Tech Support Forum - View Single Post - perfs.exe, routing.exe

gotosleep · 01-10-2008, 09:13 PM

Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-10 21:10:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:52, on 10.1.2008 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Last.fm\LastFmHelper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.204.143.153:6588
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1187647958218
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1187647921421
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17B9F30C-35BA-4A5C-9214-6EA033243EDA}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PDK Debug Listener (pdkdebug) - ActiveState - C:\Program Files\ActiveState Perl Dev Kit 6.0\bin\pdkdebug.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)
O23 - Service: PRTG Service - Paessler Router Traffic Grapher (PRTGService) - Unknown owner - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe (file missing)
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

--
End of file - 8449 bytes

-- Files created between 2007-12-10 and 2008-01-10 -----------------------------

2008-01-10 21:05:46 0 d-------- C:\Program Files\Trend Micro
2008-01-10 15:50:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-09 18:08:45 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-01-09 18:02:08 6144 --a------ C:\WINDOWS\system32\atiicdxx.sys <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators>
2008-01-09 18:02:06 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2008-01-09 18:02:05 24064 --a------ C:\WINDOWS\system32\ativcoxx.dll <Not Verified; ATI Technologies, Inc.; >
2008-01-09 18:02:05 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2008-01-09 18:02:05 2060288 --a------ C:\WINDOWS\system32\atipuixx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-09 18:02:05 114688 --a------ C:\WINDOWS\system32\atippaxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-09 18:02:05 274432 --a------ C:\WINDOWS\system32\atipdsxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-09 18:02:05 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-09 18:02:05 180224 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-01-09 18:02:04 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-09 18:02:03 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-01-09 18:02:03 344064 --a------ C:\WINDOWS\system32\atiptaxx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-09 18:02:03 139264 --a------ C:\WINDOWS\system32\atiprbxx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-09 18:02:03 61440 --a------ C:\WINDOWS\system32\atiphexx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-09 18:02:03 9535488 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-09 18:02:03 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-01-09 18:02:03 36864 --a------ C:\WINDOWS\system32\atiiprxx.exe
2008-01-09 18:02:03 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-01-09 18:02:03 380928 --a------ C:\WINDOWS\system32\atiicdxx.dll <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators>
2008-01-09 18:02:03 368640 --a------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-01-09 18:02:03 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-01-09 18:02:03 348160 --a------ C:\WINDOWS\system32\aticds10.dll <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators>
2008-01-09 18:02:03 1830912 --a------ C:\WINDOWS\system32\atiadaxx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-09 18:02:03 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2008-01-09 18:02:03 495616 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-09 18:02:03 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-09 18:02:03 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-01-09 18:02:01 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-01-09 18:02:01 887724 --a------ C:\WINDOWS\system32\ativva6x.dat
2008-01-09 18:02:01 3107788 --a------ C:\WINDOWS\system32\ativva5x.dat
2008-01-09 18:02:01 158080 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-01-09 17:54:48 0 d-------- C:\Program Files\Driver Cleaner Pro
2008-01-08 18:28:33 0 d-------- C:\Program Files\Microsoft SQL Server
2008-01-08 18:28:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-01-06 01:15:32 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-01-06 01:08:05 0 d-------- C:\Documents and Settings\Owner\Application Data\URSoft
2008-01-06 00:12:19 0 d-------- C:\Program Files\Sophos
2008-01-05 18:18:47 0 d-------- C:\Program Files\SpywareBlaster
2008-01-05 14:43:26 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-05 14:23:48 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-28 18:50:55 0 d-------- C:\Program Files\Ventrilo
2007-12-25 20:17:09 0 d-------- C:\Program Files\iPod
2007-12-25 20:17:03 0 d-------- C:\Program Files\iTunes
2007-12-25 20:15:43 0 d-------- C:\Program Files\Apple Software Update
2007-12-25 20:15:10 0 d-------- C:\Program Files\Common Files\Apple
2007-12-25 20:15:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-25 10:13:48 0 d-------- C:\Program Files\Alcohol Soft
2007-12-25 10:11:10 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-25 00:36:36 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2007-12-21 16:17:57 0 d-------- C:\World of Warcraft
2007-12-21 00:30:53 9619393 --a------ C:\WINDOWS\system32\FHCSECMJTNHSFD
2007-12-21 00:24:00 4 --a------ C:\WINDOWS\system32\0BEBB8
2007-12-21 00:18:47 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-21 00:17:03 8413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
2007-12-20 23:56:38 0 d-------- C:\Program Files\Best Buy Rhapsody
2007-12-20 23:42:18 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-12-20 19:10:29 0 d-------- C:\Program Files\Western Digital
2007-12-20 19:10:13 0 d-------- C:\Program Files\Western Digital Technologies

