.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -

C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy

Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer =

124.81.123.110,202.155.0.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer =

124.81.123.110,202.155.0.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer =

124.81.123.110,202.155.0.20
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -

C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: wmpenv - {4FF1C667-1322-433D-B454-EE6EC5CD0C16} - C:\WINDOWS\wmpenv.dll
O21 - SSODL: wmpconf - {F55FA04B-13C0-4FFB-AB76-5672B9ECBC1E} - C:\WINDOWS\wmpconf.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program

Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero

BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common

Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation -

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 5881 bytes



And what should I do?

Edited by zdanska, 11 August 2007 - 10:05 AM.

[don77]

Could you scan again wwith DSS and post back the log please

[zdanska]

Deckard's System Scanner v20070809.63
Run by Danny on 2007-08-11 at 23:38:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Danny.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:09 PM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Danny\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Danny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.c...a...&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.c...spx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.c...spx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60327
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: MSVPS System - {47C54F02-1B28-45F1-AE46-B5CDFB6E7926} - C:\WINDOWS\duocore.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer = 124.81.123.110,202.155.0.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer = 124.81.123.110,202.155.0.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer = 124.81.123.110,202.155.0.20
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: wmpenv - {4FF1C667-1322-433D-B454-EE6EC5CD0C16} - C:\WINDOWS\wmpenv.dll
O21 - SSODL: wmpconf - {F55FA04B-13C0-4FFB-AB76-5672B9ECBC1E} - C:\WINDOWS\wmpconf.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 5961 bytes

