Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My cpu both cores are running on 90% please help [CLOSED]


  • This topic is locked This topic is locked

#1
fagag

fagag

    Member

  • Member
  • PipPip
  • 25 posts
Hi
I did everything as explained, downloaded all the programs scaned my pc saved all the log files
but my cpu is going crazy. both of my cores are working on 80-100% at all time
i cant find why... when i open the task manager it is shown that there is no process thats causing this, when i look at performence its shows 90%.

please help me
im attaching all the log files as requseted
thank u for taking the time to help

Hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:41, on 10/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
D:\Program install files\SpyBot\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\EMULE\emule.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program install files\Avant browser\avant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SpyBot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program install files\SpyBot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\EMULE\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SpyBot\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SpyBot\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program install files\SpyBot\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

--
End of file - 7858 bytes



malware log

Malwarebytes' Anti-Malware 1.20
Database version: 933
Windows 6.0.6001 Service Pack 1

13:00:41 09/07/2008
mbam-log-7-9-2008 (13-00-29).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 115451
Time elapsed: 25 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 28

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\System32\drivers\downld (Trojan.Agent) -> No action taken.

Files Infected:
D:\Program install files\Avant browser\absetup.exe (Rogue.Installer) -> No action taken.
D:\Program install files\Avant browser\uninst.exe (Rogue.Installer) -> No action taken.
C:\Windows\System32\drivers\downld\112195.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\118092.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\1185279.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\1205513.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\1311750.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\1365944.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\1398096.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\14735199.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\14745542.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\14754028.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\15508574.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\158581022.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\160665.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\16126416.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\161476.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\16157787.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\169042.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\180259.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\246465.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\255763.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\278648.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\294171.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\295949.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\313530.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\459142.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\downld\95956.exe (Trojan.Agent) -> No action taken.


uninstall list from hijack

32 Bit HP CIO Components Installer
Adobe Flash Player ActiveX
Adobe Reader 7.1.0
ASUSUpdate
Atheros Communications Inc.® L2 Fast Ethernet Driver
Avant Browser (remove only)
AVG Free 8.0
BS.Player FREE powered by AdVantage
CDDRV_Installer
Command & Conquer Red Alert 2
Command && Conquer Red Alert 2 - Yuri's Revenge
Compatibility Pack for the 2007 Office system
Drive Manager
Drive Manager
DTS+AC3 ֵַֺֽ
ffdshow [rev 2019] [2008-06-22]
GOM Player
HijackThis 2.0.2
HP Deskjet All-In-One Software 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Solution Center 8.0
HP Update
Indeo® Software
Java™ 6 Update 5
KhalInstallWrapper
K-Lite Codec Pack 2.72 Full
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Nero 8
neroxml
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
NVIDIA Drivers
Panda ActiveScan 2.0
PC Connectivity Solution
Realtek High Definition Audio Driver
Revo Uninstaller 1.71
SideShow GMail
Skype™ 3.8
SOP P2P TV Driver
SopCast 2.0.4
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
System Requirements Lab
TLN eMule Booster MOD
VCRedistSetup
Westwood Shared Internet Components
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Live Messenger
Windows Sound Schemes
WinRAR archiver

Active scan with panda

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-07-09 14:50:00
PROTECTIONS: 1
MALWARE: 2
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Windows Defender 1.1.3704.0 No No
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
02377451 Adware/SaveNow Adware No 0 No No D:\Program install files\BSP PLAYER\bsplayer227.958_clip.exe[AdVantageSetup.exe]
03021075 Adware/MediaAdvantage Adware No 0 Yes No C:\Program Files\AdVantage\AdVUninst.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location :%�`�� s5
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description :%�`�� s5
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================


thank u!!!!!
  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following....


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator



Regards
fenzodahl512
  • 0

#3
fagag

fagag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
HI and thanks for the time

main:

Deckard's System Scanner v20071014.68
Run by 007 on 2008-07-12 16:58:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
6: 2008-07-11 14:07:39 UTC - RP213 - Device Driver Package Install: NVIDIA Display adapters
5: 2008-07-11 06:15:25 UTC - RP212 - Windows Update
4: 2008-07-09 22:21:26 UTC - RP211 - Scheduled Checkpoint
3: 2008-07-09 10:11:54 UTC - RP210 - Installed SUPERAntiSpyware Free Edition
2: 2008-07-09 09:27:53 UTC - RP209 - before doing the first try 9.7.08


-- First Restore Point --
1: 2008-07-09 07:55:13 UTC - RP208 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as 007.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:26, on 12/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Windows\sm56hlpr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
D:\Program install files\SpyBot\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\EMULE\emule.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\007\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\007.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SpyBot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program install files\SpyBot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\EMULE\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SpyBot\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SpyBot\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program install files\SpyBot\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

--
End of file - 7849 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 io02 (Hardware Access Driver) - \??\c:\windows\system32\io02.sys
S3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: PS/2 Keyboard
Device ID: ACPI\PNP0303\4&2E2B2FDC&0
Manufacturer: Logitech
Name: PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&2E2B2FDC&0
Service: i8042prt


