Technology Forum

Hellomy free Edition AVG shows a trojan alert. and when i open IExplorer, it opens up fans with this address http://83.149.75.33/info.png?cmp=ghr...http&z=uswhich it can't display, fortunately.A microsoft visual c++ runtime library allert says that a buffer overrun was detected on c:\Wndows\Explorer.exeDeckard's System Scanner v20071014.68Run by Sergio on 2008-05-10 14:01:57Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 5 Restore Point(s) --21: 2008-05-10 01:01:53 UTC - RP327 - Windows Update20: 2008-05-09 21:07:28 UTC - RP326 - ComboFix created restore point19: 2008-05-09 18:08:55 UTC - RP325 - Windows Update18: 2008-05-09 14:46:12 UTC - RP324 - Removed Nero 8 Demo. Available with Windows Installer version 1.2 and later.17: 2008-05-09 14:44:41 UTC - RP323 - Removed Bonjour-- First Restore Point -- 1: 2008-05-01 03:36:48 UTC - RP306 - Windows UpdateBacked up registry hives.Performed disk cleanup.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-05-10 14:03:57Platform: windows vista (6.00.6000)MSIE: Internet Explorer (7.00.6000.16386)Boot mode: NormalRunning processes:C:\Windows\System32\dwm.exeC:\Windows\Sy stem32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\OEM04 Mon.exeC:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exeC:\Program Files\Java\jre1.6.0\bin\jusched.exeC:\Windows\Syst em32\rundll32.exeC:\Windows\System32\rundll32.exeC :\Windows\WindowsMobile\wmdc.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Windows\System32\rundll32.e xeC:\Windows\System32\rundll32.exeC:\Program Files\DELL\QuickSet\quickset.exeC:\Windows\System3 2\mobsync.exeC:\Windows\System32\wbem\unsecapp.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exeC:\Windows\System32\wercon.ex eC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\System32\wuauclt.e xeC:\Windows\System32\SearchFilterHost.exeC:\Windo ws\System32\Macromed\Flash\FlashUtil9f.exeC:\Progr am Files\Internet Explorer\iexplore.exeC:\Program Files\Grisoft\AVG7\avgcc.exeC:\Windows\explorer.ex eC:\Users\Sergio\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\2E7M3ZZJ\dss[1].exeC:\Windows\System32\conime.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about_:blankR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dllO2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\DELL\BAE\BAE.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exeO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exeO4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStartO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,StartO4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exeO4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exeO4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logonO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Sergio\AppData\Local\Temp\qoMFxyay.dll,cO 4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: QuickSet.lnk = ?O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dllO9 - Extra button: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...unicode.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives...2stubie.cabO16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://08prova08.spaces.live.com/Pho...ldit-it.cabO16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get...trashim.cabO17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{7782D10D-FC0D-43AB-BDF8-2D5611A7F3B7}: NameServer = 193.70.192.25,193.70.152.25O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dllO18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLLO18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLLO18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dllO18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLLO20 - Winlogon Notify: avgwlntf - C:\Windows\system32\avgwlntf.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgrssvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\NeroO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeO23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\System32\PSIService.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exeO23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exeO23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\System32\stacsv.exeO23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe--End of file - 11745 bytes-- File Associations -----------------------------------------------------------.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" S3 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exeS3 SolidWorks Licensing Service - "c:\program files\common files\solidworks shared\service\solidworkslicensing.exe" S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" (file missing)-- Device Manager: Disabled ----------------------------------------------------No disabled devices found.-- Files created between 2008-04-10 and 2008-05-10 -----------------------------2008-05-10 09:48:30 0 d-------- C:\Program Files\Panda Security2008-05-10 00:39:12 0 d-------- C:\Windows\system32\Kaspersky Lab2008-05-09 23:06:56 68096 --a------ C:\Windows\zip.exe2008-05-09 23:06:56 49152 --a------ C:\Windows\VFind.exe2008-05-09 23:06:56 212480 --a------ C:\Windows\swxcacls.exe 2008-05-09 23:06:56 136704 --a------ C:\Windows\swsc.exe 2008-05-09 23:06:56 161792 --a------ C:\Windows\swreg.exe 2008-05-09 23:06:56 98816 --a------ C:\Windows\sed.exe2008-05-09 23:06:56 80412 --a------ C:\Windows\grep.exe2008-05-09 23:06:56 73728 --a------ C:\Windows\fdsv.exe 2008-05-09 20:27:43 0 d--hs---- C:\$RECYCLE.BIN2008-05-08 10:53:32 0 d-------- C:\Windows\OvtCam2008-05-08 10:45:40 0 d-------- C:\Program Files\Trust SpaceC@M2008-05-08 10:27:12 0 d-------- C:\Download2008-05-02 15:33:00 0 d-------- C:\Program Files\iPod2008-05-02 15:32:49 0 d-------- C:\Program Files\iTunes2008-05-02 15:31:29 0 d-------- C:\Program Files\QuickTime2008-05-02 15:30:40 0 d-------- C:\Program Files\Apple Software Update2008-05-02 15:29:26 0 d-------- C:\Program Files\Common Files\Apple-- Find3M Report ---------------------------------------------------------------2008-05-10 13:22:15 195622 --a------ C:\Users\Sergio\AppData\Roaming\nvModes.0012008-05-10 08:00:03 0 d-------- C:\Users\Sergio\AppData\Roaming\AVG72008-05-10 00:21:50 676138 --a------ C:\Windows\system32\perfh010.dat2008-05-10 00:21:50 112600 --a------ C:\Windows\system32\perfc010.dat2008-05-09 