-- Files created between 2007-07-11 and 2007-08-11 -----------------------------

2007-08-11 20:27:48 188416 --a------ C:\WINDOWS\duocore.dll <Not Verified; ; BhoNew Module>
2007-08-11 20:09:21 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-11 20:05:56 0 d-------- C:\WINDOWS\system32\appmgmt
2007-08-11 20:01:50 32256 --a------ C:\WINDOWS\main_uninstaller.exe
2007-08-11 20:01:49 188416 --a------ C:\WINDOWS\wmpenv.dll <Not Verified; ; IEXPLORE>
2007-08-11 20:01:49 221184 --a------ C:\WINDOWS\wmpconf.dll
2007-08-11 15:27:47 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-11 15:27:46 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-11 15:27:46 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-08-11 15:27:41 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-08-11 15:27:41 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-08-11 10:33:50 0 d-------- C:\New Folder
2007-08-10 22:16:32 15 --a------ C:\WINDOWS\system32\mslck.dat
2007-08-10 22:09:41 12 --a------ C:\WINDOWS\system32\Mlkf.dll
2007-08-10 22:07:14 153088 --a------ C:\WINDOWS\system32\fldlckun.exe
2007-08-10 22:07:14 0 d-------- C:\Program Files\FolderAccess
2007-08-10 22:03:39 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-08-10 21:47:08 38400 --a------ C:\WINDOWS\system32\UUCODE32.DLL <Not Verified; Catalyst Development Corporation; Catalyst SocketTools>
2007-08-10 21:47:08 0 d-------- C:\Program Files\BillingExplorer Ver 4.43 DeskPro 4.0
2007-08-10 20:04:10 0 d-------- C:\WINDOWS\system32\PreInstall
2007-08-10 20:04:08 0 d--h----- C:\WINDOWS\$hf_mig$
2007-08-10 19:29:55 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-08-10 19:03:04 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-08-10 19:02:59 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-08-10 19:02:59 0 d-------- C:\Documents and Settings\Danny\Application Data\SUPERAntiSpyware.com
2007-08-10 19:02:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-10 18:25:51 0 d-------- C:\Program Files\Trend Micro
2007-08-10 17:52:15 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-08-10 17:42:02 888569 --a------ C:\SmitfraudFix.exe
2007-08-10 17:29:43 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-08-10 17:29:43 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-08-10 17:29:43 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-08-10 17:29:43 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-08-10 17:29:43 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-08-10 17:29:43 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-08-10 17:29:43 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-08-10 17:29:43 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-08-10 17:29:43 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-08-10 17:29:43 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-08-10 17:29:43 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-10 17:29:43 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-08-10 17:29:43 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-08-10 17:29:43 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-08-10 17:24:36 1814 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-10 17:04:12 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-08-10 16:38:16 233472 --a------ C:\WINDOWS\system32\eraserl.exe <Not Verified; -; Eraser>
2007-08-10 16:38:15 282624 --a------ C:\WINDOWS\system32\erasext.dll <Not Verified; -; Eraser>
2007-08-10 16:38:15 610304 --a------ C:\WINDOWS\system32\eraser.dll <Not Verified; -; Eraser>
2007-08-10 16:38:14 0 d-------- C:\Program Files\Eraser
2007-08-10 13:12:04 0 d-------- C:\Program Files\Crawler
2007-08-10 11:16:09 0 d-------- C:\Documents and Settings\Danny\Application Data\TrustedAntivirus
2007-08-10 05:41:54 36864 --a------ C:\WINDOWS\system32\LckFldService.exe <Not Verified; ; LckFldService>
2007-08-10 05:41:53 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2007-08-10 02:25:58 256 --a------ C:\sccfg.sys
2007-08-10 02:25:53 77824 --a------ C:\WINDOWS\system32\FLKill.exe <Not Verified; USPTO; Project1>
2007-08-10 02:25:51 0 d-------- C:\Program Files\Folder Lock
2007-08-10 02:19:55 212992 --a------ C:\WINDOWS\system32\wodShellMenu.dll <Not Verified; WeOnlyDo! COM; wodShellMenu Component>
2007-08-10 02:19:55 282624 --a------ C:\WINDOWS\system32\wgp.exe <Not Verified; WGP Security Software; WinGuard Pro>
2007-08-09 17:35:49 0 d-------- C:\WINDOWS\Sun
2007-08-09 17:35:49 0 d-------- C:\Documents and Settings\Danny\Application Data\Sun
2007-08-09 17:34:49 0 d-------- C:\Program Files\Java
2007-08-09 17:11:08 0 d-------- C:\Program Files\Common Files\Java
2007-08-08 18:32:04 0 d--h----- C:\WINDOWS\PIF
2007-08-08 08:39:52 0 d-------- C:\Documents and Settings\Danny\Application Data\Google
2007-08-08 08:38:22 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-08-08 08:38:06 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2007-08-08 08:38:02 0 d-------- C:\Program Files\DAP
2007-08-08 08:38:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-08-08 08:38:01 0 d-------- C:\Program Files\Google
2007-08-07 09:01:07 0 d-------- C:\Documents and Settings\Danny\Application Data\ACD Systems
2007-08-07 09:00:00 0 d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2007-08-07 08:59:18 0 d-------- C:\Program Files\ACD Systems
2007-08-06 21:23:53 0 d---s---- C:\Documents and Settings\Danny\UserData
2007-08-06 13:50:49 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-08-06 13:50:06 0 d-------- C:\WINDOWS\ShellNew
2007-08-06 13:25:20 0 d-------- C:\Program Files\Winamp
2007-08-05 09:41:21 0 dr-h----- C:\Documents and Settings\Danny\Recent
2007-08-03 18:15:09 0 d-------- C:\Documents and Settings\Danny\Application Data\MSN6
2007-08-03 18:15:09 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2007-08-02 15:49:46 77824 --a------ C:\WINDOWS\system32\ODBCTL32.dll <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2007-08-02 15:49:46 403216 --a------ C:\WINDOWS\system32\MsRepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2007-08-02 15:49:46 251664 --a------ C:\WINDOWS\system32\MSRD2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-08-02 15:49:46 37136 --a------ C:\WINDOWS\system32\MSJInt35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-08-02 15:49:46 1039360 --a------ C:\WINDOWS\system32\MSJet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-08-02 15:49:45 24336 --a------ C:\WINDOWS\system32\MSJtEr35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-08-02 15:49:21 29696 --a------ C:\WINDOWS\system32\VB5StKit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-08-02 15:49:21 71680 --a------ C:\WINDOWS\ST5UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-08-02 14:42:04 0 d-------- C:\client
2007-08-02 13:18:11 0 d-------- C:\Documents and Settings\Danny\Application Data\Lavasoft
2007-08-02 13:18:05 0 d-------- C:\Ad-Aware SE Personal
2007-08-02 12:54:04 0 d-------- C:\WINDOWS\system32\CBA
2007-08-02 12:54:03 0 d-------- C:\Program Files\Symantec
2007-08-02 12:54:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-08-02 12:53:57 0 d-------- C:\Program Files\Symantec_Client_Security