-- Files created between 2008-06-12 and 2008-07-12 -----------------------------

2008-07-09 13:26:37 0 d-------- C:\Program Files\Panda Security
2008-07-09 13:12:19 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-07-09 13:12:08 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-09 12:33:09 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-09 12:33:09 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 12:14:50 0 d-------- C:\Program Files\Trend Micro
2008-07-07 14:49:30 0 d-------- C:\Program Files\VS Revo Group
2008-07-05 19:51:21 0 d-------- C:\Users\All Users\WEBREG
2008-07-05 19:45:58 0 d-------- C:\Program Files\Common Files\HP
2008-07-05 19:45:37 0 d-------- C:\Program Files\Hewlett-Packard
2008-07-05 19:45:26 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-07-05 19:43:53 0 d-------- C:\Program Files\HP
2008-07-05 19:41:57 143913 --a------ C:\Windows\hpoins12.dat
2008-07-05 19:41:49 0 d-------- C:\Users\All Users\Hewlett-Packard
2008-07-05 19:41:45 0 d-------- C:\Users\All Users\HP
2008-07-05 19:41:28 258048 --a------ C:\Windows\system32\hpzids01.dll <Not Verified; Hewlett-Packard; HP Installer>
2008-07-05 19:41:26 117760 --a------ C:\Windows\system32\hpzll4v2.dll <Not Verified; Hewlett-Packard Company; Language Monitor>
2008-07-05 19:23:30 0 d-------- C:\Windows\Motorola
2008-06-30 14:50:12 60273 --a------ C:\Windows\system32\pthreadGC2.dll <PTHREA~1.DLL> <Not Verified; Open Source Software community project; >
2008-06-28 16:27:56 0 d-------- C:\Program Files\MSECache
2008-06-27 15:59:38 0 d-------- C:\Users\All Users\NVIDIA
2008-06-27 15:46:42 0 d-------- C:\NVIDIA
2008-06-27 15:09:07 0 d-------- C:\Program Files\SystemRequirementsLab
2008-06-21 17:06:05 0 d-------- C:\Westwood
2008-06-20 20:48:49 56 --ah----- C:\Windows\system32\ezsidmv.dat
2008-06-20 20:46:09 0 d-------- C:\Program Files\Common Files\Skype
2008-06-20 20:45:09 0 d-------- C:\Users\All Users\Skype
2008-06-13 18:37:06 56320 -----n--- C:\Windows\system32\iyvu9_32.dll
2008-06-13 18:37:06 136704 --a------ C:\Windows\system32\iacenc.dll <Not Verified; Ligos Corporation; Indeo® Audio Software>
2008-06-13 18:37:06 0 d-------- C:\Program Files\Ligos
2008-06-13 18:35:47 306688 --a------ C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-06-13 17:01:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-12 15:38:35 0 d-------- C:\Program Files\PacificPoker


-- Find3M Report ---------------------------------------------------------------

2008-07-10 10:41:19 0 d-------- C:\Program Files\Windows Mail
2008-07-09 13:12:08 0 d-------- C:\Users\007\AppData\Roaming\SUPERAntiSpyware.com
2008-07-09 12:33:12 0 d-------- C:\Users\007\AppData\Roaming\Malwarebytes
2008-07-09 12:32:55 0 d-------- C:\Users\007\AppData\Roaming\Download Manager
2008-07-05 20:07:22 0 d-------- C:\Users\007\AppData\Roaming\Printer Info Cache
2008-07-05 20:07:22 0 d-------- C:\Users\007\AppData\Roaming\Image Zone Express
2008-07-05 19:55:23 0 d-------- C:\Users\007\AppData\Roaming\HP
2008-07-05 19:45:58 0 d-------- C:\Program Files\Common Files
2008-06-29 11:07:40 0 d-------- C:\Program Files\Common Files\Nero
2008-06-27 21:19:08 123242 --a------ C:\Users\007\AppData\Roaming\NMM-MetaData.db
2008-06-22 20:33:00 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-06-20 20:50:40 0 d-------- C:\Users\007\AppData\Roaming\Skype
2008-06-20 20:48:49 0 d-------- C:\Users\007\AppData\Roaming\skypePM
2008-06-11 17:06:46 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-06-10 15:46:37 2656 --a------ C:\Windows\system32\io02.sys
2008-06-04 22:21:39 0 -rahs---- C:\MSDOS.SYS
2008-06-04 22:21:39 0 -rahs---- C:\IO.SYS
2008-06-04 21:56:40 0 d-------- C:\Program Files\AdVantage
2008-05-31 12:27:08 14 --a------ C:\Windows\system32\systeminfo.dll <SYSTEM~1.DLL>
2008-05-24 15:03:17 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-21 19:19:12 0 d-------- C:\Program Files\Microsoft Silverlight


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 10:38 AM]
"RtHDVCpl"="RtHDVCpl.exe" [10/31/2007 01:35 PM C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [10/11/2007 12:04 PM C:\Windows\SkyTel.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11/29/2007 03:17 AM C:\Windows\KHALMNPR.Exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/03/2008 10:21 PM]
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [10/09/2007 04:21 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"SMSERIAL"="sm56hlpr.exe" [04/23/2003 03:48 PM C:\Windows\sm56hlpr.exe]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [05/16/2008 02:01 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [05/16/2008 02:01 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/19/2008 10:33 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [01/19/2008 10:33 AM]
"SpybotSD TeaTimer"="D:\Program install files\SpyBot\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/19/2008 10:33 AM]
"eMuleAutoStart"="D:\EMULE\emule.exe" [04/05/2008 03:14 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [13/03/2008 19:11:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [07/10/2008 10:45 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 07/10/2008 10:45 AM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^007^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Users\007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\Windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\basicsmssmenu]
"C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
"C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
GPSvcGroup GPSvc
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{179a016b-0586-11dd-b90c-001bfcaeee9b}]
AutoRun\command- F:\autorun.exe
readit\command- notepad readme.doc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b1acb80-eea4-11dc-a6af-001bfcaeee9b}]
open\Command- F:\shell.exe -s