-- Find3M Report ---------------------------------------------------------------

2008-01-10 19:14:55 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-01-09 18:07:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-09 18

31 0 d-------- C:\Program Files\MultiRes
2008-01-09 18:01:52 0 d-------- C:\Program Files\Radeon Omega Drivers
2008-01-09 18:00:49 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-09 17:56:01 0 d-------- C:\Documents and Settings\Owner\Application Data\ATI
2008-01-08 23:27:14 0 d-------- C:\Documents and Settings\Owner\Application Data\FileZilla
2008-01-08 19:10:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Sony
2008-01-08 18:27:26 0 d-------- C:\Program Files\VstPlugins
2008-01-08 18:26:57 0 d-------- C:\Program Files\Sony
2008-01-07 19:57:14 0 d-------- C:\Program Files\Cheat Engine
2008-01-07 19:57:14 0 d-------- C:\Program Files\BandwidthMeterPro
2008-01-07 16:02:33 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-01-07 16:02:17 0 d-------- C:\Program Files\mIRC
2008-01-06 02:30:48 0 d-------- C:\Program Files\SmartFTP Client
2008-01-06 01:05:32 0 d-------- C:\Program Files\Eraser
2008-01-05 16:20:04 0 d-------- C:\Program Files\Winamp
2008-01-05 16:01:19 0 d-------- C:\Program Files\PowerISO
2008-01-05 15:39:15 0 d-------- C:\Program Files\Last.fm
2008-01-05 15:15:58 0 d-------- C:\Program Files\FileZilla Client
2008-01-05 15:10:11 0 d-------- C:\Program Files\AIM
2008-01-05 02:08:24 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-01-05 02

46 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-03 15:30:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Xfire
2007-12-31 01:59:14 0 d-------- C:\Documents and Settings\Owner\Application Data\Hamachi
2007-12-30 16:33:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Aim
2007-12-28 18:45:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-27 22:13:54 0 d-------- C:\Program Files\DC++
2007-12-26 00:56:43 0 d-------- C:\Program Files\ICQ
2007-12-25 22:46:14 0 d-------- C:\Program Files\SHOUTcast
2007-12-25 20:16:37 0 d-------- C:\Program Files\QuickTime Alternative
2007-12-25 20:15:10 0 d-------- C:\Program Files\Common Files
2007-12-24 00:00:36 253440 --a------ C:\WINDOWS\system32\ndt2.sys
2007-12-21 16:17:57 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-12-21 01:13:46 0 d-------- C:\Program Files\Real
2007-12-21 01:12:34 0 d-------- C:\Program Files\Heroes
2007-12-21 01:12:27 0 d-------- C:\Program Files\Doomsday
2007-12-21 00:17:30 0 d-------- C:\Program Files\Common Files\Real
2007-12-21 00:17:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2007-12-20 23:42:16 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-19 19:03:58 0 d---s---- C:\Program Files\Xfire
2007-12-06 20:28:24 0 d-------- C:\Documents and Settings\Owner\Application Data\foobar2000
2007-12-04 19:04:08 269312 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2007-12-04 18:33:47 1640192 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2007-12-04 18:11:18 499712 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-12-02 11:21:29 0 d-------- C:\Program Files\Exact Audio Copy
2007-12-02 11:21:25 0 d-------- C:\Documents and Settings\Owner\Application Data\AccurateRip
2007-11-25 17:05:22 0 d-------- C:\Program Files\GuerillaSoft
2007-11-25 01:18:03 1 --a------ C:\WINDOWS\system32\SI.bin
2007-11-22 13:24:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Mount&Blade
2007-11-16 21:13:50 0 d-------- C:\Program Files\middle_man

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="C:\HP\KBD\KBD.EXE" [11.02.2003 Ј. 18:02]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [13.09.2002 Ј. 20:42]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [11.05.2000 Ј. 01:00]
"PS2"="C:\WINDOWS\system32\ps2.exe" [16.10.2002 Ј. 14:57]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [11.12.2007 Ј. 10:56]
"AtiPTA"="atiptaxx.exe" [21.02.2006 Ј. 17:05 C:\WINDOWS\system32\atiptaxx.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03.08.2004 Ј. 23:56]
"AIM"="C:\Program Files\AIM\aim.exe" [18.06.2003 Ј. 12:54]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [10.8.2007 Ј. 00:37:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk
backup=C:\WINDOWS\pss\ WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlackICE PC Protection.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlackICE PC Protection.lnk
backup=C:\WINDOWS\pss\BlackICE PC Protection.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^FlexType 2K.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk
backup=C:\WINDOWS\pss\FlexType 2K.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune 3.6.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MagicTune 3.6.lnk
backup=C:\WINDOWS\pss\MagicTune 3.6.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ATI Tray Tools.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ATI Tray Tools.lnk
backup=C:\WINDOWS\pss\ATI Tray Tools.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^check-ip-changed.bat]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\check-ip-changed.bat
backup=C:\WINDOWS\pss\check-ip-changed.batStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BandwidthMeterPro]
C:\Program Files\BandwidthMeterPro\BWMeterPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BOC-425]
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
C:\Program Files\Eraser\eraser.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
C:\PROGRA~1\ICQ\ICQNet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"d:\wares-mp3s-games-etc\games\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
"C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"BlackICE"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Eraser"=C:\Program Files\Eraser\eraser.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"razer"=C:\Program Files\Razer\Copperhead\razerhid.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0804dd6-b5fc-11d9-a9fe-806d6172696f}]
AutoRun\command- G:\autoplay.exe