2007-08-02 12:53:57 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-02 12:51:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-08-02 12:51:44 0 d-------- C:\Program Files\Yahoo!
2007-08-02 12:51:10 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-02 12:50:50 2775 --a------ C:\WINDOWS\mozver.dat
2007-08-02 12:50:50 0 d-------- C:\Documents and Settings\Danny\Application Data\Mozilla
2007-08-02 06:55:17 0 d-------- C:\Documents and Settings\Danny\Application Data\Macromedia
2007-08-01 21:01:53 32 --a------ C:\WINDOWS\popcinfo.dat
2007-07-30 23:48:42 0 d-------- C:\Program Files\Common Files\muvee Technologies
2007-07-30 23:48:39 0 d-------- C:\Program Files\Sony Corporation
2007-07-28 23:03:37 0 d-------- C:\WINDOWS\Provisioning
2007-07-28 23:03:37 0 d-------- C:\WINDOWS\PeerNet
2007-07-28 23:03:37 0 d-------- C:\WINDOWS\ehome
2007-07-28 22:13:38 0 d-------- C:\WINDOWS\pss
2007-07-28 16:31:17 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-07-28 16:31:14 0 d-------- C:\WINDOWS\Prefetch
2007-07-28 16:15:00 0 d-------- C:\WINDOWS\NV824660.TMP
2007-07-28 16:01:40 0 d-------- C:\WINDOWS\setup.pss
2007-07-28 15:41:56 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-07-28 15:40:05 0 d-------- C:\WINDOWS\NV2721736.TMP
2007-07-28 03:22:28 0 d-------- C:\Program Files\Common Files\ODBC
2007-07-28 03:22:25 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-07-28 03:22:24 0 dr------- C:\Program Files
2007-07-28 03:22:24 0 d-------- C:\Program Files\Common Files
2007-07-28 03:21:59 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-07-28 03:21:59 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-07-28 03:21:59 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-07-28 03:21:59 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-07-28 03:21:59 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-07-28 03:21:59 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-07-28 03:21:59 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-07-28 03:21:59 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-07-28 03:21:59 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-07-28 03:21:59 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-07-28 03:21:59 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-07-28 03:21:59 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-07-28 03:21:59 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-07-28 03:21:59 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-07-28 03:21:59 0 dr------- C:\Documents and Settings\All Users\Documents
2007-07-28 03:21:59 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-07-28 03:21:46 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-07-28 03:21:46 0 d-------- C:\WINDOWS\system32\CatRoot
2007-07-28 03:21:41 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-07-28 03:21:41 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-07-28 03:21:41 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-07-28 03:21:41 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-07-28 03:21:22 0 d-------- C:\Documents and Settings
2007-07-28 03:16:19 0 d-a------ C:\WINDOWS
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\WinSxS
2007-07-28 03:16:19 0 dr------- C:\WINDOWS\Web
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\twain_32
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\wins
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\wbem
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\usmt
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\spool
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\ShellExt
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\Setup
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\ras
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\oobe
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\npp
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\mui
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\inetsrv
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\IME
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\icsxml
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\ias
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\export
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\drivers
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-07-28 03:16:19 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\dhcp
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\config
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\3076
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\2052
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1054
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1042
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1041
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1037
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1033
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1031
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1028
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1025
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\security
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Resources
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\repair
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\mui
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\msapps
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\msagent
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Media
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\java
2007-07-28 03:16:19 0 d--h----- C:\WINDOWS\inf
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\ime
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Help
2007-07-28 03:16:19 0 dr--s---- C:\WINDOWS\Fonts
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Driver Cache
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Debug
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Cursors
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Connection Wizard
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Config
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\AppPatch
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\addins
2007-07-27 23:42:20 5248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-07-27 23:42:20 155136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-07-27 23:42:19 0 d-------- C:\Program Files\D-Tools
2007-07-27 23:42:07 0 d-------- C:\WINDOWS\Downloaded Installations
2007-07-27 23:22:50 442368 -ra------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2007-07-27 23:22:48 0 d-------- C:\Program Files\EA GAMES
2007-07-27 22:45:02 0 d-------- C:\Program Files\MIKSOFT
2007-07-27 22:37:44 0 d-------- C:\Documents and Settings\Danny\Application Data\Syntrillium
2007-07-27 22:36:17 0 d-------- C:\Program Files\coolpro2
2007-07-27 22:23:17 0 d-------- C:\Documents and Settings\Danny\Application Data\Ulead Systems
2007-07-27 22:07:42 0 d-------- C:\Documents and Settings\Danny\Application Data\Help
2007-07-27 22:06:34 0 d-------- C:\Driver
2007-07-27 22:06:32 0 d-------- C:\WINDOWS\system32\windows media