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8724 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-12 17:02:03 ------------

extra:


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU E4600 @ 2.40GHz
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 2046.51 MiB / 1015.27 MiB
Pagefile Memory (total/avail): 4338.28 MiB / 2934.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1857.02 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 39.06 GiB total, 11.63 GiB free.
D: is Fixed (NTFS) - 109.99 GiB total, 52.63 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HDS721616PLA380 ATA Device - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 39.06 GiB - C:
\PARTITION1 - Installable File System - 109.99 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
AS: AVG Anti-Virus Free v8.0 (AVG Technologies) Disabled
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.) Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: SUPERAntiSpyware v4, 15, 0, 1000 (SUPERAntiSpyware.com) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\007\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TAMIR
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\007
LOCALAPPDATA=C:\Users\007\AppData\Local
LOGONSERVER=\\TAMIR
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\AVG\AVG8
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\007\AppData\Local\Temp
TMP=C:\Users\007\AppData\Local\Temp
USERDOMAIN=TAMIR
USERNAME=007
USERPROFILE=C:\Users\007
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

007 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
ASUSUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
Atheros Communications Inc.® L2 Fast Ethernet Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A755762-EED8-47AB-A446-505766F93D43}\setup.exe" -l0x9 -removeonly
Avant Browser (remove only) --> "D:\Program install files\Avant browser\uninst.exe"
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BS.Player FREE powered by AdVantage --> "C:\Program Files\Webteh\BSplayer\uninstall.exe"
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Command & Conquer Red Alert 2 --> C:\Westwood\RA2\Uninstll.EXE
Command && Conquer Red Alert 2 - Yuri's Revenge --> C:\Westwood\RA2\Uninstll.EXE
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Drive Manager --> "C:\Program Files\InstallShield Installation Information\{48B0F38D-1913-44F3-99AA-D4C55A2B038E}\setup.exe" -runfromtemp -l0x0409 -removeonly
Drive Manager --> MsiExec.exe /I{48B0F38D-1913-44F3-99AA-D4C55A2B038E}
DTS+AC3 ֵַֺֽ --> "C:\Program Files\DtsFilter\uninstall.exe"
ffdshow [rev 2019] [2008-06-22] --> "C:\Program Files\K-Lite Codec Pack\ffdshow\unins000.exe"
GOM Player --> "D:\Program install files\Gom player\GomPlayer\Uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Deskjet All-In-One Software 8.0 --> C:\Program Files\HP\Digital Imaging\{24557DC0-0839-496f-82F9-C4EB72EFE4FA}\setup\hpzscr01.exe -datfile hposcr12.dat
HP Imaging Device Functions 8.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Solution Center 8.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Indeo® Software --> C:\Windows\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 2.72 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011040D-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 8 --> MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia PC Suite --> C:\ProgramData\Installations\{0FC76B71-2534-4354-B255-3468578E3F47}\Nokia_PC_Suite_rel_6_86_9_0_eng_us.exe
Nokia PC Suite --> MsiExec.exe /I{0FC76B71-2534-4354-B255-3468578E3F47}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC Connectivity Solution --> MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Revo Uninstaller 1.71 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
SideShow GMail --> MsiExec.exe /I{C0B71676-17F8-444B-8A54-314EB4EC1E72}
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SOP P2P TV Driver --> C:\Windows\iun6002.exe "D:\EMULE\irunin.ini"
SopCast 2.0.4 --> D:\Program install files\SopCast\uninst.exe
Spybot - Search & Destroy --> "D:\Program install files\SpyBot\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TLN eMule Booster MOD --> C:\Windows\iun6002.exe "D:\EMULE\irunin.ini"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Westwood Shared Internet Components --> C:\Westwood\Internet\UnstllAP.EXE
Windows Driver Package - Nokia Modem (03/05/2008 3.7) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ce5ad925\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_674398ba\nokbtmdm.inf
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7837a5db\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ee12375f\nokia_bluetooth.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Sound Schemes --> RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type6251 / Success
Event Submitted/Written: 07/12/2008 04:47:16 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type6244 / Success
Event Submitted/Written: 07/11/2008 05:48:40 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type6243 / Success
Event Submitted/Written: 07/11/2008 05:48:39 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type6241 / Success
Event Submitted/Written: 07/11/2008 05:48:28 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type6217 / Error
Event Submitted/Written: 07/11/2008 04:45:20 PM
Event ID/Source: 33 / SideBySide
Event Description:
Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type47495 / Warning
Event Submitted/Written: 07/12/2008 05:00:41 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%TAMIR27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %TAMIR27 can't undo changes that you allow.

For more information please see the following:
%TAMIR275

Scan ID: {4FB5ADC0-DB36-4FA1-902D-93B675FE8E90}

User: TAMIR\007

Name: %TAMIR271

ID: %TAMIR272

Severity ID: %TAMIR273

Category ID: %TAMIR274

Path Found: %TAMIR276

Alert Type: %TAMIR278

Detection Type: 1.1.1600.02

Event Record #/Type47494 / Warning
Event Submitted/Written: 07/12/2008 05:00:41 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%TAMIR27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %TAMIR27 can't undo changes that you allow.

For more information please see the following:
%TAMIR275

Scan ID: {5272E9DD-1C91-43D9-A024-74F2FCAE64A4}

User: TAMIR\007

Name: %TAMIR271

ID: %TAMIR272

Severity ID: %TAMIR273

Category ID: %TAMIR274

Path Found: %TAMIR276

Alert Type: %TAMIR278

Detection Type: 1.1.1600.02

Event Record #/Type47493 / Warning
Event Submitted/Written: 07/12/2008 05:00:41 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%TAMIR27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %TAMIR27 can't undo changes that you allow.

