Thread: Pop-ups when starting IE or firefox
View Single Post
Old 01-18-2008, 05:24 AM   #3 (permalink)
falkriz
Registered User
 
Join Date: Jan 2008
Posts: 9
OS: Windows XP, SP2


Re: Pop-ups when starting IE or firefox
yes, I still need help. Thank you for replying.
Here are the new logs:

MAIN.TXT


Deckard's System Scanner v20071014.68
Run by Administrator on 2008-01-18 14:17:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2008-01-18 12:18:02 UTC - RP12 - Deckard's System Scanner Restore Point
11: 2008-01-17 17:05:59 UTC - RP11 - Installed ATI Catalyst Control Center
10: 2008-01-16 20:39:04 UTC - RP10 - Software Distribution Service 3.0
9: 2008-01-16 18:27:04 UTC - RP9 - Installed Adobe Photoshop CS2
8: 2008-01-16 14:05:57 UTC - RP8 - Installed Call of Duty(R) 4 - Modern Warfare(TM)


-- First Restore Point --
1: 2008-01-14 20:30:47 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:18:23, on 18.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6465 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080112-151224-905 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 atitray - c:\program files\ray adams\ati tray tools\atitray.sys
R1 LHidKEE - c:\windows\system32\drivers\lhidkee.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>

S3 catchme - c:\docume~1\admini~1\locals~1\temp\catchme.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 FXDrv32 - e:\fxdrv32.sys (file missing)
S3 LHidUsbK (Logitech SetPoint USB Receiver device driver) - c:\windows\system32\drivers\lhidusbk.sys <Not Verified; Logitech, Inc.; Logitech SetPoint(TM)>
S3 LMouKE (Logitech SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-11 20:49:07 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-18 and 2008-01-18 -----------------------------