2007-07-27 22:06:28 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-07-27 22:06:25 0 d-------- C:\Program Files\Windows Media Components
2007-07-27 22:06:12 0 d-------- C:\WMSDK
2007-07-27 22:05:34 0 d-------- C:\WINDOWS\system32\Adobe
2007-07-27 22:05:34 0 d-------- C:\Documents and Settings\Danny\Application Data\InterTrust
2007-07-27 22:05:34 0 d-------- C:\Documents and Settings\Danny\Application Data\Adobe
2007-07-27 22:03:36 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-07-27 22:03:17 0 d-------- C:\My Music
2007-07-27 22:03:13 0 d-------- C:\Program Files\Real
2007-07-27 22:03:13 0 d-------- C:\Program Files\Common Files\Real
2007-07-27 22:02:23 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2007-07-27 22:01:42 0 d-------- C:\WINDOWS\system32\QuickTime
2007-07-27 22:01:40 0 d-------- C:\Program Files\QuickTime
2007-07-27 22:01:12 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-07-27 22:00:35 0 d-------- C:\Program Files\Common Files\Ulead Systems
2007-07-27 21:55:57 0 d-------- C:\Program Files\Ulead Systems
2007-07-27 21:54:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-07-27 21:41:01 0 d-------- C:\Documents and Settings\Danny\Application Data\CyberLink
2007-07-27 21:41:00 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-27 21:16:17 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-27 21:11:43 0 d-------- C:\Documents and Settings\Danny\Application Data\Ahead
2007-07-27 21:09:37 0 d-------- C:\Program Files\Nero
2007-07-27 21:09:37 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-27 21:09:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-27 20:52:58 0 d-------- C:\WINDOWS\system32\Lang
2007-07-27 20:52:49 0 d-------- C:\MyWorks
2007-07-27 20:52:36 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-27 20:51:18 0 d-------- C:\Program Files\CyberLink
2007-07-27 20:48:31 49152 -ra------ C:\WINDOWS\system32\ChCfg.exe
2007-07-27 20:48:09 0 d-------- C:\WINDOWS\system32\RTCOM
2007-07-27 20:47:06 0 d-------- C:\Program Files\Realtek
2007-07-27 20:47:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-27 20:44:17 520192 -ra------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-07-27 20:44:17 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2007-07-27 20:41:23 0 d-------- C:\WINDOWS\nview
2007-07-27 20:39:00 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-07-27 20:38:42 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-07-27 20:36:55 0 d-------- C:\WINDOWS\system32\Tools
2007-07-27 20:36:46 0 d-------- C:\Program Files\Common Files\InstallShield
2007-07-27 20:36:18 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows ® Codename Longhorn DDK provider; Windows ® Codename Longhorn DDK driver>
2007-07-27 20:33:55 0 d--hs---- C:\WINDOWS\Installer
2007-07-27 20:33:52 0 d-------- C:\Documents and Settings\Danny\Application Data\Identities
2007-07-27 20:33:42 0 d--h----- C:\Documents and Settings\Danny\Templates
2007-07-27 20:33:42 0 dr------- C:\Documents and Settings\Danny\Start Menu
2007-07-27 20:33:42 0 dr-h----- C:\Documents and Settings\Danny\SendTo
2007-07-27 20:33:42 0 d--h----- C:\Documents and Settings\Danny\PrintHood
2007-07-27 20:33:42 3932160 --ah----- C:\Documents and Settings\Danny\NTUSER.DAT
2007-07-27 20:33:42 0 d--h----- C:\Documents and Settings\Danny\NetHood
2007-07-27 20:33:42 0 dr------- C:\Documents and Settings\Danny\My Documents
2007-07-27 20:33:42 0 d--h----- C:\Documents and Settings\Danny\Local Settings
2007-07-27 20:33:42 0 dr------- C:\Documents and Settings\Danny\Favorites
2007-07-27 20:33:42 0 d-------- C:\Documents and Settings\Danny\Desktop
2007-07-27 20:33:42 0 d---s---- C:\Documents and Settings\Danny\Cookies
2007-07-27 20:33:42 0 dr-h----- C:\Documents and Settings\Danny\Application Data
2007-07-27 20:33:08 0 d--hs---- C:\System Volume Information
2007-07-27 20:33:06 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-07-27 20:33:06 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-07-27 20:33:06 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-07-27 20:33:06 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-07-27 20:33:06 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-07-27 20:33:06 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-07-27 20:33:06 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-07-27 20:33:06 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-07-27 20:33:06 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-07-27 20:33:06 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-07-27 20:29:53 0 d-------- C:\WINDOWS\system32\xircom
2007-07-27 20:29:53 0 d-------- C:\Program Files\microsoft frontpage
2007-07-27 20:29:42 0 -rahs---- C:\MSDOS.SYS
2007-07-27 20:29:42 0 -rahs---- C:\IO.SYS
2007-07-27 20:29:42 245760 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-07-27 20:29:42 0 --a------ C:\CONFIG.SYS
2007-07-27 20:29:42 50 --a------ C:\AUTOEXEC.BAT
2007-07-27 20:28:57 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-07-27 20:28:49 0 dr------- C:\WINDOWS\Offline Web Pages
2007-07-27 20:28:49 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-07-27 20:28:24 0 d-------- C:\WINDOWS\system32\DirectX
2007-07-27 20:27:31 0 d---s---- C:\WINDOWS\Tasks
2007-07-27 20:27:27 0 d-------- C:\Program Files\Common Files\MSSoap
2007-07-27 20:27:22 0 d-------- C:\WINDOWS\srchasst
2007-07-27 20:27:21 0 d-------- C:\WINDOWS\system32\Macromed
2007-07-27 20:27:19 0 d-------- C:\Program Files\Movie Maker
2007-07-27 20:27:14 0 d-------- C:\WINDOWS\system32\Restore
2007-07-27 20:27:14 0 d-------- C:\WINDOWS\PCHealth
2007-07-27 20:26:44 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-27 20:26:41 0 d-------- C:\WINDOWS\Registration
2007-07-27 20:26:38 0 d--h----- C:\Program Files\WindowsUpdate
2007-07-27 20:26:38 0 d-------- C:\Program Files\Online Services
2007-07-27 20:26:35 0 d-------- C:\Program Files\Messenger
2007-07-27 20:26:28 0 d-------- C:\Program Files\MSN Gaming Zone
2007-07-27 20:25:40 0 d-------- C:\Program Files\Windows NT
2007-07-27 20:25:37 0 d-------- C:\WINDOWS\system32\MsDtc
2007-07-27 20:25:36 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2007-08-10 20:11:05 3267 --a------ C:\Documents and Settings\Danny\Application Data\update.log
2007-07-28 03:21:59 62 --ahs---- C:\Documents and Settings\Danny\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}]
08/10/2007 10:03 PM 188416 --a------ C:\WINDOWS\duocore.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [08/22/2004 05:05 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [07/30/2002 11:35 AM]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [08/08/2007 08:38 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/16/2006 02:35 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wmpenv"= {4FF1C667-1322-433D-B454-EE6EC5CD0C16} - C:\WINDOWS\wmpenv.dll [08/10/2007 10:03 PM 188416]
"wmpconf"= {F55FA04B-13C0-4FFB-AB76-5672B9ECBC1E} - C:\WINDOWS\wmpconf.dll [08/10/2007 10:03 PM 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurePCCleaner]
C:\Program Files\SecurePCCleaner\GDC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0917d714-454f-11dc-b1c4-001921f55535}]
AutoRun\command- My Zodiak v03A Setup.exe