For more information please see the following:
%TAMIR275

Scan ID: {EE1518A0-380F-451C-B6A5-8CCF4A3A7CA1}

User: TAMIR\007

Name: %TAMIR271

ID: %TAMIR272

Severity ID: %TAMIR273

Category ID: %TAMIR274

Path Found: %TAMIR276

Alert Type: %TAMIR278

Detection Type: 1.1.1600.02

Event Record #/Type47492 / Warning
Event Submitted/Written: 07/12/2008 05:00:41 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%TAMIR27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %TAMIR27 can't undo changes that you allow.

For more information please see the following:
%TAMIR275

Scan ID: {869FF143-07AB-4452-BC85-1BA0CDE5B8B0}

User: TAMIR\007

Name: %TAMIR271

ID: %TAMIR272

Severity ID: %TAMIR273

Category ID: %TAMIR274

Path Found: %TAMIR276

Alert Type: %TAMIR278

Detection Type: 1.1.1600.02

Event Record #/Type47483 / Warning
Event Submitted/Written: 07/12/2008 04:46:46 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-07-12 17:02:03 ------------



thanks again
  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. Please don't edit your log (font and size).. Please just post the log as it is...

Please do the following...


Please go to Start >> Run and type or copy/paste the following in the run box: "%userprofile%\desktop\dss.exe" /daft . Then press Enter
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.



NEXT


Please show hidden files and folders. Please visit HERE if you don't know how.

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • c:\windows\system32\io02.sys
  • Click on the submit button
  • Please post the results in your next reply.
If Jotti server is too busy, please submit the file to VirusTotal instead.




NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    F:\autorun.exe
    F:\shell.exe
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{179a016b-0586-11dd-b90c-001bfcaeee9b}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b1acb80-eea4-11dc-a6af-001bfcaeee9b}
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



Please post the following logs in your next reply.. Please post each log in separate post...

1. Jotti/VirusTotal result
2. Kaspersky Webscanner
3. A fresh Deckard System Scanner log (after Kaspersky step)


Regards
fenzodahl512
  • 0

#5
fagag

fagag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hi
here it goes:

Scan taken on 12 Jul 2008 16:59:55 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing










Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, July 12, 2008 7:53:13 PM
Operating System: Microsoft Windows Vista Professional, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/07/2008
Kaspersky Anti-Virus database records: 944774
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 87885
Number of viruses found: 1
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 01:21:51

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\ProgramData\avg8\Log\avgcore.log Object is locked skipped
C:\ProgramData\avg8\Log\avgrs.log Object is locked skipped
C:\ProgramData\avg8\Log\avgsched.log Object is locked skipped
C:\ProgramData\avg8\Log\avgui.log Object is locked skipped
C:\ProgramData\avg8\Log\avgwd.log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2a5d33b98249900577daa0a712d93fd1_00fe0c57-fb6a-452a-b8ca-95f846484def Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bc606ed4f0f4214ef48166bbb2cd6dd2_00fe0c57-fb6a-452a-b8ca-95f846484def Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.64.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.64.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy65.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfAA81.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfAA82.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050107.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_E258_BE72_58BE_44D7\dfsr.db Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_E258_BE72_58BE_44D7\fsr.log Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_E258_BE72_58BE_44D7\fsrtmp.log Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_E258_BE72_58BE_44D7\tmp.edb Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008071220080713\index.dat Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0RP3HEXY\glglz[1].dat Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Windows\UsrClass.dat{b6514700-1436-11dd-98a8-001bfcaeee9b}.TM.blf Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Windows\UsrClass.dat{b6514700-1436-11dd-98a8-001bfcaeee9b}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Windows\UsrClass.dat{b6514700-1436-11dd-98a8-001bfcaeee9b}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Windows Defender\FileTracker\{0DC58A6F-25DA-4369-A46A-7A36C68EB643} Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNSD.XML Object is locked skipped
C:\Users\007\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\007\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\007\AppData\Local\Temp\~DF7618.tmp Object is locked skipped
C:\Users\007\AppData\Local\Temp\~DF7625.tmp Object is locked skipped
C:\Users\007\AppData\Local\Temp\~DFCA9.tmp Object is locked skipped
C:\Users\007\AppData\Local\Temp\~DFCB5.tmp Object is locked skipped
C:\Users\007\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\007\NTUSER.DAT Object is locked skipped
C:\Users\007\ntuser.dat.LOG1 Object is locked skipped
C:\Users\007\ntuser.dat.LOG2 Object is locked skipped
C:\Users\007\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Users\007\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\007\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\CSC\v2.0.6\pq Object is locked skipped
C:\Windows\CSC\v2.0.6\temp\ea-{406c99d4-f749-11dc-bb7c-001bfcaeee9b} Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ModemLogs\ModemLog_Motorola SM56 Speakerphone Modem.txt Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\FXSSVCDebugLogFile.txt Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\FXSTIFFDebugLogFile.txt Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{48B65830-0F20-4DFB-88A8-70726D43F64F}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\drivers\sptd.sys Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.003 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\ACEEventLog.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Backup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
D:\EMULE\Incoming\Season 2\Wire,.The.2x04.Hard.Cases.DVDRip.XviD-Thomilla.[tvu.org.ru].avi Object is locked skipped
D:\EMULE\Incoming\Spanish\Learn to speak English 9_by_amit133.rar/Learn to speak English 9/Learn.to.speak.English.9.CD1.iso/INSTALL/BRODCAST/DSSAGENT.EXE;1 Infected: not-a-virus:AdWare.Win32.Background skipped
D:\EMULE\Incoming\Spanish\Learn to speak English 9_by_amit133.rar/Learn to speak English 9/Learn.to.speak.English.9.CD1.iso Infected: not-a-virus:AdWare.Win32.Background skipped
D:\EMULE\Incoming\Spanish\Learn to speak English 9_by_amit133.rar RAR: infected - 2 skipped
D:\EMULE\Temp\001.part Object is locked skipped
D:\EMULE\Temp\002.part Object is locked skipped
D:\EMULE\Temp\003.part Object is locked skipped
D:\EMULE\Temp\004.part Object is locked skipped
D:\EMULE\Temp\005.part Object is locked skipped
D:\EMULE\Temp\006.part Object is locked skipped
D:\EMULE\Temp\010.part Object is locked skipped
D:\EMULE\Temp\014.part Object is locked skipped
D:\EMULE\Temp\017.part Object is locked skipped
D:\EMULE\Temp\019.part Object is locked skipped
D:\EMULE\Temp\021.part Object is locked skipped
D:\EMULE\Temp\022.part Object is locked skipped
D:\EMULE\Temp\023.part Object is locked skipped
D:\EMULE\Temp\025.part Object is locked skipped
D:\EMULE\Temp\028.part Object is locked skipped
D:\EMULE\Temp\029.part Object is locked skipped
D:\EMULE\Temp\030.part Object is locked skipped
D:\EMULE\Temp\032.part Object is locked skipped
D:\EMULE\Temp\034.part Object is locked skipped
D:\EMULE\Temp\042.part Object is locked skipped
D:\EMULE\Temp\043.part Object is locked skipped
D:\EMULE\Temp\044.part Object is locked skipped
D:\EMULE\Temp\047.part Object is locked skipped
D:\EMULE\Temp\048.part Object is locked skipped
D:\EMULE\Temp\049.part Object is locked skipped
D:\EMULE\Temp\050.part Object is locked skipped
D:\EMULE\Temp\051.part Object is locked skipped
D:\EMULE\Temp\052.part Object is locked skipped
D:\EMULE\Temp\054.part Object is locked skipped
D:\EMULE\Temp\055.part Object is locked skipped
D:\EMULE\Temp\056.part Object is locked skipped
D:\EMULE\Temp\058.part Object is locked skipped
D:\EMULE\Temp\059.part Object is locked skipped
D:\EMULE\Temp\060.part Object is locked skipped
D:\EMULE\Temp\061.part Object is locked skipped
D:\EMULE\Temp\062.part Object is locked skipped
D:\EMULE\Temp\069.part Object is locked skipped