-- End of Deckard's System Scanner: finished at 2008-01-10 21:11:15 ------------

I closed extra.txt once and on the next scan it didnt pop up. Oops :(

01-10-2008, 09:13 PM	#3 (permalink)
gotosleep Registered User Join Date: Jan 2008 Posts: 6 OS: Windows XP Home SP2	Re: perfs.exe, routing.exe - how do I get rid of them? Deckard's System Scanner v20071014.68 Run by Owner on 2008-01-10 21:10:47 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:10:52, on 10.1.2008 г. Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AIM\aim.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Last.fm\LastFmHelper.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Owner\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.204.143.153:6588 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1187647958218 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1187647921421 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{17B9F30C-35BA-4A5C-9214-6EA033243EDA}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PDK Debug Listener (pdkdebug) - ActiveState - C:\Program Files\ActiveState Perl Dev Kit 6.0\bin\pdkdebug.exe O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing) O23 - Service: PRTG Service - Paessler Router Traffic Grapher (PRTGService) - Unknown owner - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe (file missing) O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing) O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe -- End of file - 8449 bytes -- Files created between 2007-12-10 and 2008-01-10 ----------------------------- 2008-01-10 21:05:46 0 d-------- C:\Program Files\Trend Micro 2008-01-10 15:50:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-01-09 18:08:45 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart> 2008-01-09 18:02:08 6144 --a------ C:\WINDOWS\system32\atiicdxx.sys <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators> 2008-01-09 18:02:06 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component> 2008-01-09 18:02:05 24064 --a------ C:\WINDOWS\system32\ativcoxx.dll <Not Verified; ATI Technologies, Inc.; > 2008-01-09 18:02:05 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface> 2008-01-09 18:02:05 2060288 --a------ C:\WINDOWS\system32\atipuixx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:05 114688 --a------ C:\WINDOWS\system32\atippaxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:05 274432 --a------ C:\WINDOWS\system32\atipdsxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:05 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:05 180224 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component> 2008-01-09 18:02:04 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver> 2008-01-09 18:02:03 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord> 2008-01-09 18:02:03 344064 --a------ C:\WINDOWS\system32\atiptaxx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:03 139264 --a------ C:\WINDOWS\system32\atiprbxx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:03 61440 --a------ C:\WINDOWS\system32\atiphexx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:03 9535488 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver> 2008-01-09 18:02:03 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager> 2008-01-09 18:02:03 36864 --a------ C:\WINDOWS\system32\atiiprxx.exe 2008-01-09 18:02:03 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities> 2008-01-09 18:02:03 380928 --a------ C:\WINDOWS\system32\atiicdxx.dll <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators> 2008-01-09 18:02:03 368640 --a------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre> 2008-01-09 18:02:03 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family> 2008-01-09 18:02:03 348160 --a------ C:\WINDOWS\system32\aticds10.dll <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators> 2008-01-09 18:02:03 1830912 --a------ C:\WINDOWS\system32\atiadaxx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:03 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update> 2008-01-09 18:02:03 495616 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows> 2008-01-09 18:02:03 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows> 2008-01-09 18:02:03 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility> 2008-01-09 18:02:01 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat 2008-01-09 18:02:01 887724 --a------ C:\WINDOWS\system32\ativva6x.dat 2008-01-09 18:02:01 3107788 --a------ C:\WINDOWS\system32\ativva5x.dat 2008-01-09 18:02:01 158080 --a------ C:\WINDOWS\system32\atiicdxx.dat 2008-01-09 17:54:48 0 d-------- C:\Program Files\Driver Cleaner Pro 2008-01-08 18:28:33 0 d-------- C:\Program Files\Microsoft SQL Server 2008-01-08 18:28:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony 2008-01-06 01:15:32 0 dr-h----- C:\Documents and Settings\Owner\Recent 2008-01-06 01:08:05 0 d-------- C:\Documents and Settings\Owner\Application Data\URSoft 2008-01-06 00:12:19 0 d-------- C:\Program Files\Sophos 2008-01-05 18:18:47 0 d-------- C:\Program Files\SpywareBlaster 2008-01-05 14:43:26 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus> 2008-01-05 14:23:48 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-12-28 18:50:55 0 d-------- C:\Program Files\Ventrilo 2007-12-25 20:17:09 0 d-------- C:\Program Files\iPod 2007-12-25 20:17:03 0 d-------- C:\Program Files\iTunes 2007-12-25 20:15:43 0 d-------- C:\Program Files\Apple Software Update 2007-12-25 20:15:10 0 d-------- C:\Program Files\Common Files\Apple 2007-12-25 20:15:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-12-25 10:13:48 0 d-------- C:\Program Files\Alcohol Soft 2007-12-25 10:11:10 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-25 00:36:36 0 d-------- C:\Documents and Settings\Owner\.housecall6.6 2007-12-21 16:17:57 0 d-------- C:\World of Warcraft 2007-12-21 00:30:53 9619393 --a------ C:\WINDOWS\system32\FHCSECMJTNHSFD 2007-12-21 00:24:00 4 --a------ C:\WINDOWS\system32\0BEBB8 2007-12-21 00:18:47 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-12-21 00:17:03 8413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)> 2007-12-20 23:56:38 0 d-------- C:\Program Files\Best Buy Rhapsody 2007-12-20 23:42:18 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2007-12-20 19:10:29 0 d-------- C:\Program Files\Western Digital 2007-12-20 19:10:13 0 