-- End of Deckard's System Scanner: finished at 2007-08-11 at 23:38:54 ---------

[don77]

Run through the same instructions I posted earlier
after your done with them run This scan


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.

Post back a fres DSS log when complete

[zdanska]

Deckard's System Scanner v20070809.63
Run by Danny on 2007-08-12 at 03:05:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Danny.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:13 AM, on 8/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\LckFldService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Documents and Settings\Danny\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Danny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.c...a...&tbid=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.c...spx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60327
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer = 124.81.123.110,202.155.0.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer = 124.81.123.110,202.155.0.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer = 124.81.123.110,202.155.0.20
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: wmpconf - {D35A6428-5241-4691-AD44-564887AC4F03} - C:\WINDOWS\wmpconf.dll (file missing)
O21 - SSODL: wmpenv - {886B5B04-72C6-4D8C-9CA6-EA4E74804ED2} - C:\WINDOWS\wmpenv.dll (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 5520 bytes

-- Files created between 2007-07-12 and 2007-08-12 -----------------------------

2007-08-12 02:03:42 0 d-------- C:\Documents and Settings\Danny\DoctorWeb
2007-08-11 23:57:51 0 d-------- C:\Program Files\YHsmiles
2007-08-11 20:09:21 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-11 20:05:56 0 d-------- C:\WINDOWS\system32\appmgmt
2007-08-11 15:27:47 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-11 15:27:46 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-11 15:27:46 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-08-11 15:27:41 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-08-11 15:27:41 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-08-11 10:33:50 0 d-------- C:\New Folder
2007-08-10 22:16:32 15 --a------ C:\WINDOWS\system32\mslck.dat
2007-08-10 22:09:41 12 --a------ C:\WINDOWS\system32\Mlkf.dll
2007-08-10 22:07:14 153088 --a------ C:\WINDOWS\system32\fldlckun.exe
2007-08-10 22:07:14 0 d-------- C:\Program Files\FolderAccess
2007-08-10 22:03:39 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-08-10 21:47:08 38400 --a------ C:\WINDOWS\system32\UUCODE32.DLL <Not Verified; Catalyst Development Corporation; Catalyst SocketTools>
2007-08-10 21:47:08 0 d-------- C:\Program Files\BillingExplorer Ver 4.43 DeskPro 4.0
2007-08-10 20:04:10 0 d-------- C:\WINDOWS\system32\PreInstall
2007-08-10 20:04:08 0 d--h----- C:\WINDOWS\$hf_mig$
2007-08-10 19:29:55 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-08-10 19:03:04 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-08-10 19:02:59 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-08-10 19:02:59 0 d-------- C:\Documents and Settings\Danny\Application Data\SUPERAntiSpyware.com
2007-08-10 19:02:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-10 18:25:51 0 d-------- C:\Program Files\Trend Micro
2007-08-10 17:52:15 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-08-10 17:42:02 888569 --a------ C:\SmitfraudFix.exe
2007-08-10 17:29:43 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-08-10 17:29:43 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-08-10 17:29:43 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-08-10 17:29:43 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-08-10 17:29:43 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-08-10 17:29:43 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-08-10 17:29:43 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-08-10 17:29:43 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-08-10 17:29:43 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-08-10 17:29:43 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-08-10 17:29:43 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-10 17:29:43 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-08-10 17:29:43 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-08-10 17:29:43 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-08-10 17:24:36 1814 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-10 17:04:12 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-08-10 16:38:16 233472 --a------ C:\WINDOWS\system32\eraserl.exe <Not Verified; -; Eraser>
2007-08-10 16:38:15 282624 --a------ C:\WINDOWS\system32\erasext.dll <Not Verified; -; Eraser>
2007-08-10 16:38:15 610304 --a------ C:\WINDOWS\system32\eraser.dll <Not Verified; -; Eraser>
2007-08-10 16:38:14 0 d-------- C:\Program Files\Eraser
2007-08-10 13:12:04 0 d-------- C:\Program Files\Crawler
2007-08-10 11:16:09 0 d-------- C:\Documents and Settings\Danny\Application Data\TrustedAntivirus
2007-08-10 05:41:54 36864 --a------ C:\WINDOWS\system32\LckFldService.exe <Not Verified; ; LckFldService>
2007-08-10 05:41:53 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2007-08-10 02:25:58 256 --a------ C:\sccfg.sys
2007-08-10 02:25:53 77824 --a------ C:\WINDOWS\system32\FLKill.exe <Not Verified; USPTO; Project1>
2007-08-10 02:25:51 0 d-------- C:\Program Files\Folder Lock
2007-08-10 02:19:55 212992 --a------ C:\WINDOWS\system32\wodShellMenu.dll <Not Verified; WeOnlyDo! COM; wodShellMenu Component>
2007-08-10 02:19:55 282624 --a------ C:\WINDOWS\system32\wgp.exe <Not Verified; WGP Security Software; WinGuard Pro>
2007-08-09 17:35:49 0 d-------- C:\WINDOWS\Sun
2007-08-09 17:35:49 0 d-------- C:\Documents and Settings\Danny\Application Data\Sun
2007-08-09 17:34:49 0 d-------- C:\Program Files\Java
2007-08-09 17:11:08 0 d-------- C:\Program Files\Common Files\Java
2007-08-08 18:32:04 0 d--h----- C:\WINDOWS\PIF