Scan process completed.





DSS:
Deckard's System Scanner v20071014.68
Run by 007 on 2008-07-12 20:00:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as 007.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:03, on 12/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Windows\sm56hlpr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
D:\Program install files\SpyBot\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
D:\Program install files\Avant browser\avant.exe
D:\EMULE\emule.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\007\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\007.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SpyBot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program install files\SpyBot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\EMULE\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SpyBot\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SpyBot\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program install files\SpyBot\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

--
End of file - 8078 bytes

-- Files created between 2008-06-12 and 2008-07-12 -----------------------------

2008-07-12 18:15:32 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-07-12 18:15:31 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-07-09 13:26:37 0 d-------- C:\Program Files\Panda Security
2008-07-09 13:12:19 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-07-09 13:12:08 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-09 12:33:09 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-09 12:33:09 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 12:14:50 0 d-------- C:\Program Files\Trend Micro
2008-07-07 14:49:30 0 d-------- C:\Program Files\VS Revo Group
2008-07-05 19:51:21 0 d-------- C:\Users\All Users\WEBREG
2008-07-05 19:45:58 0 d-------- C:\Program Files\Common Files\HP
2008-07-05 19:45:37 0 d-------- C:\Program Files\Hewlett-Packard
2008-07-05 19:45:26 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-07-05 19:43:53 0 d-------- C:\Program Files\HP
2008-07-05 19:41:57 143913 --a------ C:\Windows\hpoins12.dat
2008-07-05 19:41:49 0 d-------- C:\Users\All Users\Hewlett-Packard
2008-07-05 19:41:45 0 d-------- C:\Users\All Users\HP
2008-07-05 19:41:28 258048 --a------ C:\Windows\system32\hpzids01.dll <Not Verified; Hewlett-Packard; HP Installer>
2008-07-05 19:41:26 117760 --a------ C:\Windows\system32\hpzll4v2.dll <Not Verified; Hewlett-Packard Company; Language Monitor>
2008-07-05 19:23:30 0 d-------- C:\Windows\Motorola
2008-06-30 14:50:12 60273 --a------ C:\Windows\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-06-28 16:27:56 0 d-------- C:\Program Files\MSECache
2008-06-27 15:59:38 0 d-------- C:\Users\All Users\NVIDIA
2008-06-27 15:46:42 0 d-------- C:\NVIDIA
2008-06-27 15:09:07 0 d-------- C:\Program Files\SystemRequirementsLab
2008-06-21 17:06:05 0 d-------- C:\Westwood
2008-06-20 20:48:49 56 --ah----- C:\Windows\system32\ezsidmv.dat
2008-06-20 20:46:09 0 d-------- C:\Program Files\Common Files\Skype
2008-06-20 20:45:09 0 d-------- C:\Users\All Users\Skype
2008-06-13 18:37:06 56320 -----n--- C:\Windows\system32\iyvu9_32.dll
2008-06-13 18:37:06 136704 --a------ C:\Windows\system32\iacenc.dll <Not Verified; Ligos Corporation; Indeo® Audio Software>
2008-06-13 18:37:06 0 d-------- C:\Program Files\Ligos
2008-06-13 18:35:47 306688 --a------ C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-06-13 17:01:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-12 15:38:35 0 d-------- C:\Program Files\PacificPoker


