Thread: HEEEEEELLLLLP! MP3 files get deleted
View Single Post
Old 05-01-2008, 05:20 PM   #4 (permalink)
sickofviruses
Registered User
 
Join Date: Apr 2008
Posts: 5
OS: WXP


Re: HEEEEEELLLLLP! MP3 files get deleted
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-02 04:08:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-05-01 23:09:06 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-02 04:10:41
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\MSGSYS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.scientificatlanta.com/con...edownloads.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [RRT-Auto] F:\Saad\RRT\RRT.exe auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll (file missing)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - \webcheck.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


--
End of file - 7552 bytes

-- File Associations -----------------------------------------------------------

.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 SNP2STD (USB2.0 PC Camera (SNP2STD)) - c:\windows\system32\drivers\snp2sxp.sys <Not Verified; ; USB2.0 PC Camera driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-01 20:57:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-02 and 2008-05-02 -----------------------------

2008-05-02 03:58:59 0 d-------- C:\ie-spyad_zo
2008-05-02 03:56:10 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-02 03:55:56 0 d-------- C:\Program Files\SpywareBlaster
2008-05-02 01:16:56 0 d-------- C:\Program Files\Panda Security
2008-05-02 01:16:54 0 d-------- C:\WINDOWS\LastGood
2008-05-01 11:03:32 0 d--hs---- C:\FOUND.002
2008-05-01 09:44:12 0 d-------- C:\Program Files\QuickTime
2008-05-01 09:44:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-01 09:43:32 0 d-------- C:\Program Files\Apple Software Update
2008-05-01 09:43:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-01 08:21:04 0 d-------- C:\Program Files\ScanSpyware v3.8
2008-04-29 22:37:16 0 d-------- C:\Program Files\Lavasoft
2008-04-29 22:37:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-29 22:36:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 21:52:37 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-28 00:54:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\PDFCreator
2008-04-28 00:54:01 0 d-------- C:\Program Files\PDFCreator
2008-04-27 07:04:08 0 d--hs---- C:\FOUND.001
2008-04-27 04:04:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-04-27 03:11:18 0 d-------- C:\WINDOWS\network diagnostic
2008-04-27 02:14:50 0 d-------- C:\Program Files\Microsoft Works
2008-04-27 02:12:36 0 d-------- C:\WINDOWS\SHELLNEW
2008-04-27 02:11:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-27 02:10:54 0 dr-h----- C:\MSOCache
2008-04-27 01:58:47 0 d-------- C:\Office Backup
2008-04-27 01:58:21 0 d-------- C:\Program Files\Common Files\PCSuite
2008-04-27 01:58:20 0 d-------- C:\Program Files\Common Files\Nokia
2008-04-27 01:56:38 0 d-------- C:\Program Files\PC Connectivity Solution
2008-04-27 01:03:16 94208 --a------ C:\WINDOWS\amcap.exe <Not Verified; Microsoft Corporation; DirectX 8.1 Sample>
2008-04-27 01:03:14 110592 --a------ C:\WINDOWS\tsnp2std.exe <Not Verified; ; tsnp2std>
2008-04-27 01:03:14 20480 --a------ C:\WINDOWS\FixCamera.exe <Not Verified; ; CameraFixer Application>
2008-04-27 01:03:13 344064 -----n--- C:\WINDOWS\vsnp2std.exe <Not Verified; Sonix; CameraMonitor Application>
2008-04-27 01:03:12 24960 --a------ C:\WINDOWS\system32\drivers\sncamd.sys <Not Verified; Microsoft Corporation; MicrosoftR WindowsR Operating System>
2008-04-27 01:03:11 10219904 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys <Not Verified; ; USB2.0 PC Camera driver>
2008-04-27 01:03:09 61440 --a------ C:\WINDOWS\vsnp2std.dll <Not Verified; Sonix; >
2008-04-27 01:03:09 53248 --a------ C:\WINDOWS\system32\csnp2std.dll <Not Verified; ; InstallUtil>
2008-04-27 01:03:09 147456 --a------ C:\WINDOWS\rsnp2std.dll <Not Verified; ; ResourceDLL>
2008-04-27 01:03:09 0 d-------- C:\Program Files\Common Files\snp2std
2008-04-27 00:53:04 0 d-------- C:\WINDOWS\RegisteredPackages
2008-04-27 00:51:58 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-27 00:51:50 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-27 00:43:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-27 00:42:45 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-27 00:39:10 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-27 00:38:15 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll <Not Verified; HP; HP SNMP Windows>
2008-04-27 00:38:15 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll <Not Verified; HP; HP SNMP Windows>
2008-04-27 00:38:15 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll <Not Verified; HP; HP PmlRtl>
2008-04-27 00:38:15 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe <Not Verified; HP; HP PML>
2008-04-27 00:38:15 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows>
2008-04-27 00:38:14 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll <Not Verified; HP; HP Dot4Rtl>
2008-04-27 00:38:12 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-04-27 00:37:58 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-27 00:37:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nokia
2008-04-27 00:37:28 0 d-------- C:\Program Files\DIFX
2008-04-27 00:37:04 0 d-------- C:\Program Files\HP
2008-04-27 00:35:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Suite
2008-04-27 00:35:06 17505 -----n--- C:\WINDOWS\hpomdl07.dat
2008-04-27 00:35:06 102259 --a------ C:\WINDOWS\hpoins05.dat
2008-04-27 00:34:02 0 d-------- C:\Program Files\Nokia
2008-04-27 00:31:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-04-27 00:31:14 98304 --a------ C:\WINDOWS\system32\hpzjsn01.dll <Not Verified; Hewlett Packard Company; HPJZSN01 Dynamic Link Library>
2008-04-27 00:30:33 0 d-------- C:\Temp
2008-04-26 20:14:47 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-26 20:03:20 0 d-------- C:\Program Files\Ahead
2008-04-26 20:02:48 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-04-26 20:00:30 0 d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-26 20:00:22 0 d-------- C:\Program Files\Windows Live
2008-04-26 20:00:14 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-26 19:55:14 0 d-------- C:\WINDOWS\system32\appmgmt