2007-08-08 08:39:52 0 d-------- C:\Documents and Settings\Danny\Application Data\Google
2007-08-08 08:38:22 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-08-08 08:38:06 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2007-08-08 08:38:02 0 d-------- C:\Program Files\DAP
2007-08-08 08:38:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-08-08 08:38:01 0 d-------- C:\Program Files\Google
2007-08-07 09:01:07 0 d-------- C:\Documents and Settings\Danny\Application Data\ACD Systems
2007-08-07 09:00:00 0 d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2007-08-07 08:59:18 0 d-------- C:\Program Files\ACD Systems
2007-08-06 21:23:53 0 d---s---- C:\Documents and Settings\Danny\UserData
2007-08-06 13:50:49 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-08-06 13:50:06 0 d-------- C:\WINDOWS\ShellNew
2007-08-06 13:25:20 0 d-------- C:\Program Files\Winamp
2007-08-05 09:41:21 0 dr-h----- C:\Documents and Settings\Danny\Recent
2007-08-03 18:15:09 0 d-------- C:\Documents and Settings\Danny\Application Data\MSN6
2007-08-03 18:15:09 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2007-08-02 15:49:46 77824 --a------ C:\WINDOWS\system32\ODBCTL32.dll <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2007-08-02 15:49:46 403216 --a------ C:\WINDOWS\system32\MsRepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2007-08-02 15:49:46 251664 --a------ C:\WINDOWS\system32\MSRD2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-08-02 15:49:46 37136 --a------ C:\WINDOWS\system32\MSJInt35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-08-02 15:49:46 1039360 --a------ C:\WINDOWS\system32\MSJet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-08-02 15:49:45 24336 --a------ C:\WINDOWS\system32\MSJtEr35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-08-02 15:49:21 29696 --a------ C:\WINDOWS\system32\VB5StKit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-08-02 15:49:21 71680 --a------ C:\WINDOWS\ST5UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-08-02 14:42:04 0 d-------- C:\client
2007-08-02 13:18:11 0 d-------- C:\Documents and Settings\Danny\Application Data\Lavasoft
2007-08-02 13:18:05 0 d-------- C:\Ad-Aware SE Personal
2007-08-02 12:54:04 0 d-------- C:\WINDOWS\system32\CBA
2007-08-02 12:54:03 0 d-------- C:\Program Files\Symantec
2007-08-02 12:54:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-08-02 12:53:57 0 d-------- C:\Program Files\Symantec_Client_Security
2007-08-02 12:53:57 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-02 12:51:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-08-02 12:51:44 0 d-------- C:\Program Files\Yahoo!
2007-08-02 12:51:10 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-02 12:50:50 2775 --a------ C:\WINDOWS\mozver.dat
2007-08-02 12:50:50 0 d-------- C:\Documents and Settings\Danny\Application Data\Mozilla
2007-08-02 06:55:17 0 d-------- C:\Documents and Settings\Danny\Application Data\Macromedia
2007-08-01 21:01:53 32 --a------ C:\WINDOWS\popcinfo.dat
2007-07-30 23:48:42 0 d-------- C:\Program Files\Common Files\muvee Technologies
2007-07-30 23:48:39 0 d-------- C:\Program Files\Sony Corporation
2007-07-28 23:03:37 0 d-------- C:\WINDOWS\Provisioning
2007-07-28 23:03:37 0 d-------- C:\WINDOWS\PeerNet
2007-07-28 23:03:37 0 d-------- C:\WINDOWS\ehome
2007-07-28 22:13:38 0 d-------- C:\WINDOWS\pss
2007-07-28 16:31:17 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-07-28 16:31:14 0 d-------- C:\WINDOWS\Prefetch
2007-07-28 16:15:00 0 d-------- C:\WINDOWS\NV824660.TMP
2007-07-28 16:01:40 0 d-------- C:\WINDOWS\setup.pss
2007-07-28 15:41:56 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-07-28 15:40:05 0 d-------- C:\WINDOWS\NV2721736.TMP
2007-07-28 03:22:28 0 d-------- C:\Program Files\Common Files\ODBC
2007-07-28 03:22:25 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-07-28 03:22:24 0 dr------- C:\Program Files
2007-07-28 03:22:24 0 d-------- C:\Program Files\Common Files
2007-07-28 03:21:59 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-07-28 03:21:59 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-07-28 03:21:59 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-07-28 03:21:59 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-07-28 03:21:59 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-07-28 03:21:59 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-07-28 03:21:59 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-07-28 03:21:59 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-07-28 03:21:59 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-07-28 03:21:59 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-07-28 03:21:59 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-07-28 03:21:59 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-07-28 03:21:59 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-07-28 03:21:59 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-07-28 03:21:59 0 dr------- C:\Documents and Settings\All Users\Documents
2007-07-28 03:21:59 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-07-28 03:21:46 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-07-28 03:21:46 0 d-------- C:\WINDOWS\system32\CatRoot
2007-07-28 03:21:41 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-07-28 03:21:41 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-07-28 03:21:41 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-07-28 03:21:41 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-07-28 03:21:22 0 d-------- C:\Documents and Settings
2007-07-28 03:16:19 0 d-a------ C:\WINDOWS
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\WinSxS
2007-07-28 03:16:19 0 dr------- C:\WINDOWS\Web
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\twain_32
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\wins
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\wbem
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\usmt
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\spool
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\ShellExt
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\Setup
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\ras
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\oobe
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\npp
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\mui
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\inetsrv
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\IME
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\icsxml
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\ias
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\export
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\drivers
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-07-28 03:16:19 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\dhcp
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\config
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\3076
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\2052
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1054
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1042
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1041
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1037
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1033
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1031
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1028
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system32\1025
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\system
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\security
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Resources
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\repair
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\mui
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\msapps
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\msagent
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Media
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\java
2007-07-28 03:16:19 0 d--h----- C:\WINDOWS\inf
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\ime
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Help
2007-07-28 03:16:19 0 dr--s---- C:\WINDOWS\Fonts
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Driver Cache
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Debug
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Cursors
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Connection Wizard
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\Config
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\AppPatch
2007-07-28 03:16:19 0 d-------- C:\WINDOWS\addins
2007-07-27 23:42:20 5248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-07-27 23:42:20 155136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-07-27 23:42:19 0 d-------- C:\Program Files\D-Tools
2007-07-27 23:42:07 0 d-------- C:\WINDOWS\Downloaded Installations
2007-07-27 23:22:50 442368 -ra------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2007-07-27 23:22:48 0 d-------- C:\Program Files\EA GAMES
2007-07-27 22:45:02 0 d-------- C:\Program Files\MIKSOFT
2007-07-27 22:37:44 0 d-------- C:\Documents and Settings\Danny\Application Data\Syntrillium
2007-07-27 22:36:17 0 d-------- C:\Program Files\coolpro2
2007-07-27 22:23:17 0 d-------- C:\Documents and Settings\Danny\Application Data\Ulead Systems
2007-07-27 22:07:42 0 d-------- C:\Documents and Settings\Danny\Application Data\Help
2007-07-27 22:06:34 0 d-------- C:\Driver
2007-07-27 22:06:32 0 d-------- C:\WINDOWS\system32\windows media
2007-07-27 22:06:28 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-07-27 22:06:25 0 d-------- C:\Program Files\Windows Media Components
2007-07-27 22:06:12 0 d-------- C:\WMSDK
2007-07-27 22:05:34 0 d-------- C:\WINDOWS\system32\Adobe
2007-07-27 22:05:34 0 d-------- C:\Documents and Settings\Danny\Application Data\InterTrust
2007-07-27 22:05:34 0 d-------- C:\Documents and Settings\Danny\Application Data\Adobe
2007-07-27 22:03:36 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-07-27 22:03:17 0 d-------- C:\My Music
2007-07-27 22:03:13 0 d-------- C:\Program Files\Real
2007-07-27 22:03:13 0 d-------- C:\Program Files\Common Files\Real
2007-07-27 22:02:23 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2007-07-27 22:01:42 0 d-------- C:\WINDOWS\system32\QuickTime
2007-07-27 22:01:40 0 d-------- C:\Program Files\QuickTime
2007-07-27 22:01:12 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-07-27 22:00:35 0 d-------- C:\Program Files\Common Files\Ulead Systems
2007-07-27 21:55:57 0 d-------- C:\Program Files\Ulead Systems
2007-07-27 21:54:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-07-27 21:41:01 0 d-------- C:\Documents and Settings\Danny\Application Data\CyberLink
2007-07-27 21:41:00 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-27 21:16:17 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-27 21:11:43 0 d-------- C:\Documents and Settings\Danny\Application Data\Ahead
2007-07-27 21:09:37 0 d-------- C:\Program Files\Nero
2007-07-27 21:09:37 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-27 21:09:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-27 20:52:58 0 d-------- C:\WINDOWS\system32\Lang
2007-07-27 20:52:49 0 d-------- C:\MyWorks
2007-07-27 20:52:36 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-27 20:51:18 0 d-------- C:\Program Files\CyberLink
2007-07-27 20:48:31 49152 -ra------ C:\WINDOWS\system32\ChCfg.exe
2007-07-27 20:48:09 0 d-------- C:\WINDOWS\system32\RTCOM
2007-07-27 20:47:06 0 d-------- C:\Program Files\Realtek
2007-07-27 20:47:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-27 20:44:17 520192 -ra------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-07-27 20:44:17 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2007-07-27 20:41:23 0 d-------- C:\WINDOWS\nview
2007-07-27 20:39:00 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-07-27 20:38:42 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-07-27 20:36:55 0 d-------- C:\WINDOWS\system32\Tools
2007-07-27 20:36:46 0 d-------- C:\Program Files\Common Files\InstallShield
2007-07-27 20:36:18 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows ® Codename Longhorn DDK provider; Windows ® Codename Longhorn DDK driver>
2007-07-27 20:33:55 0 d--hs---- C:\WINDOWS\Installer
2007-07-27 20:33:52 0 d-------- C:\Documents and Settings\Danny\Application Data\Identities
2007-07-27 20:33:42 0 d--h----- C:\Documents and Settings\Danny\Templates
2007-07-27 20:33:42 0 dr------- C:\Documents and Settings\Danny\Start Menu
2007-07-27 20:33:42 0 dr-h----- C:\Documents and Settings\Danny\SendTo
2007-07-27 20:33:42 0 d--h----- C:\Documents and Settings\Danny\PrintHood
2007-07-27 20:33:42 3932160 --ah----- C:\Documents and Settings\Danny\NTUSER.DAT
2007-07-27 20:33:42 0 d--h----- C:\Documents and Settings\Danny\NetHood
2007-07-27 20:33:42 0 dr------- C:\Documents and Settings\Danny\My Documents
2007-07-27 20:33:42 0 d--h----- C:\Documents and Settings\Danny\Local Settings
2007-07-27 20:33:42 0 dr------- C:\Documents and Settings\Danny\Favorites
2007-07-27 20:33:42 0 d-------- C:\Documents and Settings\Danny\Desktop
2007-07-27 20:33:42 0 d---s---- C:\Documents and Settings\Danny\Cookies
2007-07-27 20:33:42 0 dr-h----- C:\Documents and Settings\Danny\Application Data
2007-07-27 20:33:08 0 d--hs---- C:\System Volume Information
2007-07-27 20:33:06 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-07-27 20:33:06 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-07-27 20:33:06 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-07-27 20:33:06 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-07-27 20:33:06 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-07-27 20:33:06 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-07-27 20:33:06 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-07-27 20:33:06 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-07-27 20:33:06 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-07-27 20:33:06 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-07-27 20:29:53 0 d-------- C:\WINDOWS\system32\xircom
2007-07-27 20:29:53 0 d-------- C:\Program Files\microsoft frontpage
2007-07-27 20:29:42 0 -rahs---- C:\MSDOS.SYS
2007-07-27 20:29:42 0 -rahs---- C:\IO.SYS
2007-07-27 20:29:42 245760 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-07-27 20:29:42 0 --a------ C:\CONFIG.SYS
2007-07-27 20:29:42 50 --a------ C:\AUTOEXEC.BAT
2007-07-27 20:28:57 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-07-27 20:28:49 0 dr------- C:\WINDOWS\Offline Web Pages
2007-07-27 20:28:49 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-07-27 20:28:24 0 d-------- C:\WINDOWS\system32\DirectX
2007-07-27 20:27:31 0 d---s---- C:\WINDOWS\Tasks
2007-07-27 20:27:27 0 d-------- C:\Program Files\Common Files\MSSoap
2007-07-27 20:27:22 0 d-------- C:\WINDOWS\srchasst
2007-07-27 20:27:21 0 d-------- C:\WINDOWS\system32\Macromed
2007-07-27 20:27:19 0 d-------- C:\Program Files\Movie Maker
2007-07-27 20:27:14 0 d-------- C:\WINDOWS\system32\Restore
2007-07-27 20:27:14 0 d-------- C:\WINDOWS\PCHealth
2007-07-27 20:26:44 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-27 20:26:41 0 d-------- C:\WINDOWS\Registration
2007-07-27 20:26:38 0 d--h----- C:\Program Files\WindowsUpdate
2007-07-27 20:26:38 0 d-------- C:\Program Files\Online Services
2007-07-27 20:26:35 0 d-------- C:\Program Files\Messenger
2007-07-27 20:26:28 0 d-------- C:\Program Files\MSN Gaming Zone
2007-07-27 20:25:40 0 d-------- C:\Program Files\Windows NT
2007-07-27 20:25:37 0 d-------- C:\WINDOWS\system32\MsDtc
2007-07-27 20:25:36 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2007-08-10 20:11:05 3267 --a------ C:\Documents and Settings\Danny\Application Data\update.log
2007-07-28 03:21:59 62 --ahs---- C:\Documents and Settings\Danny\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [08/22/2004 05:05 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [07/30/2002 11:35 AM]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [08/08/2007 08:38 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/16/2006 02:35 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wmpconf"= {D35A6428-5241-4691-AD44-564887AC4F03} - C:\WINDOWS\wmpconf.dll [ ]
"wmpenv"= {886B5B04-72C6-4D8C-9CA6-EA4E74804ED2} - C:\WINDOWS\wmpenv.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurePCCleaner]
C:\Program Files\SecurePCCleaner\GDC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0917d714-454f-11dc-b1c4-001921f55535}]
AutoRun\command- My Zodiak v03A Setup.exe




-- End of Deckard's System Scanner: finished at 2007-08-12 at 03:05:53 ---------

[don77]

Please delete the current version of smithfraudfix you have the tool has been updated


Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log back here for me please.

IMPORTANT: Do NOT run any other options until you are asked to do so!

[zdanska]

SmitFraudFix v2.211

Scan done at 21:19:05.85, Sun 08/12/2007
Run from C:\Documents and Settings\Danny\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BillingExplorer Ver 4.43 DeskPro 4.0\billing16.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Danny


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Danny\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Danny\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="about:home"
"SubscribedURL"="about:home"
"FriendlyName"="my current home page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 124.81.123.110
DNS Server Search Order: 202.155.0.20

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer=124.81.123.110,202.155.0.20
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer=124.81.123.110,202.155.0.20
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer=124.81.123.110,202.155.0.20


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End