-- Find3M Report ---------------------------------------------------------------

2008-07-10 10:41:19 0 d-------- C:\Program Files\Windows Mail
2008-07-09 13:12:08 0 d-------- C:\Users\007\AppData\Roaming\SUPERAntiSpyware.com
2008-07-09 12:33:12 0 d-------- C:\Users\007\AppData\Roaming\Malwarebytes
2008-07-09 12:32:55 0 d-------- C:\Users\007\AppData\Roaming\Download Manager
2008-07-05 20:07:22 0 d-------- C:\Users\007\AppData\Roaming\Printer Info Cache
2008-07-05 20:07:22 0 d-------- C:\Users\007\AppData\Roaming\Image Zone Express
2008-07-05 19:55:23 0 d-------- C:\Users\007\AppData\Roaming\HP
2008-07-05 19:45:58 0 d-------- C:\Program Files\Common Files
2008-06-29 11:07:40 0 d-------- C:\Program Files\Common Files\Nero
2008-06-27 21:19:08 123242 --a------ C:\Users\007\AppData\Roaming\NMM-MetaData.db
2008-06-22 20:33:00 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-06-20 20:50:40 0 d-------- C:\Users\007\AppData\Roaming\Skype
2008-06-20 20:48:49 0 d-------- C:\Users\007\AppData\Roaming\skypePM
2008-06-11 17:06:46 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-06-10 15:46:37 2656 --a------ C:\Windows\system32\io02.sys
2008-06-04 22:21:39 0 -rahs---- C:\MSDOS.SYS
2008-06-04 22:21:39 0 -rahs---- C:\IO.SYS
2008-06-04 21:56:40 0 d-------- C:\Program Files\AdVantage
2008-05-31 12:27:08 14 --a------ C:\Windows\system32\systeminfo.dll
2008-05-24 15:03:17 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-21 19:19:12 0 d-------- C:\Program Files\Microsoft Silverlight


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 10:38 AM]
"RtHDVCpl"="RtHDVCpl.exe" [10/31/2007 01:35 PM C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [10/11/2007 12:04 PM C:\Windows\SkyTel.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11/29/2007 03:17 AM C:\Windows\KHALMNPR.Exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/03/2008 10:21 PM]
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [10/09/2007 04:21 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"SMSERIAL"="sm56hlpr.exe" [04/23/2003 03:48 PM C:\Windows\sm56hlpr.exe]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [05/16/2008 02:01 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [05/16/2008 02:01 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/19/2008 10:33 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [01/19/2008 10:33 AM]
"SpybotSD TeaTimer"="D:\Program install files\SpyBot\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/19/2008 10:33 AM]
"eMuleAutoStart"="D:\EMULE\emule.exe" [04/05/2008 03:14 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [13/03/2008 19:11:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [07/10/2008 10:45 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 07/10/2008 10:45 AM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^007^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Users\007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\Windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\basicsmssmenu]
"C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
"C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
GPSvcGroup GPSvc
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration



-- End of Deckard's System Scanner: finished at 2008-07-12 20:01:32 ------------


thanks again
cheers
jerby
  • 0

#6
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
How is your computer doing now?
  • 0

#7
fagag

fagag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
one core is 70 %
the second is 35%

every few second both of them jumps to 100%

kaspersky found some infections, maybe that is the problem?
  • 0

#8
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Lets see what is inside your computer...


Please download Process Explorer by SysInternals and unzip it to your Desktop..
  • Doubleclick procexp.exe and click on File >> Save As
  • Save it as Procexp.txt in your Desktop..
  • Post the content of Procexp.txt in your next reply..

