Sorry about that, I didn't know the program kept logs. Here is the original:
--------------------
Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-10 21
51
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
45: 2008-01-11 05
56 UTC - RP916 - Deckard's System Scanner Restore Point
44: 2008-01-11 03:00:30 UTC - RP915 - Ad-Aware Restore Point 2008-01-10 19:00:24
43: 2008-01-10 23:50:27 UTC - RP914 - Installed AVG 7.5
42: 2008-01-10 23:48:45 UTC - RP913 - Removed AVG 7.5
41: 2008-01-10 01:56:55 UTC - RP912 - Removed ATI Catalyst Control Center
-- First Restore Point --
1: 2007-12-21 06:11:41 UTC - RP872 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:29, on 10.1.2008 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Last.fm\LastFmHelper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
C:\WINDOWS\system32\dumprep.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.204.143.153:6588
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.safety.live.com/reso...scbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/micr...?1187647958218
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/micr...?1187647921421
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) -
http://messenger.zone.msn.com/binary...t.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17B9F30C-35BA-4A5C-9214-6EA033243EDA}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PDK Debug Listener (pdkdebug) - ActiveState - C:\Program Files\ActiveState Perl Dev Kit 6.0\bin\pdkdebug.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)
O23 - Service: PRTG Service - Paessler Router Traffic Grapher (PRTGService) - Unknown owner - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe (file missing)
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
--
End of file - 8584 bytes
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - "regedit.exe" "%1"
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 fasttx2k - c:\windows\system32\drivers\fasttx2k.sys <Not Verified; Promise Technology, Inc.; Promise FastTrak Series Driver>
R0 PQV2i - c:\windows\system32\drivers\pqv2i.sys <Not Verified; StorageCraft; V2i Protector>
R1 atitray - c:\program files\ngoatiod172\att\atitray.sys
R1 MagicTune - c:\windows\system32\drivers\mtictwl.sys
R1 PQIMount - c:\windows\system32\drivers\pqimount.sys <Not Verified; PowerQuest Corporation; V2i Protector>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 truecrypt - c:\windows\system32\drivers\truecrypt.sys <Not Verified; TrueCrypt Foundation; TrueCrypt>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R4 Avg7RsW (AVG7 Wrap Driver) - c:\windows\system32\drivers\avg7rsw.sys (file missing)
S2 zntport (NTPort Library Driver) - c:\windows\system32\zntport.sys (file missing)
S3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - c:\windows\system32\drivers\alcxwdm.sys (file missing)
S3 HWACCESS - c:\windows\system32\hwaccess.sys
S3 MEMSWEEP2 - c:\windows\system32\45f5.tmp (file missing)
S3 ProtoWall (ProtoWall Network Service) - c:\windows\system32\drivers\protowall.sys (file missing)
S3 RapDrv - c:\windows\system32\drivers\rapdrv.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
S3 RapFile - c:\windows\system32\drivers\rapfile.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
S3 RapNet - c:\windows\system32\drivers\rapnet.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
S3 Razerlow (Razer Copperhead Driver) - c:\windows\system32\drivers\razerlow.sys <Not Verified; Razer (Asia-Pacific) Pte Ltd; Diamondback USB Optical Mouse>
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
S3 UfasoftSnifDriver4 (Ufasoft Snif Driver v4) - c:\program files\ufasoft\sniffer\usft_sn4.sys (file missing)
S3 UKS11LDR (M-Audio USB Keystation Loader) - c:\windows\system32\drivers\uks11ldr.sys <Not Verified; MIDIMAN; Midiman USB Keystation Loader>
S3 USBKT1X1 (M-Audio USB Keystation) - c:\windows\system32\drivers\usbkt1x1.sys <Not Verified; Doug Fetter Software Wizardry; Midiman USB Keystation Midi Interface>
S3 XDva013 - c:\windows\system32\xdva013.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S2 BOCore - c:\program files\comodo\cboclean\bocore.exe <Not Verified; COMODO; COMODO BOClean - Anti-Malware>
S2 GEARSecurity - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
S2 pdkdebug (PDK Debug Listener) - "c:\program files\activestate perl dev kit 6.0\bin\pdkdebug.exe" <Not Verified; ActiveState; Perl Dev Kit>
S2 perfmons (perfmons Service) - c:\windows\system32\perfs.exe (file missing)
S2 PRTGService (PRTG Service - Paessler Router Traffic Grapher) - c:\program files\prtg traffic grapher\prtg traffic grapher.exe (file missing)
S2 Routing (Routing Service) - c:\windows\system32\routing.exe (file missing)
S3 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "c:\program files\tuneup utilities 2004\winstylerthemesvc.exe" <Not Verified; TuneUp Software GmbH; TuneUp Utilities>
S4 BlackICE - "c:\program files\iss\blackice\blackd.exe" <Not Verified; Internet Security Systems, Inc.; Network ICE Corporation blackd>
S4 RapApp - "c:\program files\iss\blackice\rapapp.exe" <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\E0180027FDC3
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\E0180027FDC3
Service: NIC1394
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi
-- Scheduled Tasks -------------------------------------------------------------
2008-01-05 19:05:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-01-04 17:16:42 394 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
-- Files created between 2007-12-10 and 2008-01-10 -----------------------------
2008-01-10 21:05:46 0 d-------- C:\Program Files\Trend Micro
2008-01-10 15:50:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-09 18:08:45 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-01-09 18:02:08 6144 --a------ C:\WINDOWS\system32\atiicdxx.sys <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators>
2008-01-09 18:02:06 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2008-01-09 18:02:05 24064 --a------ C:\WINDOWS\system32\ativcoxx.dll <Not Verified; ATI Technologies, Inc.; >
2008-01-09 18:02:05 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2008-01-09 18:02:05 2060288 --a------ C:\WINDOWS\system32\atipuixx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-09 18:02:05 114688 --a------ C:\WINDOWS\system32\atippaxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-09 18:02:05 274432 --a------ C:\WINDOWS\system32\atipdsxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-09 18:02:05 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-09 18:02:05 180224 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-01-09 18:02:04 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-09 18:02:03 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-01-09 18:02:03 344064 --a------ C:\WINDOWS\system32\atiptaxx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-09 18:02:03 139264 --a------ C:\WINDOWS\system32\atiprbxx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-09 18:02:03 61440 --a------ C:\WINDOWS\system32\atiphexx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-09 18:02:03 9535488 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-09 18:02:03 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-01-09 18:02:03 36864 --a------ C:\WINDOWS\system32\atiiprxx.exe
2008-01-09 18:02:03 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-01-09 18:02:03 380928 --a------ C:\WINDOWS\system32\atiicdxx.dll <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators>
2008-01-09 18:02:03 368640 --a------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-01-09 18:02:03 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-01-09 18:02:03 348160 --a------ C:\WINDOWS\system32\aticds10.dll <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators>
2008-01-09 18:02:03 1830912 --a------ C:\WINDOWS\system32\atiadaxx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-09 18:02:03 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2008-01-09 18:02:03 495616 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-09 18:02:03 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-09 18:02:03 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-01-09 18:02:01 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-01-09 18:02:01 887724 --a------ C:\WINDOWS\system32\ativva6x.dat
2008-01-09 18:02:01 3107788 --a------ C:\WINDOWS\system32\ativva5x.dat
2008-01-09 18:02:01 158080 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-01-09 17:54:48 0 d-------- C:\Program Files\Driver Cleaner Pro
2008-01-08 18:28:33 0 d-------- C:\Program Files\Microsoft SQL Server
2008-01-08 18:28:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-01-06 01:15:32 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-01-06 01:08:05 0 d-------- C:\Documents and Settings\Owner\Application Data\URSoft
2008-01-06 00:12:19 0 d-------- C:\Program Files\Sophos
2008-01-05 18:18:47 0 d-------- C:\Program Files\SpywareBlaster
2008-01-05 14:43:26 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-05 14:23:48 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-28 18:50:55 0 d-------- C:\Program Files\Ventrilo
2007-12-25 20:17:09 0 d-------- C:\Program Files\iPod
2007-12-25 20:17:03 0 d-------- C:\Program Files\iTunes
2007-12-25 20:15:43 0 d-------- C:\Program Files\Apple Software Update
2007-12-25 20:15:10 0 d-------- C:\Program Files\Common Files\Apple
2007-12-25 20:15:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-25 10:13:48 0 d-------- C:\Program Files\Alcohol Soft
2007-12-25 10:11:10 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-25 00:36:36 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2007-12-21 16:17:57 0 d-------- C:\World of Warcraft
2007-12-21 00:30:53 9619393 --a------ C:\WINDOWS\system32\FHCSECMJTNHSFD
2007-12-21 00:24:00 4 --a------ C:\WINDOWS\system32\0BEBB8
2007-12-21 00:18:47 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-21 00:17:03 8413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
2007-12-20 23:56:38 0 d-------- C:\Program Files\Best Buy Rhapsody
2007-12-20 23:42:18 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-12-20 19:10:29 0 d-------- C:\Program Files\Western Digital
2007-12-20 19:10:13 0 d-------- C:\Program Files\Western Digital Technologies
-- Find3M Report ---------------------------------------------------------------
2008-01-10 19:14:55 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-01-09 18:07:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-09 18
31 0 d-------- C:\Program Files\MultiRes
2008-01-09 18:01:52 0 d-------- C:\Program Files\Radeon Omega Drivers
2008-01-09 18:00:49 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-09 17:56:01 0 d-------- C:\Documents and Settings\Owner\Application Data\ATI
2008-01-08 23:27:14 0 d-------- C:\Documents and Settings\Owner\Application Data\FileZilla
2008-01-08 19:10:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Sony
2008-01-08 18:27:26 0 d-------- C:\Program Files\VstPlugins
2008-01-08 18:26:57 0 d-------- C:\Program Files\Sony
2008-01-07 19:57:14 0 d-------- C:\Program Files\Cheat Engine
2008-01-07 19:57:14 0 d-------- C:\Program Files\BandwidthMeterPro
2008-01-07 16:02:33 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-01-07 16:02:17 0 d-------- C:\Program Files\mIRC
2008-01-06 02:30:48 0 d-------- C:\Program Files\SmartFTP Client
2008-01-06 01:05:32 0 d-------- C:\Program Files\Eraser
2008-01-05 16:20:04 0 d-------- C:\Program Files\Winamp
2008-01-05 16:01:19 0 d-------- C:\Program Files\PowerISO
2008-01-05 15:39:15 0 d-------- C:\Program Files\Last.fm
2008-01-05 15:15:58 0 d-------- C:\Program Files\FileZilla Client
2008-01-05 15:10:11 0 d-------- C:\Program Files\AIM
2008-01-05 02:08:24 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-01-05 02
46 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-03 15:30:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Xfire
2007-12-31 01:59:14 0 d-------- C:\Documents and Settings\Owner\Application Data\Hamachi
2007-12-30 16:33:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Aim
2007-12-28 18:45:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-27 22:13:54 0 d-------- C:\Program Files\DC++
2007-12-26 00:56:43 0 d-------- C:\Program Files\ICQ
2007-12-25 22:46:14 0 d-------- C:\Program Files\SHOUTcast
2007-12-25 20:16:37 0 d-------- C:\Program Files\QuickTime Alternative
2007-12-25 20:15:10 0 d-------- C:\Program Files\Common Files
2007-12-24 00:00:36 253440 --a------ C:\WINDOWS\system32\ndt2.sys
2007-12-21 16:17:57 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-12-21 01:13:46 0 d-------- C:\Program Files\Real
2007-12-21 01:12:34 0 d-------- C:\Program Files\Heroes
2007-12-21 01:12:27 0 d-------- C:\Program Files\Doomsday
2007-12-21 00:17:30 0 d-------- C:\Program Files\Common Files\Real
2007-12-21 00:17:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2007-12-20 23:42:16 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-19 19:03:58 0 d---s---- C:\Program Files\Xfire
2007-12-06 20:28:24 0 d-------- C:\Documents and Settings\Owner\Application Data\foobar2000
2007-12-04 19:04:08 269312 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2007-12-04 18:33:47 1640192 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2007-12-04 18:11:18 499712 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-12-02 11:21:29 0 d-------- C:\Program Files\Exact Audio Copy
2007-12-02 11:21:25 0 d-------- C:\Documents and Settings\Owner\Application Data\AccurateRip
2007-11-25 17:05:22 0 d-------- C:\Program Files\GuerillaSoft
2007-11-25 01:18:03 1 --a------ C:\WINDOWS\system32\SI.bin
2007-11-22 13:24:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Mount&Blade
2007-11-16 21:13:50 0 d-------- C:\Program Files\middle_man
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="C:\HP\KBD\KBD.EXE" [11.02.2003 Ј. 18:02]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [13.09.2002 Ј. 20:42]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [11.05.2000 Ј. 01:00]
"PS2"="C:\WINDOWS\system32\ps2.exe" [16.10.2002 Ј. 14:57]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [11.12.2007 Ј. 10:56]
"AtiPTA"="atiptaxx.exe" [21.02.2006 Ј. 17:05 C:\WINDOWS\system32\atiptaxx.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03.08.2004 Ј. 23:56]
"AIM"="C:\Program Files\AIM\aim.exe" [18.06.2003 Ј. 12:54]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [10.8.2007 Ј. 00:37:28]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk
backup=C:\WINDOWS\pss\ WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlackICE PC Protection.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlackICE PC Protection.lnk
backup=C:\WINDOWS\pss\BlackICE PC Protection.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^FlexType 2K.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk
backup=C:\WINDOWS\pss\FlexType 2K.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune 3.6.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MagicTune 3.6.lnk
backup=C:\WINDOWS\pss\MagicTune 3.6.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ATI Tray Tools.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ATI Tray Tools.lnk
backup=C:\WINDOWS\pss\ATI Tray Tools.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^check-ip-changed.bat]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\check-ip-changed.bat
backup=C:\WINDOWS\pss\check-ip-changed.batStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BandwidthMeterPro]
C:\Program Files\BandwidthMeterPro\BWMeterPro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BOC-425]
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
C:\Program Files\Eraser\eraser.exe -hide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
C:\PROGRA~1\ICQ\ICQNet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"d:\wares-mp3s-games-etc\games\steam\steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
"C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"BlackICE"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Eraser"=C:\Program Files\Eraser\eraser.exe -hide
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"razer"=C:\Program Files\Razer\Copperhead\razerhid.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0804dd6-b5fc-11d9-a9fe-806d6172696f}]
AutoRun\command- G:\autoplay.exe
-- End of Deckard's System Scanner: finished at 2008-01-10 21:09:24 ------------