Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hi! Pls Help With Possible Pc Infection


  • This topic is locked This topic is locked
7 replies to this topic

#1 giadda

giadda

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 09 May 2008 - 08:40 PM

good morning MODs :thumbsup: this is my first time posting a query regarding PC problems. I've read the PREP GUIDE so I hope I wont be much of a time waster. I am posting as specific as possible if it helps :)


FIRST, I started to worry for a possible infection when my PC rebooted requiring me to LOG ON. I've always set my settings to AutoLogON (as I'm the only one using the PC) which made me suspect a possible infection. I've never made another "User Account".

SECOND, since I suspected a possible infection I had my Ad-Watch do a full system scan and found this..


I checked for advice here and these are the things I have done so far..
1. I've checked if there is a Winiogon.exe infection, and found none so far.
2. I've checked each of the TaskManager processes and referenced for possible trojans.
3. Due to the Ad-Watch log, I uninstalled QuickTime but still get the qttask.exe -atbootime thing.

Since I'm still sensing an infection (somewhere), I decided to do a System Restore. When I checked my Restore Points, I found this..


I panicked upon seeing the 10:18:04 AM entry since it doesn't contain a filename.. So I restored to the 3rd of May but when I rebooted, it was as if there was no restore at all :thumbsup:

LASTLY, I connect to the NET through a network, so I'm thinking I might have been infected by accessing some of the shared files. :)

SO! I downloaded your DSscanner and allowed it to install HiJack.. I'm posting the main.txt here.. Unfortunately, I had problems with the Kaspersky Online Scanner as it showed this prompt, eventhough I was running at 575.8 kbps..



I hope my concern would be given consideration :thumbsup:

Thanks in advance,

G


Attached File  extra.txt   16.82KB   42 downloads

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-10 08:23:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
157: 2008-05-10 00:23:46 UTC - RP157 - Deckard's System Scanner Restore Point
156: 2008-05-09 23:32:58 UTC - RP156 - Restore Operation
155: 2008-05-09 17:04:33 UTC - RP155 - Software Distribution Service 3.0
154: 2008-05-09 16:30:30 UTC - RP154 - check
153: 2008-05-09 15:50:54 UTC - RP153 - Removed QuickTime


-- First Restore Point --
1: 2008-03-20 13:31:46 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:54 AM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210057984828
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7714 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>

S3 npkcrypt - c:\windows\system32\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 npkcsvc - c:\windows\system32\npkcsvc.exe <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Service>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-05 20:00:00 638 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Administrator.job


-- Files created between 2008-04-10 and 2008-05-10 -----------------------------

2008-05-10 08:32:21 0 d-------- C:\Program Files\Trend Micro
2008-05-10 07:54:55 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-10 07:54:54 0 d-------- C:\WINDOWS\LastGood
2008-05-10 07:36:42 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-10 07:36:19 0 d-------- C:\Program Files\ACW
2008-05-10 06:57:27 78516646 --a------ C:\RegBackUp.reg
2008-05-09 22:53:13 0 d--hs---- C:\WINDOWS\CSC
2008-05-08 17:57:36 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-08 17:55:58 669184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-05-08 17:46:39 0 d-------- C:\Program Files\Electronic Arts
2008-05-07 21:18:57 0 d-------- C:\WINDOWS\NV3152432.TMP
2008-05-07 21:17:42 0 d-------- C:\NVIDIA
2008-05-07 13:45:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-05-07 13:45:37 0 d-------- C:\Program Files\Lavasoft
2008-05-07 10:18:04 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-06 17:36:46 0 d-------- C:\Program Files\Valve
2008-05-06 15:13:17 0 d-------- C:\WINDOWS\Sun
2008-05-06 15:00:52 0 d-------- C:\WINDOWS\network diagnostic
2008-05-06 14:54:11 0 d-------- C:\Program Files\Java
2008-05-06 14:54:10 0 d-------- C:\Program Files\Common Files\Java
2008-05-06 14:53:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-05-06 14:23:35 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-06 07:58:13 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-06 07:45:40 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-05 22:04:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2008-05-03 20:19:09 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-03 19:48:08 153312 --a------ C:\WINDOWS\system\TYPELIB.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:08 157184 --a------ C:\WINDOWS\system\STORAGE.DLL
2008-05-03 19:48:08 55808 --a------ C:\WINDOWS\system\OLE2PROX.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:08 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-05-03 19:48:07 147440 --a------ C:\WINDOWS\system\OLE2NLS.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:07 98336 --a------ C:\WINDOWS\system\OLE2DISP.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:07 57328 --a------ C:\WINDOWS\system\OLE2CONV.DLL <Not Verified; Microsoft Corporation; Microsoft Graphic Filters>
2008-05-03 19:48:07 24606 --a------ C:\WINDOWS\system\OLE2.REG
2008-05-03 19:48:07 313344 --a------ C:\WINDOWS\system\OLE2.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:07 49616 --a------ C:\WINDOWS\system\MSACM.DLL <Not Verified; Microsoft Corporation; Microsoft Audio Compression Manager>
2008-05-03 19:48:07 49728 --a------ C:\WINDOWS\system\IYVU9.DLL
2008-05-03 19:48:06 151040 --a------ C:\WINDOWS\system\IR32.DLL
2008-05-03 19:48:06 77664 --a------ C:\WINDOWS\system\IR21_R.DLL
2008-05-03 19:48:06 7168 --a------ C:\WINDOWS\system\DISPDIB.DLL <Not Verified; Microsoft Corporation; Microsoft Video for Windows>
2008-05-03 19:48:06 14208 --a------ C:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2008-05-03 19:48:06 102400 --a------ C:\WINDOWS\system\COMPOBJ.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:06 87 --a------ C:\WINDOWS\system\CLEANUP.REG
2008-05-03 19:48:06 12800 --a------ C:\WINDOWS\system\ACMCMPRS.DLL <Not Verified; Microsoft Corporation; Microsoft Video for Windows>
2008-05-03 19:48:05 398416 --a------ C:\WINDOWS\system\VBRUN300.DLL <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2008-05-03 19:48:05 356992 --a------ C:\WINDOWS\system\VBRUN200.DLL <Not Verified; Microsoft Corporation; Visual Basic 2.0>
2008-05-03 19:48:05 124832 --a------ C:\WINDOWS\system\MFCO250.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2008-05-03 19:48:05 51440 --a------ C:\WINDOWS\system\MFCD250.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2008-05-03 19:48:05 298512 --a------ C:\WINDOWS\system\MFC250.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2008-05-03 19:48:05 21648 --a------ C:\WINDOWS\system\CTL3DV2.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2008-05-03 19:48:05 0 d-------- C:\MOSBY
2008-05-03 16:07:56 6029312 --a------ C:\Documents and Settings\Administrator\ntuser.dat
2008-05-03 15:23:50 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-05-03 15:23:10 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-05-03 12:49:50 0 d-------- C:\Program Files\Dragonfly
2008-05-03 12:45:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-03 11:43:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-03 11:43:53 461856 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-03 11:43:53 9162528 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-03 11:43:53 0 d-------- C:\Program Files\Kaspersky Lab
2008-04-27 15:29:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Recisio
2008-04-27 15:29:09 0 d-------- C:\Program Files\KaraFun
2008-04-27 14:32:03 0 d-------- C:\Program Files\Activision
2008-04-27 14:29:38 0 d--hs---- C:\WINDOWS\ftpcache
2008-04-27 14:24:50 0 d-------- C:\Program Files\PowerISO
2008-04-24 08:29:14 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-04-22 14:31:18 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-04-20 15:00:48 0 dr-h----- C:\Documents and Settings\Administrator\Application Data\SecuROM
2008-04-20 13:33:50 0 d-------- C:\Program Files\Common Files\EasyInfo
2008-04-20 08:30:07 0 d-------- C:\Program Files\Common Files\Scanner
2008-04-20 08:30:04 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-04-20 01:39:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-20 00:59:06 0 d-------- C:\Program Files\AMPED
2008-04-20 00:57:23 0 d-------- C:\WINDOWS\Downloaded Installations
2008-04-18 15:29:36 1001 --a------ C:\WINDOWS\eReg.dat


-- Find3M Report ---------------------------------------------------------------

2008-05-10 07:35:36 0 d-------- C:\Program Files\Realtek
2008-05-10 07:34:44 0 d-------- C:\Program Files\EA GAMES
2008-05-07 10:20:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-07 10:20:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-06 14:54:10 0 d-------- C:\Program Files\Common Files
2008-05-04 22:05:05 40 --a------ C:\WINDOWS\popcinfo.dat
2008-05-04 15:21:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-03 12:24:04 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-02 07:11:22 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-24 08:30:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2008-04-24 08:25:37 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-22 22:56:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Wildfire
2008-04-20 08:50:10 0 dr-h----- C:\Documents and Settings\Administrator\Application Data\yahoo!
2008-04-20 01:39:58 0 d-------- C:\Program Files\Yahoo!
2008-04-18 10:17:55 1370 --a------ C:\WINDOWS\mozver.dat
2008-04-11 20:56:19 0 d-------- C:\Program Files\DivX
2008-04-08 14:02:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-08 09:55:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-04-04 21:11:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-04-01 05:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-04-01 05:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-04-01 05:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-04-01 05:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-04-01 05:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 23:19:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-03-31 23:18:31 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-31 23:18:28 0 d-------- C:\Program Files\Common Files\Real
2008-03-31 23:14:35 0 d-------- C:\Program Files\DAP
2008-03-31 23:06:51 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-03-28 21:58:37 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-28 21:39:15 0 d-------- C:\Program Files\Windows Desktop Search
2008-03-27 22:04:28 0 d-------- C:\Program Files\Real
2008-03-23 12:04:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-03-23 12:03:49 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-23 12:03:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-03-22 04:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-22 04:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-22 04:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-22 04:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-21 17:47:24 1756 --a------ C:\WINDOWS\EReg196.dat
2008-03-21 12:04:43 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-21 12:04:26 0 d-------- C:\Program Files\EPSON
2008-03-21 12:03:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-03-21 09:19:19 0 d-------- C:\Program Files\Common Files\LightScribe
2008-03-21 09:11:51 0 d-------- C:\Program Files\Nero
2008-03-21 05:18:26 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-21 05:18:22 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-03-21 05:18:01 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2008-03-21 02:42:00 4096 --a------ C:\WINDOWS\d3dx.dat
2008-03-21 01:31:02 0 d-------- C:\Program Files\Perfect World
2008-03-21 00:51:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-03-21 00:33:49 0 d-------- C:\Program Files\Microsoft Works
2008-03-21 00:33:44 0 d-------- C:\Program Files\MSBuild
2008-03-20 21:45:49 0 d-------- C:\Program Files\VDOTool
2008-03-20 21:34:55 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-03-20 21:34:12 0 d-------- C:\Program Files\Intel
2008-03-20 21:31:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-03-20 21:28:02 0 d-------- C:\Program Files\microsoft frontpage
2008-03-20 21:27:44 0 -rahs---- C:\MSDOS.SYS
2008-03-20 21:27:44 0 -rahs---- C:\IO.SYS
2008-03-20 21:27:44 0 --a------ C:\CONFIG.SYS
2008-03-20 21:27:44 0 --a------ C:\AUTOEXEC.BAT
2008-03-20 21:26:51 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-20 21:26:13 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-20 21:26:06 0 d-------- C:\Program Files\Movie Maker
2008-03-20 21:25:31 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-20 21:25:15 0 d-------- C:\Program Files\Online Services
2008-03-20 21:25:11 0 d-------- C:\Program Files\Messenger
2008-03-20 21:25:07 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-20 21:25:01 0 d-------- C:\Program Files\Windows NT
2008-03-05 18:07:48 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [03/24/2006 07:09 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/31/2008 11:18 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
C:\Program Files\VDOTool\TBPanel.exe /A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
"C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\Autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-05-10 08:33:55 ------------

BC AdBot (Login to Remove)

 


#2 giadda

giadda
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 14 May 2008 - 08:47 AM

good evening everyone :)

i just wanted to inform that my PC is slightly faster since i removed my ad-aware.. i think it consumed too much system resources or something.. BTW, i also replaced my kaspersky v6.0 to v7.0 still on trial version ^.^

anyway, i just wanted to post my latest DSS logs since i've been encountering notifications from kaspersky regarding password protected files or whatever :thumbsup:

reason for edit:
i'm also attaching a copy of those PW protected files (just incase)
Attached File  scanresults_on_driveE.txt   297.86KB   39 downloads


Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-14 21:33:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:22 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210057984828
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8153 bytes

-- Files created between 2008-04-14 and 2008-05-14 -----------------------------

2008-05-13 15:15:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-05-13 15:12:22 63488 -ra------ C:\WINDOWS\system32\drivers\wssbtr1f.sys <Not Verified; National Semiconductor Sweden AB; National Semiconductor Sweden AB BlueCard PCMCIA driver>
2008-05-13 15:12:22 48556 -ra------ C:\WINDOWS\system32\drivers\SktBt2k.sys <Not Verified; Socket Communications, Inc.; SIO9502K>
2008-05-13 15:12:22 77824 -ra------ C:\WINDOWS\system32\drivers\SioUi2k.dll <Not Verified; Socket Communications Inc.; 16C950>
2008-05-13 15:12:21 48076 -ra------ C:\WINDOWS\system32\drivers\Sio9502k.sys <Not Verified; Socket Communications, Inc.; SIO9502K>
2008-05-13 15:12:21 40960 -ra------ C:\WINDOWS\system32\drivers\SCTray.exe <Not Verified; Socket Communications Inc.; SCTray>
2008-05-13 15:12:21 51169 -ra------ C:\WINDOWS\system32\drivers\OXSER.SYS <Not Verified; OEM; OX16C95x>
2008-05-13 15:12:00 11736 --a------ C:\WINDOWS\system32\drivers\VHIDMini.sys <Not Verified; IVT Corporation; IVT BlueSoleil>
2008-05-13 15:12:00 82148 --a------ C:\WINDOWS\system32\drivers\VcommMgr.sys <Not Verified; IVT Corporation; BlueSoleil>
2008-05-13 15:12:00 61312 --a------ C:\WINDOWS\system32\drivers\VComm.sys <Not Verified; IVT Corporation; BlueSoleil>
2008-05-13 15:12:00 11860 --a------ C:\WINDOWS\system32\drivers\vbtenum.sys
2008-05-13 15:12:00 116021 --a------ C:\WINDOWS\system32\drivers\fw203x.sys <Not Verified; Broadcom; >
2008-05-13 15:12:00 13304 --a------ C:\WINDOWS\system32\drivers\BTNetFilter.sys
2008-05-13 15:12:00 10804 --a------ C:\WINDOWS\system32\drivers\BtNetDrv.sys <Not Verified; IVT Corporation; BlueSoleil>
2008-05-13 15:12:00 28271 --a------ C:\WINDOWS\system32\drivers\BTHidMgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
2008-05-13 15:12:00 20480 --a------ C:\WINDOWS\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
2008-05-13 15:11:59 23000 --a------ C:\WINDOWS\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
2008-05-13 15:11:59 7680 --a------ C:\WINDOWS\system32\btinstall.dll <Not Verified; IVT Corporation; BlueSoleil>
2008-05-13 15:11:59 49152 --a------ C:\WINDOWS\system32\btfunc.dll <Not Verified; IVT Corporation; BlueSoleil>
2008-05-13 15:11:59 0 d-------- C:\Program Files\IVT Corporation
2008-05-11 23:44:38 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-10 19:06:48 96645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-10 19:06:48 87941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-10 18:49:53 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-10 18:48:51 0 d-------- C:\Program Files\ACW
2008-05-10 18:48:18 0 d-------- C:\WINDOWS\nview
2008-05-10 18:39:26 81696 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-10 18:39:26 6632224 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-10 18:33:58 0 d-------- C:\Program Files\SpeedBit Video Accelerator
2008-05-10 18:32:51 0 d-------- C:\Program Files\Kaspersky Lab
2008-05-10 17:58:23 0 d-------- C:\WINDOWS\NV26682672.TMP
2008-05-10 17:49:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-05-10 17:49:05 0 d-------- C:\WINDOWS\Sun
2008-05-10 17:48:40 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-10 17:48:40 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-10 17:48:39 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-10 17:48:22 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-10 17:48:21 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-05-10 17:47:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-10 17:47:21 0 d--hs---- C:\WINDOWS\ftpcache
2008-05-10 17:46:40 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-05-10 17:46:37 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-10 17:46:37 0 d-------- C:\Program Files\Common Files\EasyInfo
2008-05-10 17:46:04 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-10 14:17:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-10 14:17:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-10 10:10:57 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-05-10 09:57:15 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-10 09:55:44 0 d-------- C:\WINDOWS\Internet Logs
2008-05-10 08:32:21 0 d-------- C:\Program Files\Trend Micro
2008-05-10 06:57:27 78516646 --a------ C:\RegBackUp.reg
2008-05-09 22:53:13 0 d--hs---- C:\WINDOWS\CSC
2008-05-08 17:57:36 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-08 17:55:58 669184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-05-08 17:46:39 0 d-------- C:\Program Files\Electronic Arts
2008-05-07 21:48:00 6553600 --a------ C:\Documents and Settings\Administrator\ntuser.dat
2008-05-07 21:18:57 0 d-------- C:\WINDOWS\NV3152432.TMP
2008-05-07 21:17:42 0 d-------- C:\NVIDIA
2008-05-07 10:18:04 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-06 17:36:46 0 d-------- C:\Program Files\Valve
2008-05-06 15:00:52 0 d-------- C:\WINDOWS\network diagnostic
2008-05-06 14:54:11 0 d-------- C:\Program Files\Java
2008-05-06 14:54:10 0 d-------- C:\Program Files\Common Files\Java
2008-05-06 14:53:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-05-05 22:04:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2008-05-03 19:48:08 153312 --a------ C:\WINDOWS\system\TYPELIB.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:08 157184 --a------ C:\WINDOWS\system\STORAGE.DLL
2008-05-03 19:48:08 55808 --a------ C:\WINDOWS\system\OLE2PROX.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:07 147440 --a------ C:\WINDOWS\system\OLE2NLS.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:07 98336 --a------ C:\WINDOWS\system\OLE2DISP.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:07 57328 --a------ C:\WINDOWS\system\OLE2CONV.DLL <Not Verified; Microsoft Corporation; Microsoft Graphic Filters>
2008-05-03 19:48:07 24606 --a------ C:\WINDOWS\system\OLE2.REG
2008-05-03 19:48:07 313344 --a------ C:\WINDOWS\system\OLE2.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:07 49616 --a------ C:\WINDOWS\system\MSACM.DLL <Not Verified; Microsoft Corporation; Microsoft Audio Compression Manager>
2008-05-03 19:48:07 49728 --a------ C:\WINDOWS\system\IYVU9.DLL
2008-05-03 19:48:06 151040 --a------ C:\WINDOWS\system\IR32.DLL
2008-05-03 19:48:06 77664 --a------ C:\WINDOWS\system\IR21_R.DLL
2008-05-03 19:48:06 7168 --a------ C:\WINDOWS\system\DISPDIB.DLL <Not Verified; Microsoft Corporation; Microsoft Video for Windows>
2008-05-03 19:48:06 14208 --a------ C:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2008-05-03 19:48:06 102400 --a------ C:\WINDOWS\system\COMPOBJ.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:06 87 --a------ C:\WINDOWS\system\CLEANUP.REG
2008-05-03 19:48:06 12800 --a------ C:\WINDOWS\system\ACMCMPRS.DLL <Not Verified; Microsoft Corporation; Microsoft Video for Windows>
2008-05-03 19:48:05 398416 --a------ C:\WINDOWS\system\VBRUN300.DLL <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2008-05-03 19:48:05 356992 --a------ C:\WINDOWS\system\VBRUN200.DLL <Not Verified; Microsoft Corporation; Visual Basic 2.0>
2008-05-03 19:48:05 124832 --a------ C:\WINDOWS\system\MFCO250.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2008-05-03 19:48:05 51440 --a------ C:\WINDOWS\system\MFCD250.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2008-05-03 19:48:05 298512 --a------ C:\WINDOWS\system\MFC250.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2008-05-03 19:48:05 21648 --a------ C:\WINDOWS\system\CTL3DV2.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2008-05-03 19:48:05 0 d-------- C:\MOSBY
2008-05-03 15:23:50 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-05-03 15:23:10 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-05-03 12:49:50 0 d-------- C:\Program Files\Dragonfly
2008-05-03 11:43:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-27 15:29:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Recisio
2008-04-27 15:29:09 0 d-------- C:\Program Files\KaraFun
2008-04-27 14:32:03 0 d-------- C:\Program Files\Activision
2008-04-27 14:24:50 0 d-------- C:\Program Files\PowerISO
2008-04-24 08:29:14 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-04-20 15:00:48 0 dr-h----- C:\Documents and Settings\Administrator\Application Data\SecuROM
2008-04-20 08:30:04 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-04-20 01:39:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-18 15:29:36 1001 --a------ C:\WINDOWS\eReg.dat


-- Find3M Report ---------------------------------------------------------------

2008-05-14 07:24:24 40 --a------ C:\WINDOWS\popcinfo.dat
2008-05-13 15:11:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-13 15:11:47 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-10 18:48:35 0 d-------- C:\Program Files\EA GAMES
2008-05-10 18:35:09 0 d-------- C:\Program Files\Realtek
2008-05-10 17:48:42 0 d-------- C:\Program Files\Common Files
2008-05-10 17:47:55 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-10 17:47:52 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-10 17:46:37 0 dr-h----- C:\Documents and Settings\Administrator\Application Data\yahoo!
2008-05-10 17:45:55 0 d-------- C:\Program Files\DivX
2008-05-07 10:20:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-07 10:20:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-24 08:30:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2008-04-24 08:25:37 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-22 22:56:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Wildfire
2008-04-20 01:39:58 0 d-------- C:\Program Files\Yahoo!
2008-04-18 10:17:55 1370 --a------ C:\WINDOWS\mozver.dat
2008-04-08 14:02:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-08 09:55:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-04-04 21:11:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-04-01 05:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-04-01 05:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-04-01 05:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-04-01 05:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-04-01 05:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 23:19:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-03-31 23:18:31 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-31 23:18:28 0 d-------- C:\Program Files\Common Files\Real
2008-03-31 23:14:35 0 d-------- C:\Program Files\DAP
2008-03-31 23:06:51 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-03-28 21:58:37 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-28 21:39:15 0 d-------- C:\Program Files\Windows Desktop Search
2008-03-27 22:04:28 0 d-------- C:\Program Files\Real
2008-03-23 12:04:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-03-23 12:03:49 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-23 12:03:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-03-22 04:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-22 04:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-22 04:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-22 04:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-21 17:47:24 1756 --a------ C:\WINDOWS\EReg196.dat
2008-03-21 12:04:26 0 d-------- C:\Program Files\EPSON
2008-03-21 12:03:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-03-21 09:19:19 0 d-------- C:\Program Files\Common Files\LightScribe
2008-03-21 09:11:51 0 d-------- C:\Program Files\Nero
2008-03-21 05:18:26 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-21 05:18:22 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-03-21 05:18:01 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2008-03-21 02:42:00 4096 --a------ C:\WINDOWS\d3dx.dat
2008-03-21 01:31:02 0 d-------- C:\Program Files\Perfect World
2008-03-21 00:51:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-03-21 00:33:49 0 d-------- C:\Program Files\Microsoft Works
2008-03-21 00:33:44 0 d-------- C:\Program Files\MSBuild
2008-03-20 21:45:49 0 d-------- C:\Program Files\VDOTool
2008-03-20 21:34:55 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-03-20 21:34:12 0 d-------- C:\Program Files\Intel
2008-03-20 21:31:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-03-20 21:28:02 0 d-------- C:\Program Files\microsoft frontpage
2008-03-20 21:27:44 0 -rahs---- C:\MSDOS.SYS
2008-03-20 21:27:44 0 -rahs---- C:\IO.SYS
2008-03-20 21:27:44 0 --a------ C:\CONFIG.SYS
2008-03-20 21:27:44 0 --a------ C:\AUTOEXEC.BAT
2008-03-20 21:26:51 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-20 21:26:13 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-20 21:26:06 0 d-------- C:\Program Files\Movie Maker
2008-03-20 21:25:31 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-20 21:25:15 0 d-------- C:\Program Files\Online Services
2008-03-20 21:25:11 0 d-------- C:\Program Files\Messenger
2008-03-20 21:25:07 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-20 21:25:01 0 d-------- C:\Program Files\Windows NT
2008-03-05 18:07:48 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [02/08/2008 06:36 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/31/2008 11:18 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM C:\WINDOWS\system32\bthprops.cpl]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [5/13/2008 3:12:01 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
C:\Program Files\VDOTool\TBPanel.exe /A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
"C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\Autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-05-14 21:36:47 ------------

Edited by giadda, 14 May 2008 - 09:00 AM.


#3 giadda

giadda
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 15 May 2008 - 10:11 AM

hi again, and i'm sorry to be constantly updating my logs :thumbsup: (i just dont want to post another topic coz i know thats against forum rules or something)

I'm just a bit worried because my Kaspersky AV prompted me awhile ago regarding possible virus Heur.Trojan and Spy.Win.32.Banker.fzf infection.. I had it deleted it promptly.. but I am worried that it caused system damage or something because my PC suddenly froze, prompted me with a blue screen (which disappeared b4 i could read anything) and then restarted..

i am posting my HiJackThis Log in the hope that someone could help me with a possible problem or reassure me that nothing's wrong..

Panda Online Scan : no malicious items
Malwarebytes : no malicious items


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:08 PM, on 5/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210057984828
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8101 bytes

#4 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 27 May 2008 - 12:38 AM

Hello giadda

Welcome to Bleeping Computer!

Sorry about the delay. We're all volunteers here, and it's been very busy.

If you still need help, please post a new DSS.scan report to make sure nothing has changed.
Please post only the main.txt report, and I'll be happy to take a look at it for you.

Thank you for your patience.



White Warrior

#5 giadda

giadda
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 30 May 2008 - 12:06 AM

hi :thumbsup: thanks for the response ^^ its okay, i understand completely ^^

i'd really appreciate any help i could get, i'm not sure whether or not i have an infection but my PC certainly is quite sluggish, spiking up to 60% + CPU usage .. here's the recent main.txt as requested :)


Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-30 13:01:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:07 PM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\DURIE\DURIE.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: RapidShare-Download - res://D:\Program Files\RapidShare\RapidShare - the way YOU like it!\RapidShare - the way YOU like it!\more-rapid.exe/RsMenExt.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210057984828
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8515 bytes

-- Files created between 2008-04-30 and 2008-05-30 -----------------------------

2008-05-30 12:38:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Free Download Manager
2008-05-30 12:38:51 0 d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-05-30 01:25:14 0 d-------- C:\Program Files\MegauploadToolbar
2008-05-30 01:25:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\MegauploadToolbar
2008-05-30 00:09:08 0 d-------- C:\Program Files\Free Download Manager
2008-05-29 14:00:45 0 d-------- C:\logs
2008-05-29 14:00:44 0 d-------- C:\Documents and Settings\Administrator\ChikkaDefault
2008-05-29 14:00:17 0 d-------- C:\Program Files\Chikka Messenger
2008-05-27 13:13:12 0 d-------- C:\Program Files\Trend Micro
2008-05-27 12:07:57 262144 --a------ C:\ntuser.dat
2008-05-22 15:47:57 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-22 12:59:02 0 d-------- C:\Program Files\DURIE
2008-05-22 10:43:47 68096 --a------ C:\WINDOWS\zip.exe
2008-05-22 10:43:47 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-22 10:43:47 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-22 10:43:47 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-22 10:43:47 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-22 10:43:47 98816 --a------ C:\WINDOWS\sed.exe
2008-05-22 10:43:47 80412 --a------ C:\WINDOWS\grep.exe
2008-05-22 10:43:47 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-20 16:10:37 0 d--h----- C:\WINDOWS\PIF
2008-05-20 16:08:37 155648 --a------ C:\WINDOWS\system32\libssl32.dll
2008-05-18 19:43:43 0 d--hs---- C:\found.000
2008-05-16 09:14:57 0 d-------- C:\WINDOWS\Caps
2008-05-15 18:22:07 96645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-15 18:22:07 87941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-15 18:21:36 539936 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-15 18:21:36 11656992 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-15 18:21:36 0 d-------- C:\Program Files\Kaspersky Lab
2008-05-15 16:13:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\DMCache
2008-05-15 00:20:40 0 d-------- C:\Program Files\Panda Security
2008-05-14 22:12:24 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-13 15:15:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-05-13 15:12:22 63488 -ra------ C:\WINDOWS\system32\drivers\wssbtr1f.sys <Not Verified; National Semiconductor Sweden AB; National Semiconductor Sweden AB BlueCard PCMCIA driver>
2008-05-13 15:12:22 48556 -ra------ C:\WINDOWS\system32\drivers\SktBt2k.sys <Not Verified; Socket Communications, Inc.; SIO9502K>
2008-05-13 15:12:22 77824 -ra------ C:\WINDOWS\system32\drivers\SioUi2k.dll <Not Verified; Socket Communications Inc.; 16C950>
2008-05-13 15:12:21 48076 -ra------ C:\WINDOWS\system32\drivers\Sio9502k.sys <Not Verified; Socket Communications, Inc.; SIO9502K>
2008-05-13 15:12:21 40960 -ra------ C:\WINDOWS\system32\drivers\SCTray.exe <Not Verified; Socket Communications Inc.; SCTray>
2008-05-13 15:12:21 51169 -ra------ C:\WINDOWS\system32\drivers\OXSER.SYS <Not Verified; OEM; OX16C95x>
2008-05-13 15:12:00 11736 --a------ C:\WINDOWS\system32\drivers\VHIDMini.sys <Not Verified; IVT Corporation; IVT BlueSoleil>
2008-05-13 15:12:00 82148 --a------ C:\WINDOWS\system32\drivers\VcommMgr.sys <Not Verified; IVT Corporation; BlueSoleil>
2008-05-13 15:12:00 61312 --a------ C:\WINDOWS\system32\drivers\VComm.sys <Not Verified; IVT Corporation; BlueSoleil>
2008-05-13 15:12:00 11860 --a------ C:\WINDOWS\system32\drivers\vbtenum.sys
2008-05-13 15:12:00 116021 --a------ C:\WINDOWS\system32\drivers\fw203x.sys <Not Verified; Broadcom; >
2008-05-13 15:12:00 13304 --a------ C:\WINDOWS\system32\drivers\BTNetFilter.sys
2008-05-13 15:12:00 10804 --a------ C:\WINDOWS\system32\drivers\BtNetDrv.sys <Not Verified; IVT Corporation; BlueSoleil>
2008-05-13 15:12:00 28271 --a------ C:\WINDOWS\system32\drivers\BTHidMgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
2008-05-13 15:12:00 20480 --a------ C:\WINDOWS\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
2008-05-13 15:11:59 23000 --a------ C:\WINDOWS\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
2008-05-13 15:11:59 7680 --a------ C:\WINDOWS\system32\btinstall.dll <Not Verified; IVT Corporation; BlueSoleil>
2008-05-13 15:11:59 49152 --a------ C:\WINDOWS\system32\btfunc.dll <Not Verified; IVT Corporation; BlueSoleil>
2008-05-13 15:11:59 0 d-------- C:\Program Files\IVT Corporation
2008-05-11 23:44:38 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-10 18:49:53 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-10 18:48:51 0 d-------- C:\Program Files\ACW
2008-05-10 18:48:18 0 d-------- C:\WINDOWS\nview
2008-05-10 17:58:23 0 d-------- C:\WINDOWS\NV26682672.TMP
2008-05-10 17:49:05 0 d-------- C:\WINDOWS\Sun
2008-05-10 17:48:40 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-10 17:48:40 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-10 17:48:39 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-10 17:48:21 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-05-10 17:47:21 0 d--hs---- C:\WINDOWS\ftpcache
2008-05-10 17:46:40 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-05-10 17:46:37 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-10 17:46:37 0 d-------- C:\Program Files\Common Files\EasyInfo
2008-05-10 17:46:04 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-10 14:17:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-10 14:17:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-10 09:57:15 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-10 09:55:44 0 d-------- C:\WINDOWS\Internet Logs
2008-05-09 22:53:13 0 d--hs---- C:\WINDOWS\CSC
2008-05-08 17:57:36 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-07 21:48:00 7602176 --a------ C:\Documents and Settings\Administrator\ntuser.dat
2008-05-07 21:18:57 0 d-------- C:\WINDOWS\NV3152432.TMP
2008-05-07 21:17:42 0 d-------- C:\NVIDIA
2008-05-07 10:18:04 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-06 17:36:46 0 d-------- C:\Program Files\Valve
2008-05-06 15:00:52 0 d-------- C:\WINDOWS\network diagnostic
2008-05-06 14:54:11 0 d-------- C:\Program Files\Java
2008-05-06 14:54:10 0 d-------- C:\Program Files\Common Files\Java
2008-05-06 14:53:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-05-03 19:48:08 153312 --a------ C:\WINDOWS\system\TYPELIB.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:08 157184 --a------ C:\WINDOWS\system\STORAGE.DLL
2008-05-03 19:48:08 55808 --a------ C:\WINDOWS\system\OLE2PROX.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:07 147440 --a------ C:\WINDOWS\system\OLE2NLS.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:07 98336 --a------ C:\WINDOWS\system\OLE2DISP.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:07 57328 --a------ C:\WINDOWS\system\OLE2CONV.DLL <Not Verified; Microsoft Corporation; Microsoft Graphic Filters>
2008-05-03 19:48:07 24606 --a------ C:\WINDOWS\system\OLE2.REG
2008-05-03 19:48:07 313344 --a------ C:\WINDOWS\system\OLE2.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:07 49616 --a------ C:\WINDOWS\system\MSACM.DLL <Not Verified; Microsoft Corporation; Microsoft Audio Compression Manager>
2008-05-03 19:48:07 49728 --a------ C:\WINDOWS\system\IYVU9.DLL
2008-05-03 19:48:06 151040 --a------ C:\WINDOWS\system\IR32.DLL
2008-05-03 19:48:06 77664 --a------ C:\WINDOWS\system\IR21_R.DLL
2008-05-03 19:48:06 7168 --a------ C:\WINDOWS\system\DISPDIB.DLL <Not Verified; Microsoft Corporation; Microsoft Video for Windows>
2008-05-03 19:48:06 14208 --a------ C:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2008-05-03 19:48:06 102400 --a------ C:\WINDOWS\system\COMPOBJ.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:06 87 --a------ C:\WINDOWS\system\CLEANUP.REG
2008-05-03 19:48:06 12800 --a------ C:\WINDOWS\system\ACMCMPRS.DLL <Not Verified; Microsoft Corporation; Microsoft Video for Windows>
2008-05-03 19:48:05 398416 --a------ C:\WINDOWS\system\VBRUN300.DLL <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2008-05-03 19:48:05 356992 --a------ C:\WINDOWS\system\VBRUN200.DLL <Not Verified; Microsoft Corporation; Visual Basic 2.0>
2008-05-03 19:48:05 124832 --a------ C:\WINDOWS\system\MFCO250.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2008-05-03 19:48:05 51440 --a------ C:\WINDOWS\system\MFCD250.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2008-05-03 19:48:05 298512 --a------ C:\WINDOWS\system\MFC250.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2008-05-03 19:48:05 21648 --a------ C:\WINDOWS\system\CTL3DV2.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2008-05-03 15:23:50 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-05-03 15:23:10 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-05-03 11:43:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab


-- Find3M Report ---------------------------------------------------------------

2008-05-28 16:43:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-26 20:56:25 40 --a------ C:\WINDOWS\popcinfo.dat
2008-05-21 19:38:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-21 19:37:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-05-19 20:13:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Wildfire
2008-05-16 21:22:08 0 d-------- C:\Program Files\Yahoo!
2008-05-13 15:11:47 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-10 18:48:35 0 d-------- C:\Program Files\EA GAMES
2008-05-10 18:35:09 0 d-------- C:\Program Files\Realtek
2008-05-10 17:48:42 0 d-------- C:\Program Files\Common Files
2008-05-10 17:47:52 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-10 17:47:21 0 d-------- C:\Program Files\PowerISO
2008-05-10 17:46:37 0 dr-h----- C:\Documents and Settings\Administrator\Application Data\yahoo!
2008-05-10 17:45:55 0 d-------- C:\Program Files\DivX
2008-05-10 17:42:47 0 d-------- C:\Program Files\KaraFun
2008-05-07 10:20:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-07 10:20:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-04 15:21:21 1001 --a------ C:\WINDOWS\eReg.dat
2008-04-24 08:30:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2008-04-24 08:25:37 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-20 15:00:48 0 dr-h----- C:\Documents and Settings\Administrator\Application Data\SecuROM
2008-04-18 10:17:55 1370 --a------ C:\WINDOWS\mozver.dat
2008-04-04 21:11:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-04-01 05:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-04-01 05:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-04-01 05:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-04-01 05:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-04-01 05:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 23:19:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-03-31 23:18:31 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-31 23:18:28 0 d-------- C:\Program Files\Common Files\Real
2008-03-23 12:03:49 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-22 04:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-22 04:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-22 04:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-22 04:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-21 17:47:24 1756 --a------ C:\WINDOWS\EReg196.dat
2008-03-21 05:18:01 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2008-03-21 02:42:00 4096 --a------ C:\WINDOWS\d3dx.dat
2008-03-20 21:34:55 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-03-20 21:27:44 0 -rahs---- C:\MSDOS.SYS
2008-03-20 21:27:44 0 -rahs---- C:\IO.SYS
2008-03-20 21:27:44 0 --a------ C:\CONFIG.SYS
2008-03-20 21:27:44 0 --a------ C:\AUTOEXEC.BAT
2008-03-20 21:25:31 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-05 18:07:48 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [02/08/2008 06:36 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/31/2008 11:18 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 PM]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [06/10/2007 06:02 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Registration Dogz2.LNK]
backup=C:\WINDOWS\pss\Registration Dogz2.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
C:\Program Files\VDOTool\TBPanel.exe /A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"LightScribeService"=2 (0x2)
"EPSON_PM_RPCV4_01"=2 (0x2)
"BthServ"=2 (0x2)
"BlueSoleil Hid Service"=2 (0x2)
"wuauserv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\CDCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\CDCheck.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-05-30 13:01:50 ------------

#6 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 31 May 2008 - 06:03 AM

Hello Giadda.


Could you please tell me if you had a version of Norton that included "cleansweep" installed at some time. Cleansweep is part of Norton systemworks.

Also, do you still have a copy of the Kaspersky scan that deleted the banker trojan? If you do, please post it here in your next reply. This is important.

I also noticed several files in the Kaspersky scan Report for the E drive which pointed to keygens/cracks.
Downloading cracks/keygens, pirated software and so-forth is dangerous.

Not only is the practice of using crack or keygen tools a security risk, it is considered illegal activity and a violation of our BC Discussion/Message Boards Rules

No subject matter will be allowed whose purpose is to defeat existing copyright or security measures. If a user persists and/or the activity is obviously illegal the staff reserves the right to remove such content and/or ban the user. This would also mean encouraging the use or continued use of pirated software is not permitted, and subject to the same consequences.


If you use those kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen and pirated software sites. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling Windows.


Now, on to the fix:

Before we begin, please save these instructions in Notepad to your Desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

Please download ATF Cleaner by Atribune.
Do NOT run it yet.

Please download SDFix by AndyManchesta and save it to your Desktop.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Double click SDFix.exe and it will extract the files to %systemdrive%
  • This is the drive that contains the Windows Directory, typically C:\SDFix.
Do NOT run it yet.

Reboot into Safe Mode by continuously tapping the F8 key as soon as the computer begins to boot. A menu should come up where you will be given the option to enter Safe Mode.

Now:Double-click ATF-Cleaner.exe to run the program.
Under Main Select Files to Delete choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the computer.
  • When the computer restarts, the Fixtool will run again and complete the removal process then display Finished
  • Press any key to end the script and load your Desktop icons.
  • Once the Desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Copy/Paste the contents of the results file Report.txt in your next reply.
Note: If this error message is displayed when running SDFix: "(The command prompt has been disabled by your administrator). Press any key to continue...."
Please go to Start > Run > and Copy/Paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.

-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start > Run > and Copy/Paste the following line:
%systemdrive%\SDFix\apps\FixPath.exe /Q
Reboot and then run SDFix again.

-- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.
%SystemRoot%\system32\cmd.exe

Finally: Please reboot the computer to normal Windows.

POST:

Norton information
Kaspersky Report
SDFix Report.


White Warrior.

#7 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 07 June 2008 - 04:33 AM

Hello Giadda.


Do you still require help?


White Warrior

#8 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:11:33 PM

Posted 12 June 2008 - 05:12 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users