d-------- C:\Program Files\Western Digital Technologies -- Find3M Report --------------------------------------------------------------- 2008-01-10 19:14:55 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent 2008-01-09 18:07:00 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-01-09 1831 0 d-------- C:\Program Files\MultiRes 2008-01-09 18:01:52 0 d-------- C:\Program Files\Radeon Omega Drivers 2008-01-09 18:00:49 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-01-09 17:56:01 0 d-------- C:\Documents and Settings\Owner\Application Data\ATI 2008-01-08 23:27:14 0 d-------- C:\Documents and Settings\Owner\Application Data\FileZilla 2008-01-08 19:10:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Sony 2008-01-08 18:27:26 0 d-------- C:\Program Files\VstPlugins 2008-01-08 18:26:57 0 d-------- C:\Program Files\Sony 2008-01-07 19:57:14 0 d-------- C:\Program Files\Cheat Engine 2008-01-07 19:57:14 0 d-------- C:\Program Files\BandwidthMeterPro 2008-01-07 16:02:33 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype 2008-01-07 16:02:17 0 d-------- C:\Program Files\mIRC 2008-01-06 02:30:48 0 d-------- C:\Program Files\SmartFTP Client 2008-01-06 01:05:32 0 d-------- C:\Program Files\Eraser 2008-01-05 16:20:04 0 d-------- C:\Program Files\Winamp 2008-01-05 16:01:19 0 d-------- C:\Program Files\PowerISO 2008-01-05 15:39:15 0 d-------- C:\Program Files\Last.fm 2008-01-05 15:15:58 0 d-------- C:\Program Files\FileZilla Client 2008-01-05 15:10:11 0 d-------- C:\Program Files\AIM 2008-01-05 02:08:24 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe 2008-01-05 0246 0 d-------- C:\Program Files\Common Files\Adobe 2008-01-03 15:30:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Xfire 2007-12-31 01:59:14 0 d-------- C:\Documents and Settings\Owner\Application Data\Hamachi 2007-12-30 16:33:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Aim 2007-12-28 18:45:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-27 22:13:54 0 d-------- C:\Program Files\DC++ 2007-12-26 00:56:43 0 d-------- C:\Program Files\ICQ 2007-12-25 22:46:14 0 d-------- C:\Program Files\SHOUTcast 2007-12-25 20:16:37 0 d-------- C:\Program Files\QuickTime Alternative 2007-12-25 20:15:10 0 d-------- C:\Program Files\Common Files 2007-12-24 00:00:36 253440 --a------ C:\WINDOWS\system32\ndt2.sys 2007-12-21 16:17:57 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment 2007-12-21 01:13:46 0 d-------- C:\Program Files\Real 2007-12-21 01:12:34 0 d-------- C:\Program Files\Heroes 2007-12-21 01:12:27 0 d-------- C:\Program Files\Doomsday 2007-12-21 00:17:30 0 d-------- C:\Program Files\Common Files\Real 2007-12-21 00:17:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Real 2007-12-20 23:42:16 0 d-------- C:\Program Files\Common Files\InstallShield 2007-12-19 19:03:58 0 d---s---- C:\Program Files\Xfire 2007-12-06 20:28:24 0 d-------- C:\Documents and Settings\Owner\Application Data\foobar2000 2007-12-04 19:04:08 269312 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver> 2007-12-04 18:33:47 1640192 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver> 2007-12-04 18:11:18 499712 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family> 2007-12-02 11:21:29 0 d-------- C:\Program Files\Exact Audio Copy 2007-12-02 11:21:25 0 d-------- C:\Documents and Settings\Owner\Application Data\AccurateRip 2007-11-25 17:05:22 0 d-------- C:\Program Files\GuerillaSoft 2007-11-25 01:18:03 1 --a------ C:\WINDOWS\system32\SI.bin 2007-11-22 13:24:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Mount&Blade 2007-11-16 21:13:50 0 d-------- C:\Program Files\middle_man -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KBD"="C:\HP\KBD\KBD.EXE" [11.02.2003 Ј. 18:02] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [13.09.2002 Ј. 20:42] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [11.05.2000 Ј. 01:00] "PS2"="C:\WINDOWS\system32\ps2.exe" [16.10.2002 Ј. 14:57] "QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [11.12.2007 Ј. 10:56] "AtiPTA"="atiptaxx.exe" [21.02.2006 Ј. 17:05 C:\WINDOWS\system32\atiptaxx.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03.08.2004 Ј. 23:56] "AIM"="C:\Program Files\AIM\aim.exe" [18.06.2003 Ј. 12:54] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [10.8.2007 Ј. 00:37:28] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoLowDiskSpaceChecks"=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk backup=C:\WINDOWS\pss\ WinCinema Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlackICE PC Protection.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlackICE PC Protection.lnk backup=C:\WINDOWS\pss\BlackICE PC Protection.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^FlexType 2K.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk backup=C:\WINDOWS\pss\FlexType 2K.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune 3.6.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MagicTune 3.6.lnk backup=C:\WINDOWS\pss\MagicTune 3.6.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ATI Tray Tools.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ATI Tray Tools.lnk backup=C:\WINDOWS\pss\ATI Tray Tools.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^check-ip-changed.bat] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\check-ip-changed.bat backup=C:\WINDOWS\pss\check-ip-changed.batStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BandwidthMeterPro] C:\Program Files\BandwidthMeterPro\BWMeterPro.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp] CTXFIHLP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] C:\Program Files\Eraser\eraser.exe -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] c:\windows\system\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "d:\wares-mp3s-games-etc\games\steam\steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RichVideo"=2 (0x2) "BlackICE"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Eraser"=C:\Program Files\Eraser\eraser.exe -hide [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "razer"=C:\Program Files\Razer\Copperhead\razerhid.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0804dd6-b5fc-11d9-a9fe-806d6172696f}] AutoRun\command- G:\autoplay.exe -- End of Deckard's System Scanner: finished at 2008-01-10 21:11:15 ------------ I closed extra.txt once and on the next scan it didnt pop up. Oops :(