  • 0

#9
fagag

fagag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Process PID CPU Description Company Name
System Idle Process 0 69.71
Interrupts n/a 25.56 Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4 0.77
smss.exe 456 Windows Session Manager Microsoft Corporation
csrss.exe 524 Client Server Runtime Process Microsoft Corporation
wininit.exe 576 Windows Start-Up Application Microsoft Corporation
services.exe 628 Services and Controller app Microsoft Corporation
svchost.exe 888 Host Process for Windows Services Microsoft Corporation
ehmsas.exe 2608 Media Center Media Status Aggregator Service Microsoft Corporation
unsecapp.exe 1608 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
WmiPrvSE.exe 3484 WMI Provider Host Microsoft Corporation
nvvsvc.exe 936 NVIDIA Driver Helper Service, Version 175.19 NVIDIA Corporation
rundll32.exe 1452 Windows host process (Rundll32) Microsoft Corporation
svchost.exe 964 Host Process for Windows Services Microsoft Corporation
svchost.exe 1004 Host Process for Windows Services Microsoft Corporation
Ati2evxx.exe 1096 ATI External Event Utility EXE Module ATI Technologies Inc.
Ati2evxx.exe 1652 ATI External Event Utility EXE Module ATI Technologies Inc.
svchost.exe 1112 Host Process for Windows Services Microsoft Corporation
audiodg.exe 1276 Windows Audio Device Graph Isolation Microsoft Corporation
svchost.exe 1144 Host Process for Windows Services Microsoft Corporation
dwm.exe 204 0.77 Desktop Window Manager Microsoft Corporation
svchost.exe 1160 Host Process for Windows Services Microsoft Corporation
taskeng.exe 2012 Task Scheduler Engine Microsoft Corporation
taskeng.exe 1504 Task Scheduler Engine Microsoft Corporation
svchost.exe 1324 Host Process for Windows Services Microsoft Corporation
SLsvc.exe 1364 Microsoft Software Licensing Service Microsoft Corporation
svchost.exe 1404 Host Process for Windows Services Microsoft Corporation
svchost.exe 1568 Host Process for Windows Services Microsoft Corporation
spoolsv.exe 1880 Spooler SubSystem App Microsoft Corporation
svchost.exe 1928 Host Process for Windows Services Microsoft Corporation
avgwdsvc.exe 2760 AVG Watchdog Service AVG Technologies CZ, s.r.o.
avgrsx.exe 3600 AVG Resident Shield Service AVG Technologies CZ, s.r.o.
SyncServicesBasics.exe 2796 Sync Windows Services Seagate Technology LLC
svchost.exe 2828 Host Process for Windows Services Microsoft Corporation
svchost.exe 2908 Host Process for Windows Services Microsoft Corporation
svchost.exe 3008 Host Process for Windows Services Microsoft Corporation
svchost.exe 3068 Host Process for Windows Services Microsoft Corporation
svchost.exe 3688 Host Process for Windows Services Microsoft Corporation
SearchIndexer.exe 3756 0.77 Microsoft Windows Search Indexer Microsoft Corporation
SearchProtocolHost.exe 2388 Microsoft Windows Search Protocol Host Microsoft Corporation
SearchFilterHost.exe 4320 Microsoft Windows Search Filter Host Microsoft Corporation
FXSSVC.exe 3888 Fax Service Microsoft Corporation
SDWinSec.exe 2096 Spybot-S&D Security Center integration Safer Networking Ltd.
wmpnetwk.exe 1044 Windows Media Player Network Sharing Service Microsoft Corporation
usnsvc.exe 5604 Messenger Sharing USN Journal Reader Service Microsoft Corporation
ServiceLayer.exe 2532 ServiceLayer Module Nokia.
NclUSBSrv.exe 4120 NclUSBSrv Application
NclRSSrv.exe 5968 NclRSSrv Application
lsass.exe 676 Local Security Authority Process Microsoft Corporation
lsm.exe 684 Local Session Manager Service Microsoft Corporation
csrss.exe 588 Client Server Runtime Process Microsoft Corporation
winlogon.exe 816 Windows Logon Application Microsoft Corporation
explorer.exe 4816 Windows Explorer Microsoft Corporation
procexp.exe 5760 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
MSASCui.exe 2220 Windows Defender User Interface Microsoft Corporation
RtHDVCpl.exe 2228 HD Audio Control Panel Realtek Semiconductor
jusched.exe 2244 Java™ Platform SE binary Sun Microsystems, Inc.
avgtray.exe 2268 AVG Tray Monitor AVG Technologies CZ, s.r.o.
MaxMenuMgrBasics.exe 2276 Maxtor Status Icon Maxtor Corporation
sm56hlpr.exe 2340 Motorola SM56 Win32 Utility Motorola Inc.
rundll32.exe 2360 Windows host process (Rundll32) Microsoft Corporation
sidebar.exe 2428 Windows Sidebar Microsoft Corporation
sidebar.exe 3512 Windows Sidebar Microsoft Corporation
ehtray.exe 2500 Media Center Tray Applet Microsoft Corporation
TeaTimer.exe 2540 System settings protector Safer Networking Limited
wmpnscfg.exe 2560 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
SetPoint.exe 2576 Logitech SetPoint Event Manager (UNICODE) Logitech, Inc.
KHALMNPR.exe 2976 Logitech KHAL Main Process Logitech, Inc.
conime.exe 4176 Console IME Microsoft Corporation
conime.exe 4836 Console IME Microsoft Corporation
avant.exe 3776 Avant Browser Avant Force
emule.exe 3712 1.55 eMule http://www.emule-project.net
bsplayer.exe 5420 BSPlayer AB Team
  • 0

#10
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
somehow your log has beed cutoff.. please attach the file here..
  • 0