20:59:37 0 d-------- C:\Users\Sergio\AppData\Roaming\Application Data 2008-05-09 15:58:13 0 d-------- C:\Users\Sergio\AppData\Roaming\Mozilla2008-05-09 15:18:33 66 --a------ C:\Users\Sergio\AppData\Roaming\AVSDVDPlayer.m3u20 08-05-08 17:23:56 195622 --a------ C:\Users\Sergio\AppData\Roaming\nvModes.dat2008-05-02 15:33:23 0 d-------- C:\Users\Sergio\AppData\Roaming\Apple Computer2008-05-02 15:29:26 0 d-------- C:\Program Files\Common Files2008-04-28 12:47:11 12 --a------ C:\Windows\bthservsdp.dat2008-04-24 16:49:13 0 d-------- C:\Program Files\Common Files\AVSMedia2008-04-24 16:49:08 0 d-------- C:\Program Files\AVS4YOU2008-04-18 20:50:21 0 d--h----- C:\Program Files\InstallShield Installation Information2008-04-18 17:33:44 0 d-------- C:\Program Files\TomTom HOME 22008-04-18 17:33:05 0 d-------- C:\Users\Sergio\AppData\Roaming\InstallShield2008-04-18 17:23:23 0 d-------- C:\Program Files\Crawler2008-04-16 10:46:54 0 d-------- C:\Program Files\DaneaEasyfatt20062008-04-11 15:07:05 0 d-------- C:\Program Files\Windows Mail2008-04-04 17:10:21 0 d-------- C:\Users\Sergio\AppData\Roaming\Danea2008-03-22 00:31:11 0 d-------- C:\Users\Sergio\AppData\Roaming\Adobe2008-03-21 23:58:05 0 d-------- C:\Program Files\CinemaForge2008-03-21 23:19:08 0 d-------- C:\Users\Sergio\AppData\Roaming\AVSMedia2008-03-21 18:12:39 0 d-------- C:\Program Files\PeerGuardian22008-03-21 18:04:01 0 d-------- C:\Users\Sergio\AppData\Roaming\eMule2008-03-21 06:23:12 0 d-------- C:\Users\Sergio\AppData\Roaming\AVS4YOU2008-03-18 17:33:36 0 d-------- C:\Program Files\Microsoft ActiveSync2008-03-14 15:04:08 0 d-------- C:\Users\Sergio\AppData\Roaming\OpenOffice.org2200 8-03-14 14:41:38 0 d-------- C:\Program Files\Microsoft Silverlight2008-03-14 12:35:35 0 d-------- C:\Program Files\Canon2008-03-14 12:30:35 0 d--h----- C:\Program Files\CanonBJ-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21/09/2007 02.02]"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [25/05/2007 08.03]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/05/2007 09.00]"OEM04Mon.exe"="C:\Windows\OEM04Mon.exe" [11/06/2007 11.01]"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [29/06/2007 08.15]"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [20/09/2007 18.20]"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 12.37]"dscactivate"="c:\dell\dsca.exe" [30/07/2007 21.40]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/05/2007 04.12]"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [16/04/2008 09.21]"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [03/10/2006 12.35]"NvSvc"="C:\Windows\system32\nvsvc.dll" [04/10/2007 22.24]"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [04/10/2007 22.24]"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [04/10/2007 22.24]"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [04/10/2007 22.24]"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20/09/2007 10.51]"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 16.57]"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [15/05/2007 03.01]"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/03/2008 15.05]"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23.37]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10.36][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 13.09]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [20/09/2007 16.35]"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11.43]"cmds"="C:\Users\Sergio\AppData\Local\Temp\qoMFxya y.dll,c" []C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [20/09/2007 18.27.00]QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D 39BF83DC4.exe [20/09/2007 18.24.52][HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]"ConsentPromptBehaviorAdmin"=2 (0x2)"DisableRegistryTools"=0 (0x0)"HideLegacyLogonScripts"=0 (0x0)"HideLogoffScripts"=0 (0x0)"RunLogonScriptSync"=1 (0x1)"RunStartupScriptSync"=1 (0x1)"HideStartupScripts"=0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]"HideLegacyLogonScripts"=0 (0x0)"HideLogoffScripts"=0 (0x0)"RunLogonScriptSync"=1 (0x1)"RunStartupScriptSync"=1 (0x1)"HideStartupScripts"=0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 30/09/2007 09.39 9216 C:\Windows\System32\avgwlntf.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AppInfo]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\KeyIso]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\NTDS]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ProfSvc]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sacsvr]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SWPRV]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TabletInputService]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TBS]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TrustedInstaller]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\VDS]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgr.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgrx.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]@="Volume shadow copy"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]@="IEEE 1394 Bus host controllers"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]@="SBP2 IEEE 1394 Devices"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]@="SecurityDevices"[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClientLocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmtLocalServiceNoNetwork PLA DPS BFE mpssvcLocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoRegbthsvcs BthServWindowsMobile wcescomm rapimgrLocalServiceRestricted WcesComm RapiMgr[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{54970893-92dd-11dc-baf0-0015c57d461c}][HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f35bdf2e-7313-11dc-8f22-0015c57d461c}][HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f886d9bc-6e80-11dc-b7d7-0015c57d461c}]AutoRun\command- ntde1ect.comexplore\Command- ntde1ect.comopen\Command- ntde1ect.com[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]C:\Windows\system32\unregmp2.exe /ShowWMP[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI-- Hosts -----------------------------------------------------------------------127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com8373 more entries in hosts file.-- End of Deckard's System Scanner: finished at 2008-05-10 14:06:10 ------------