2008-04-26 19:50:43 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-04-26 19:50:38 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-04-26 19:50:36 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-26 19:50:36 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-26 19:50:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-04-26 19:50:35 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-04-26 19:50:33 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-04-26 19:50:31 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-26 19:50:28 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-04-26 19:48:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-26 17:25:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-04-26 17:23:15 0 d-------- C:\Program Files\Yahoo!
2008-04-26 17:03:22 0 d--hs---- C:\Recycled
2008-04-26 17:01:45 0 d-------- C:\Program Files\Java
2008-04-26 17:01:42 0 d-------- C:\Program Files\Common Files\Java
2008-04-26 17:00:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-04-26 16:58:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-04-26 16:31:28 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-26 07:02:14 0 d--hs---- C:\FOUND.000
2008-04-26 06:02:24 0 d--hs---- C:\Documents and Settings\Administrator\UserData
2008-04-26 06:01:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\ACD Systems
2008-04-26 06:00:38 0 d-------- C:\Program Files\Common Files\ACD Systems
2008-04-26 06:00:38 0 d-------- C:\Program Files\ACD Systems
2008-04-26 06:00:12 0 d-------- C:\WINDOWS\Downloaded Installations
2008-04-26 05:56:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2008-04-26 05:54:53 0 d-------- C:\Program Files\Nero
2008-04-26 05:54:53 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-26 05:47:52 0 d-------- C:\Documents and Settings\Administrator\Contacts
2008-04-26 05:45:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-26 05:45:49 0 d-------- C:\WINDOWS\system32\DRVSTORE
2008-04-26 05:41:06 0 d-------- C:\Program Files\Ares
2008-04-26 05:36:05 0 d-------- C:\Program Files\D-Link
2008-04-26 05:33:58 49152 -ra------ C:\WINDOWS\system32\ChCfg.exe
2008-04-26 05:33:01 0 d-------- C:\Program Files\Realtek AC97
2008-04-26 05:32:58 315392 -ra------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-04-26 05:32:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-26 05:27:24 4032 --a------ C:\WINDOWS\system32\SYMEVNT1.DLL <Not Verified; Symantec Corporation; SYMEVENT>
2008-04-26 05:27:24 36864 --a------ C:\WINDOWS\system32\S32EVNT1.DLL <Not Verified; Symantec Corporation; SYMEVENT>
2008-04-26 05:27:24 57696 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS <Not Verified; Symantec Corporation; SYMEVENT>
2008-04-26 05:27:20 0 d-------- C:\WINDOWS\system32\CBA
2008-04-26 05:27:19 0 d-------- C:\Program Files\Symantec
2008-04-26 05:27:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-26 05:27:17 0 d-------- C:\Program Files\NavNT
2008-04-26 05:27:17 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-26 05:26:52 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-26 05:26:38 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-26 05:20:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-26 05:20:42 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-26 05:20:42 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-26 05:20:42 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-26 05:20:42 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-26 05:20:42 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-26 05:20:42 7077888 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-26 05:20:42 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-26 05:20:42 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-26 05:20:42 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-26 05:20:42 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-26 05:20:42 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-26 05:20:42 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-26 05:20:42 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-26 05:20:38 0 d--hs---- C:\System Volume Information
2008-04-26 05:20:35 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-26 05:20:34 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-26 05:20:34 0 d-------- C:\WINDOWS\Prefetch
2008-04-26 05:20:33 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-26 05:20:33 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-04-26 05:20:33 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-04-26 05:20:33 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-04-26 05:20:33 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-26 05:13:59 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-04-26 05:13:59 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-04-26 05:13:59 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-26 05:13:58 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-26 05:13:58 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-04-26 05:08:17 0 d-------- C:\WINDOWS\system32\xircom
2008-04-26 05:08:17 0 d-------- C:\Program Files\microsoft frontpage
2008-04-26 05:08:01 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-26 05:07:49 0 -rahs---- C:\MSDOS.SYS
2008-04-26 05:07:49 0 -rahs---- C:\IO.SYS
2008-04-26 05:07:49 0 --a------ C:\CONFIG.SYS
2008-04-26 05:07:49 0 --a------ C:\AUTOEXEC.BAT
2008-04-26 0544 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-26 0532 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-26 0532 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-26 0520 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-26 0501 0 d-------- C:\WINDOWS\system32\DirectX
2008-04-26 05:05:35 0 d---s---- C:\WINDOWS\Tasks
2008-04-26 05:05:34 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-26 05:05:31 0 d-------- C:\WINDOWS\srchasst
2008-04-26 05:05:30 0 d-------- C:\WINDOWS\system32\Macromed
2008-04-26 05:05:23 0 d-------- C:\Program Files\Movie Maker
2008-04-26 05:05:17 0 d-------- C:\WINDOWS\system32\Restore
2008-04-26 05:04:28 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-26 05:04:11 0 d-------- C:\WINDOWS\Registration
2008-04-26 05:04:03 0 d-------- C:\Program Files\Online Services
2008-04-26 05:03:57 0 d-------- C:\Program Files\Messenger
2008-04-26 05:03:54 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-26 05:03:23 0 d-------- C:\Program Files\Windows NT
2008-04-26 05:03:20 0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-26 05:03:19 0 d-------- C:\WINDOWS\system32\Com
2008-04-26 04:55:56 0 d--hs---- C:\WINDOWS\Installer
2008-04-26 04:55:56 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-26 04:55:53 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-26 04:55:52 0 dr------- C:\Program Files
2008-04-26 04:55:52 0 d-------- C:\Program Files\Common Files
2008-04-26 04:55:29 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-04-26 04:55:29 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-04-26 04:55:29 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-04-26 04:55:29 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-04-26 04:55:29 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-04-26 04:55:29 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-04-26 04:55:29 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-04-26 04:55:29 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-04-26 04:55:29 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-04-26 04:55:29 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-04-26 04:55:29 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-26 04:55:29 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-04-26 04:55:29 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-04-26 04:55:29 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-04-26 04:55:29 0 dr------- C:\Documents and Settings\All Users\Documents
2008-04-26 04:55:29 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-04-26 04:53:43 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-26 04:53:43 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-26 04:53:38 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-04-26 04:53:38 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-26 04:53:38 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-04-26 04:53:38 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-26 04:53:20 0 d-------- C:\Documents and Settings
2008-04-26 04:48:31 0 d-------- C:\WINDOWS
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\WinSxS
2008-04-26 04:48:31 0 dr------- C:\WINDOWS\Web
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\twain_32
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\wins
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\wbem
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\usmt
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\spool
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\Setup
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\ras
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\oobe
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\npp
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\mui
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\IME
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\icsxml
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\ias
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\export
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\drivers
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-26 04:48:31 0 dr-hs---- C:\WINDOWS\system32\dllcache
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\dhcp
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\config
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\3076
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\2052
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\1054
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\1042
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\1041
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\1037
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\1033
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\1031
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\1028
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system32\1025
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\system
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\security
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\Resources
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\repair
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\Provisioning
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\PeerNet
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\pchealth
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\mui
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\msapps
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\msagent
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\Media
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\java
2008-04-26 04:48:31 0 d--h----- C:\WINDOWS\inf
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\ime
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\Help
2008-04-26 04:48:31 0 dr--s---- C:\WINDOWS\Fonts
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\ehome
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\Driver Cache
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\Debug
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\Cursors
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\Connection Wizard
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\Config
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\AppPatch
2008-04-26 04:48:31 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-04-26 04:55:30 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [09/30/2004 04:41 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [09/30/2004 04:37 PM]
"vptray"="C:\Program Files\NavNT\vptray.exe" [09/24/2001 07:59 AM]
"SoundMan"="SOUNDMAN.EXE" [04/16/2007 03:28 PM C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [12/06/2005 01:08 PM]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [01/06/2006 05:39 PM]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [01/06/2006 01:57 PM]
"RRT-Auto"="F:\Saad\RRT\RRT.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [06/01/2006 01:32 PM]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [03/28/2008 11:20 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFind"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{670b3461-170f-11dd-8f54-000f3dcf0e8a}]
AutoRun\command- K:\tel.exe
explore\Command- K:\tel.exe
Open\Command- K:\tel.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c7e5120-16f3-11dd-8f52-000f3dcf0e8a}]
AutoRun\command- H:\tel.exe
explore\Command- H:\tel.exe
Open\Command- H:\tel.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{886f5794-16f4-11dd-8f53-000f3dcf0e8a}]
AutoRun\command- H:\tel.exe
explore\Command- H:\tel.exe
Open\Command- H:\tel.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c64853c0-149e-11dd-8f39-000f3dcf0e8a}]
AutoRun\command- H:\tel.exe
explore\Command- H:\tel.exe
Open\Command- H:\tel.exe

*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2008-05-02 04:12:23 ------------
Attached Files
File Type: txt extra.txt (13.9 KB, 0 views)
sickofviruses is offline