Advertisements


#11
fagag

fagag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Process PID CPU Description Company Name
System Idle Process 0 46.52
Interrupts n/a 25.59 Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 456 Windows Session Manager Microsoft Corporation
csrss.exe 524 Client Server Runtime Process Microsoft Corporation
wininit.exe 576 Windows Start-Up Application Microsoft Corporation
services.exe 628 Services and Controller app Microsoft Corporation
svchost.exe 888 Host Process for Windows Services Microsoft Corporation
ehmsas.exe 2608 Media Center Media Status Aggregator Service Microsoft Corporation
unsecapp.exe 1608 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
WmiPrvSE.exe 3484 WMI Provider Host Microsoft Corporation
nvvsvc.exe 936 NVIDIA Driver Helper Service, Version 175.19 NVIDIA Corporation
rundll32.exe 1452 Windows host process (Rundll32) Microsoft Corporation
svchost.exe 964 Host Process for Windows Services Microsoft Corporation
svchost.exe 1004 Host Process for Windows Services Microsoft Corporation
Ati2evxx.exe 1096 ATI External Event Utility EXE Module ATI Technologies Inc.
Ati2evxx.exe 1652 ATI External Event Utility EXE Module ATI Technologies Inc.
svchost.exe 1112 Host Process for Windows Services Microsoft Corporation
audiodg.exe 1276 Windows Audio Device Graph Isolation Microsoft Corporation
svchost.exe 1144 Host Process for Windows Services Microsoft Corporation
dwm.exe 204 1.55 Desktop Window Manager Microsoft Corporation
svchost.exe 1160 0.78 Host Process for Windows Services Microsoft Corporation
taskeng.exe 2012 Task Scheduler Engine Microsoft Corporation
taskeng.exe 1504 Task Scheduler Engine Microsoft Corporation
svchost.exe 1324 Host Process for Windows Services Microsoft Corporation
SLsvc.exe 1364 Microsoft Software Licensing Service Microsoft Corporation
svchost.exe 1404 Host Process for Windows Services Microsoft Corporation
svchost.exe 1568 Host Process for Windows Services Microsoft Corporation
spoolsv.exe 1880 Spooler SubSystem App Microsoft Corporation
svchost.exe 1928 Host Process for Windows Services Microsoft Corporation
avgwdsvc.exe 2760 AVG Watchdog Service AVG Technologies CZ, s.r.o.
avgrsx.exe 3600 19.38 AVG Resident Shield Service AVG Technologies CZ, s.r.o.
SyncServicesBasics.exe 2796 Sync Windows Services Seagate Technology LLC
svchost.exe 2828 Host Process for Windows Services Microsoft Corporation
svchost.exe 2908 Host Process for Windows Services Microsoft Corporation
svchost.exe 3008 Host Process for Windows Services Microsoft Corporation
svchost.exe 3068 Host Process for Windows Services Microsoft Corporation
svchost.exe 3688 Host Process for Windows Services Microsoft Corporation
SearchIndexer.exe 3756 Microsoft Windows Search Indexer Microsoft Corporation
FXSSVC.exe 3888 Fax Service Microsoft Corporation
SDWinSec.exe 2096 Spybot-S&D Security Center integration Safer Networking Ltd.
wmpnetwk.exe 1044 Windows Media Player Network Sharing Service Microsoft Corporation
usnsvc.exe 5604 Messenger Sharing USN Journal Reader Service Microsoft Corporation
ServiceLayer.exe 2532 ServiceLayer Module Nokia.
NclUSBSrv.exe 4120 NclUSBSrv Application
NclRSSrv.exe 5968 NclRSSrv Application
lsass.exe 676 Local Security Authority Process Microsoft Corporation
lsm.exe 684 Local Session Manager Service Microsoft Corporation
csrss.exe 588 Client Server Runtime Process Microsoft Corporation
winlogon.exe 816 Windows Logon Application Microsoft Corporation
explorer.exe 4816 3.10 Windows Explorer Microsoft Corporation
procexp.exe 6040 0.78 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
MSASCui.exe 2220 Windows Defender User Interface Microsoft Corporation
RtHDVCpl.exe 2228 HD Audio Control Panel Realtek Semiconductor
jusched.exe 2244 Java™ Platform SE binary Sun Microsystems, Inc.
avgtray.exe 2268 AVG Tray Monitor AVG Technologies CZ, s.r.o.
MaxMenuMgrBasics.exe 2276 Maxtor Status Icon Maxtor Corporation
sm56hlpr.exe 2340 Motorola SM56 Win32 Utility Motorola Inc.
rundll32.exe 2360 Windows host process (Rundll32) Microsoft Corporation
sidebar.exe 2428 Windows Sidebar Microsoft Corporation
sidebar.exe 3512 Windows Sidebar Microsoft Corporation
ehtray.exe 2500 Media Center Tray Applet Microsoft Corporation
TeaTimer.exe 2540 System settings protector Safer Networking Limited
wmpnscfg.exe 2560 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
SetPoint.exe 2576 Logitech SetPoint Event Manager (UNICODE) Logitech, Inc.
KHALMNPR.exe 2976 Logitech KHAL Main Process Logitech, Inc.
conime.exe 4176 Console IME Microsoft Corporation
conime.exe 4836 Console IME Microsoft Corporation
avant.exe 3776 Avant Browser Avant Force
emule.exe 3712 1.55 eMule http://www.emule-project.net
bsplayer.exe 5420 BSPlayer AB Team
  • 0

#12
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, from your Process Explorer log, I determine this processes is the main culprit for your CPU usage..

Interrupts n/a 25.59 Hardware Interrupts
avgrsx.exe 3600 19.38 AVG Resident Shield Service AVG Technologies CZ, s.r.o.
System Idle Process 0 46.52



System Idle process means the percentage of your CPU being idle at the time of Process Explorer is running (which is 46%)

And your AVG Resident Shield somehow took over at 19% of CPU utilization..

And Hardware Interrupts eats about 25% of CPU utilization..

About your Hardware Interrupts issues, I suggest you to go to either our Vista Forum or our Hardware Forum


Tell them about your problem and mentioned that I send you there...

Show them the Process Explorer log if they ask...


Regards
fenzodahl512



Regards
fenzodahl512

Edited by fenzodahl512, 12 July 2008 - 12:16 PM.

  • 0

#13
fagag

fagag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
ok i posted my topic
thank u very much for all the help

should i uninstall AVG? should i use a diffrent anti-virus?
what about the infections that kaspersky found? how can i fix it?

thanks

jerby
  • 0

#14
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Oh.. the Kaspersky.. It only found one file.. Please delete this file manually...

D:\EMULE\Incoming\Spanish\Learn to speak English 9_by_amit133.rar



Not sure why your AVG behaves like that.. I don't ever advise you to uninstall it, but should you decide to, I suggest you to replace it with ONLY ONE of the following free and excellent antivirus below..




Anymore questions?
  • 0

#15
fagag

fagag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
ok thank u very much for all the help
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP