I have no control panel, my desktop backround has been changed, programs are running constantly, and I can't even install spybot...
....Help!
(And of course, Thanks In Advance)
My Hijackthis file:
Deckard's System Scanner v20071014.68
Run by guy on 2008-04-17 19:00:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
88: 2008-04-17 16:00:56 UTC - RP1318 - Deckard's System Scanner Restore Point
87: 2008-04-16 21:42:51 UTC - RP1317 - Restore Operation
86: 2008-04-15 22:13:48 UTC - RP1316 - System Checkpoint
85: 2008-04-14 03:15:11 UTC - RP1315 - System Checkpoint
84: 2008-04-13 02:28:39 UTC - RP1314 - System Checkpoint
-- First Restore Point --
1: 2008-01-18 15:43:27 UTC - RP1231 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 2.61 GiB (less than 15%) free.
-- HijackThis (run as guy.exe) -------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03:59, on 17/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Barak013\Barak013_L2TP\fts.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\he-il\msnappau.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\SiteAdvisor\6145\SiteAdv.exe
C:\WINDOWS\TEMP\win72.exe
C:\Program Files\cjb\cjb.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\cjb\cjb7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.exe
c:\program files\mcafee\msc\mcuimgr.exe
c:\program files\mcafee\msc\mcshell.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\guy\Desktop\dss.exe
C:\WINDOWS\system32\mshearts.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\guy.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - C:\Program Files\TrustIn Contextual\trustincontext.dll (file missing)
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\he-il\msntb.dll
O2 - BHO: (no name) - {D288EC64-298A-3F18-5BF0-0824F86062A0} - C:\Program Files\drvi\upbdamvhuo.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\he-il\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [%FP%Barak013 L2TP fts.exe] "C:\Program Files\Barak013\Barak013_L2TP\fts.exe"
O4 - HKLM\..\Run: [Virtual PDF Printer] C:\Program Files\Virtual PDF Printer\VirtualPDFPrinter.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\he-il\msnappau.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6145\SiteAdv.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win72.exe
O4 - HKLM\..\Run: [cbj] C:\Program Files\cjb\cjb.exe
O4 - HKLM\..\Run: [BluetoothAuthorizationAgent] C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor
O4 - HKLM\..\Run: [cjb] C:\Program Files\cjb\cjb7.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKLM\..\Policies\Explorer\Run: [F6vFwLfsTU] C:\WINDOWS\fwpyhmxg.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\guy\Start Menu\Programs\Poker.com\Poker.com.lnk (HKCU)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - https://hb2.bankleumi.co.il/Premium/dow ... fxIEAx.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2e52 ... scan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - AppInit_DLLs: iSecurity.cpl
O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)
O21 - SSODL: KbdService - {793b612a-2711-4c3b-af92-6da8f7369bcb} - C:\WINDOWS\Installer\{793b612a-2711-4c3b-af92-6da8f7369bcb}\KbdService.dll
O21 - SSODL: zip - {c304f30f-fcb5-49dc-8906-f65cec679092} - C:\WINDOWS\Installer\{c304f30f-fcb5-49dc-8906-f65cec679092}\zip.dll
O21 - SSODL: CDSetup - {66913b9a-6dd7-43ed-aadb-f2a121429107} - C:\WINDOWS\Installer\{66913b9a-6dd7-43ed-aadb-f2a121429107}\CDSetup.dll
O21 - SSODL: CheckBoot - {4216babd-e74b-4eba-94b5-84c3fd8b0359} - C:\WINDOWS\Installer\{4216babd-e74b-4eba-94b5-84c3fd8b0359}\CheckBoot.dll
O21 - SSODL: WinRunOnce - {60b3c4f6-fd89-4884-9973-e54295f9a3a4} - C:\WINDOWS\Installer\{60b3c4f6-fd89-4884-9973-e54295f9a3a4}\WinRunOnce.dll
O21 - SSODL: SrvVolume - {b60c4cd1-a1bd-4af9-ac8d-0cdfd99c96c6} - C:\WINDOWS\Installer\{b60c4cd1-a1bd-4af9-ac8d-0cdfd99c96c6}\SrvVolume.dll
O21 - SSODL: SrvKernel - {6d0c7515-b27a-477d-82bb-6651b8e7370f} - C:\WINDOWS\Installer\{6d0c7515-b27a-477d-82bb-6651b8e7370f}\SrvKernel.dll
O21 - SSODL: ChkUnknown - {1557603e-f66c-4bf7-b27e-e8eaebbf915e} - C:\WINDOWS\Installer\{1557603e-f66c-4bf7-b27e-e8eaebbf915e}\ChkUnknown.dll
O21 - SSODL: SetupSys - {5c46c749-7968-48e6-bc59-93f9c44f776c} - C:\WINDOWS\Installer\{5c46c749-7968-48e6-bc59-93f9c44f776c}\SetupSys.dll
O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPL
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MrobeService - Unknown owner - C:\WINDOWS\system32\MRobeService.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
--
End of file - 14239 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 NPPTNT - c:\windows\system32\npptnt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>
R2 ScsiAccess - c:\program files\photodex\proshowgold\scsiaccess.exe
S2 SvcProc (System Startup Service ) - c:\windows\svcproc.exe (file missing)
S3 MrobeService - "c:\windows\system32\mrobeservice.exe" (file missing)
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-04-13 18:00:03 404 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-04-01 01:00:06 348 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-03-15 02:45:02 346 --a------ C:\WINDOWS\Tasks\McDefragTask.job
-- Files created between 2008-03-17 and 2008-04-17 -----------------------------
2008-04-17 18:36:31 19968 --a------ C:\Program Files\tmp138531.exe
2008-04-17 18:36:27 19968 --a------ C:\Program Files\tmp137343.exe
2008-04-17 18:26:45 0 d-------- C:\Program Files\Trend Micro
2008-04-17 16:49:59 33280 --a------ C:\WINDOWS\xkrwfsxm.exe
2008-04-17 02:49:44 16652 --a------ C:\Program Files\tmp5593312.exe
2008-04-17 01:19:30 19968 --a------ C:\Program Files\tmp180234.exe
2008-04-16 05:09:59 19968 --a------ C:\Program Files\tmp11014968.exe
2008-04-16 05:09:59 19968 --a------ C:\Program Files\tmp11014921.exe
2008-04-16 03:39:29 143872 --a------ C:\Program Files\tmp5582250.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 08:17:59 19968 --a------ C:\Program Files\tmp25639515.exe
2008-04-13 07:15:21 16540 --a------ C:\Program Files\tmp21870421.exe
2008-04-13 04:14:15 19968 --a------ C:\Program Files\tmp11014812.exe
2008-04-12 06:09:15 16604 --a------ C:\Program Files\tmp90234953.exe
2008-04-12 05:00:58 10240 --a------ C:\Program Files\tmp86148843.exe
2008-04-12 05:00:48 10240 --a------ C:\Program Files\tmp86139000.exe
2008-04-12 05:00:05 10240 --a------ C:\Program Files\tmp86085062.exe
2008-04-12 00:11:43 19968 --a------ C:\Program Files\tmp68794203.exe
2008-04-11 23:01:46 10240 --a------ C:\Program Files\tmp64597093.exe
2008-04-11 23:01:08 10240 --a------ C:\Program Files\tmp64559234.exe
2008-04-11 23:00:56 10240 --a------ C:\Program Files\tmp64547187.exe
2008-04-11 23:00:43 10240 --a------ C:\Program Files\tmp64534359.exe
2008-04-11 23:00:31 10240 --a------ C:\Program Files\tmp64522171.exe
2008-04-11 23:00:07 10240 --a------ C:\Program Files\tmp64498156.exe
2008-04-11 16:02:42 10240 --a------ C:\Program Files\tmp39444968.exe
2008-04-11 08:39:21 19968 --a------ C:\Program Files\tmp12852250.exe
2008-04-11 08:39:20 19968 --a------ C:\Program Files\tmp12851328.exe
2008-04-11 05:38:46 143872 --a------ C:\Program Files\tmp1986781.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-09 13:59:39 9728 --a------ C:\Program Files\tmp38987046.exe
2008-04-09 10:59:07 9728 --a------ C:\Program Files\tmp28121515.exe
2008-04-09 07:03:35 143872 --a------ C:\Program Files\tmp14030968.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-09 07:03:21 19968 --a------ C:\Program Files\tmp14017093.exe
2008-04-09 05:33:04 19968 --a------ C:\Program Files\tmp8600109.exe
2008-04-09 05:33:02 19968 --a------ C:\Program Files\tmp8597921.exe
2008-04-09 05:32:56 19968 --a------ C:\Program Files\tmp8592234.exe
2008-04-09 04:02:55 9728 --a------ C:\Program Files\tmp3146000.exe
2008-04-08 19:49:50 0 d-------- C:\Program Files\iSecurity
2008-04-08 18:46:18 16608 --a------ C:\Program Files\tmp713234.exe
2008-03-17 23:28:44 16556 --a------ C:\Program Files\tmp90658078.exe
-- Find3M Report ---------------------------------------------------------------
2050-08-14 11:12:02 18944 --a------ C:\WINDOWS\system32\wowfx.dll
2008-04-17 18:35:39 0 d-------- C:\Documents and Settings\guy\Application Data\SiteAdvisor
2008-04-17 16:18:38 2024 --a------ C:\WINDOWS\mozver.dat
2008-04-11 18:00:00 0 d-------- C:\Program Files\Norton Security Scan
2008-04-11 16:02:42 0 d-------- C:\Program Files\cjb
2008-04-11 05:13:45 0 d-------- C:\Program Files\Java
2008-04-08 18:59:21 0 d-------- C:\Documents and Settings\guy\Application Data\Adobe
2008-03-28 07:56:52 0 d-------- C:\Program Files\Poker.com
2008-03-14 13:38:45 16472 --a------ C:\Program Files\tmp78090890.exe
2008-03-13 11:42:40 13508 --a------ C:\Program Files\tmp31423890.exe
2008-03-13 11:42:33 16464 --a------ C:\Program Files\tmp31415765.exe
2008-03-12 09:50:50 16584 --a------ C:\Program Files\tmp6573093.exe
2008-03-11 08:45:29 13452 --a------ C:\Program Files\tmp15508921.exe
2008-03-11 08:44:26 16496 --a------ C:\Program Files\tmp15445562.exe
2008-03-10 08:05:45 13444 --a------ C:\Program Files\tmp24601453.exe
2008-03-10 07:57:54 16500 --a------ C:\Program Files\tmp24129921.exe
2008-03-09 07:21:37 13504 --a------ C:\Program Files\tmp10521765.exe
2008-03-08 06:55:15 13456 --a------ C:\Program Files\tmp262775468.exe
2008-03-08 06:29:13 16436 --a------ C:\Program Files\tmp261212656.exe
2008-03-07 06:52:36 13364 --a------ C:\Program Files\tmp176215765.exe
2008-03-07 06:21:56 16540 --a------ C:\Program Files\tmp174376296.exe
2008-03-06 15:25:46 9216 --a------ C:\Program Files\tmp120605953.exe
2008-03-06 06:24:42 13388 --a------ C:\Program Files\tmp88141906.exe
2008-03-06 06:17:40 16596 --a------ C:\Program Files\tmp87719000.exe
2008-03-06 04:03:02 0 d-------- C:\Program Files\IE Extensions
2008-03-05 05:57:13 16576 --a------ C:\Program Files\tmp90546.exe
2008-02-20 04:26:14 15872 --a------ C:\Program Files\tmp98304703.exe
2008-02-20 04:26:14 15872 --a------ C:\Program Files\tmp98304640.exe
2008-02-19 01:10:25 0 d-------- C:\Program Files\nghabxli
2008-02-17 05:50:31 10240 --a------ C:\Program Files\tmp94713734.exe <Not Verified; NoName Corp.; NNC module>
2008-02-16 05:44:50 10240 --a------ C:\Program Files\tmp7973234.exe <Not Verified; NoName Corp.; NNC module>
2008-02-15 05:32:02 12288 --a------ C:\Program Files\tmp48361031.exe <Not Verified; Search2find LLC; Search2find>
2008-02-15 05:31:50 10240 --a------ C:\Program Files\tmp48348906.exe <Not Verified; NoName Corp.; NNC module>
2008-02-14 04:45:45 10240 --a------ C:\Program Files\tmp2093953.exe <Not Verified; NoName Corp.; NNC module>
2008-01-31 06:27:02 11264 --a------ C:\WINDOWS\mgrs.exe
2008-01-31 03:07:55 10240 --a------ C:\Program Files\spoolsv.exe <Not Verified; NoName Corp.; NNC module>
2008-01-31 03:06:33 18944 --a------ C:\WINDOWS\avp.exe <Not Verified; MskVip Ltd.; Antivirus Project (AVP) spyware removal module>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593}]
C:\Program Files\TrustIn Contextual\trustincontext.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AA870AC-8427-42a4-B92E-ECD956197489}]
C:\WINDOWS\AuroraHandler.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D288EC64-298A-3F18-5BF0-0824F86062A0}]
C:\Program Files\drvi\upbdamvhuo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [03/11/2003 05:24 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 01:22 PM]
"nwiz"="nwiz.exe" []
"%FP%Barak013 L2TP fts.exe"="C:\Program Files\Barak013\Barak013_L2TP\fts.exe" [01/07/2004 03:37 PM]
"Virtual PDF Printer"="C:\Program Files\Virtual PDF Printer\VirtualPDFPrinter.exe" []
"msnappau"="C:\Program Files\MSN Apps\Updater\01.02.3000.1001\he-il\msnappau.exe" [08/13/2004 06:41 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"RTHDCPL"="RTHDCPL.EXE" []
"Alcmtr"="ALCMTR.EXE" [05/03/2005 01:43 PM C:\WINDOWS\Alcmtr.exe]
"GBB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [07/12/2006 12:58 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 01:22 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 12:46 AM]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [11/08/2006 02:27 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/04/2006 01:50 AM]
"smgr"="mgrs.exe" [01/31/2008 06:27 AM C:\WINDOWS\mgrs.exe]
"Printer"="C:\WINDOWS\system32\printer.exe" []
"ctfmona"="C:\WINDOWS\system32\ctfmona.exe" []
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6145\SiteAdv.exe" [06/21/2007 11:06 PM]
"avp"="C:\WINDOWS\TEMP\win72.exe" []
"cbj"="C:\Program Files\cjb\cjb.exe" [03/06/2008 03:25 PM]
"BluetoothAuthorizationAgent"="C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe" []
"iSecurity applet"="iSecurity.cpl" [04/09/2008 09:27 AM C:\WINDOWS\system32\iSecurity.cpl]
"cjb"="C:\Program Files\cjb\cjb7.exe" [04/09/2008 01:59 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/17/2007 04:50 AM]
"@"="" []
"Spoolsv"="C:\WINDOWS\system32\spoolvs.exe" []
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [01/30/2008 02:11 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"F6vFwLfsTU"=C:\WINDOWS\fwpyhmxg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"KbdService"= {793b612a-2711-4c3b-af92-6da8f7369bcb} - C:\WINDOWS\Installer\{793b612a-2711-4c3b-af92-6da8f7369bcb}\KbdService.dll [02/14/2008 04:45 AM 14374]
"zip"= {c304f30f-fcb5-49dc-8906-f65cec679092} - C:\WINDOWS\Installer\{c304f30f-fcb5-49dc-8906-f65cec679092}\zip.dll [02/14/2008 04:45 AM 38438]
"CDSetup"= {66913b9a-6dd7-43ed-aadb-f2a121429107} - C:\WINDOWS\Installer\{66913b9a-6dd7-43ed-aadb-f2a121429107}\CDSetup.dll [02/16/2008 05:46 AM 14374]
"CheckBoot"= {4216babd-e74b-4eba-94b5-84c3fd8b0359} - C:\WINDOWS\Installer\{4216babd-e74b-4eba-94b5-84c3fd8b0359}\CheckBoot.dll [03/06/2008 04:06 AM 14374]
"WinRunOnce"= {60b3c4f6-fd89-4884-9973-e54295f9a3a4} - C:\WINDOWS\Installer\{60b3c4f6-fd89-4884-9973-e54295f9a3a4}\WinRunOnce.dll [03/07/2008 06:21 AM 14374]
"SrvVolume"= {b60c4cd1-a1bd-4af9-ac8d-0cdfd99c96c6} - C:\WINDOWS\Installer\{b60c4cd1-a1bd-4af9-ac8d-0cdfd99c96c6}\SrvVolume.dll [03/07/2008 11:45 PM 14374]
"SrvKernel"= {6d0c7515-b27a-477d-82bb-6651b8e7370f} - C:\WINDOWS\Installer\{6d0c7515-b27a-477d-82bb-6651b8e7370f}\SrvKernel.dll [03/12/2008 08:52 AM 14374]
"ChkUnknown"= {1557603e-f66c-4bf7-b27e-e8eaebbf915e} - C:\WINDOWS\Installer\{1557603e-f66c-4bf7-b27e-e8eaebbf915e}\ChkUnknown.dll [03/13/2008 07:10 AM 14374]
"SetupSys"= {5c46c749-7968-48e6-bc59-93f9c44f776c} - C:\WINDOWS\Installer\{5c46c749-7968-48e6-bc59-93f9c44f776c}\SetupSys.dll [03/28/2008 03:50 PM 14374]
"iSecurity"= {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPL [04/09/2008 09:27 AM 125440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\WINDOWS\shell.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwim32]
winwim32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=iSecurity.cpl
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll, xlibgfl254.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp psc 900 series) - 1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 900 series) - 1.lnk
backup=C:\WINDOWS\pss\HPAiODevice(hp psc 900 series) - 1.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RaConfig2500.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RaConfig2500.lnk
backup=C:\WINDOWS\pss\RaConfig2500.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{428c4537-baaf-11db-90d8-806d6172696f}]
AutoRun\command- D:\SETUP.EXE
-- Hosts -----------------------------------------------------------------------
10.18.250.4 ad.doubleclick.net
10.18.250.4 ad.fastclick.net
10.18.250.4 ads.fastclick.net
10.18.250.4 ar.atwola.com
10.18.250.4 atdmt.com
10.18.250.4 avp.ch
10.18.250.4 avp.com
10.18.250.4 avp.ru
10.18.250.4 awaps.net
10.18.250.4 banner.fastclick.net
90 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-04-17 19:04:45 ------------