2008-01-17 19:10:43 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-01-17 19:10:16 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-01-16 20:28:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-01-16 20:27:59 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-01-16 19:43:52 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-16 18:48:53 0 d-------- C:\Program Files\PowerISO
2008-01-16 16:13:55 0 d-------- C:\WINDOWS\system32\LogFiles
2008-01-16 1643 0 d-------- C:\Program Files\Activision
2008-01-16 16:05:30 0 d--hs---- C:\WINDOWS\ftpcache
2008-01-16 15:44:01 0 d-------- C:\WINDOWS\%DownloadedProgramFiles%
2008-01-15 09:40:41 0 d-------- C:\Program Files\Common Files\NSV
2008-01-14 21:48:59 2392 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-14 21:19:19 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-01-14 21:19:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Logitech
2008-01-14 21:17:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-14 21:17:55 0 d-------- C:\Program Files\Common Files\Logishrd
2008-01-14 21:17:51 0 d-------- C:\Program Files\Logitech
2008-01-14 21:07:46 0 d---s---- C:\Documents and Settings\Administrator\Recent
2008-01-14 21:01:10 0 d-------- C:\Program Files\Winamp
2008-01-14 21:01:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Winamp
2008-01-14 16:32:43 0 d-------- C:\Program Files\game
2008-01-13 22:11:30 0 d-------- C:\WINDOWS\ERUNT
2008-01-13 21:58:44 0 d-------- C:\WINDOWS\system32\appmgmt
2008-01-13 20:51:26 0 d-------- C:\WINDOWS\CSC
2008-01-13 20:34:28 0 d-------- C:\Program Files\MoveOnBoot
2008-01-13 20:34:28 0 d-------- C:\Program Files\Common Files\Gibinsoft Shared
2008-01-13 20:18:58 0 d-------- C:\WINDOWS\BDOSCAN8
2008-01-13 14:05:08 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-13 02:34:26 0 d-------- C:\Program Files\Bethesda Softworks
2008-01-13 01:38:11 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-01-13 00:58:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Styler
2008-01-13 00:57:37 0 d-------- C:\Program Files\Styler
2008-01-13 00:44:28 0 d-------- C:\Program Files\Common Files\Stardock
2008-01-13 00:31:25 0 d-------- C:\VISTA PACK 2
2008-01-13 00:17:58 0 d-------- C:\Program Files\Stardock
2008-01-12 23:22:10 0 d-------- C:\Program Files\Driver Cleaner Pro
2008-01-12 20:38:03 0 d-------- C:\Program Files\Steam
2008-01-12 14:15:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-01-12 14:15:15 0 d-------- C:\Program Files\Uniblue
2008-01-12 13:25:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 13:21:35 0 d-------- C:\Program Files\Ares
2008-01-12 13:20:04 0 d-------- C:\Program Files\Trend Micro
2008-01-12 13:16:35 2855 --a------ C:\WINDOWS\system32\mem.PIF
2008-01-12 13:16:35 0 d--h----- C:\WINDOWS\PIF
2008-01-12 12:19:27 0 d-------- C:\Program Files\Lavasoft
2008-01-12 12:19:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-12 11:45:11 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-12 11:44:45 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-12 11:44:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-12 11:44:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-12 11:38:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-12 11:30:55 0 d-------- C:\Program Files\SystemRequirementsLab
2008-01-12 11:30:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2008-01-12 11:30:41 0 d-------- C:\WINDOWS\Sun
2008-01-12 11:29:05 0 d-------- C:\Program Files\Java
2008-01-12 11:29:03 0 d-------- C:\Program Files\Common Files\Java
2008-01-12 11:28:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-01-11 22:50:22 0 d-------- C:\Program Files\CCleaner
2008-01-11 22:45:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Launchy
2008-01-11 22:45:44 0 d-------- C:\Program Files\Launchy
2008-01-11 22:34:53 0 d-------- C:\OC Programmid
2008-01-11 22:32:00 0 d-------- C:\Program Files\FOXCONN
2008-01-11 21:41:22 0 d-------- C:\WINDOWS\system32\PreInstall
2008-01-11 20:49:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-01-11 20:49:47 0 d-------- C:\Program Files\iPod
2008-01-11 20:49:44 0 d-------- C:\Program Files\iTunes
2008-01-11 20:49:16 0 d-------- C:\Program Files\QuickTime
2008-01-11 20:49:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-11 20:49:04 0 d-------- C:\Program Files\Apple Software Update
2008-01-11 20:48:34 0 d-------- C:\Program Files\Common Files\Apple
2008-01-11 20:48:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-11 20:43:23 86144 --a------ C:\WINDOWS\system32\drivers\LHidKEE.sys
2008-01-11 20:43:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\BSplayer PRO
2008-01-11 20:43:10 0 d-------- C:\Program Files\Webteh
2008-01-11 20:36:15 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-01-11 20:36:08 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-01-11 20:36:07 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-01-11 20:23:45 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-01-11 20:22:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\ESET
2008-01-11 20:21:26 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-01-11 20:00:54 0 d-------- C:\WINDOWS\system32\Futuremark
2008-01-11 20:00:54 3972 -----n--- C:\WINDOWS\system32\drivers\PciBus.sys
2008-01-11 20:00:54 21664 --a------ C:\WINDOWS\system32\drivers\Entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
2008-01-11 20:00:20 0 d-------- C:\Program Files\Futuremark
2008-01-11 19:52:59 0 d-------- C:\Program Files\Lavalys
2008-01-11 19:48:20 0 d-------- C:\WINDOWS\RegisteredPackages
2008-01-11 19:47:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-01-11 19:43:35 0 d-------- C:\Program Files\uTorrent
2008-01-11 19:43:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-01-11 19:38:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\atitray
2008-01-11 19:38:07 0 d-------- C:\Program Files\Ray Adams
2008-01-11 19:23:30 0 d-------- C:\Downloads
2008-01-11 19:19:55 0 d--h----- C:\WINDOWS\$hf_mig$
2008-01-11 19:18:47 0 d-------- C:\WINDOWS\system32\RTCOM
2008-01-11 19:18:13 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-01-11 19:15:48 0 d-------- C:\WINDOWS\system32\xircom
2008-01-11 19:15:47 0 d-------- C:\Program Files\microsoft frontpage
2008-01-11 19:15:18 0 d-------- C:\WINDOWS\Prefetch
2008-01-11 19:10:17 0 d-------- C:\WINDOWS\ServicePackFiles
2008-01-11 18:36:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-11 18:33:00 36608 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys <Not Verified; Logitech, Inc.; Logitech SetPoint(TM)>
2008-01-11 18:23:47 0 d-------- C:\Program Files\Messenger Plus! Live
2008-01-11 18:19:25 0 d-------- C:\Documents and Settings\Administrator\Contacts
2008-01-11 18:17:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-01-11 18:16:55 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-11 1833 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-11 1803 0 d-------- C:\WINDOWS\SHELLNEW
2008-01-11 18:05:53 0 d-------- C:\Program Files\Microsoft.NET
2008-01-11 18:04:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
2008-01-11 18:03:40 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-11 18:03:13 0 d-------- C:\Program Files\Windows Live
2008-01-11 18:03:06 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-11 18:02:53 0 d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-01-11 18:02:27 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-01-11 18:00:21 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-11 17:55:02 0 d--hs---- C:\WINDOWS\Installer
2008-01-11 17:55:01 0 d-------- C:\Program Files\Common Files\ODBC
2008-01-11 17:54:55 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-01-11 17:54:54 0 dr------- C:\Program Files
2008-01-11 17:54:54 0 d-------- C:\Program Files\Common Files
2008-01-11 17:54:12 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-01-11 17:54:12 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-01-11 17:54:12 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-01-11 17:54:12 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-01-11 17:54:12 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-01-11 17:54:12 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-01-11 17:54:12 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-01-11 17:54:12 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-01-11 17:54:12 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-01-11 17:54:12 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-01-11 17:54:12 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-01-11 17:54:12 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-01-11 17:54:12 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-01-11 17:54:12 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-01-11 17:54:12 0 dr------- C:\Documents and Settings\All Users\Documents
2008-01-11 17:54:12 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-01-11 17:53:57 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-01-11 17:53:57 0 d-------- C:\WINDOWS\system32\CatRoot
2008-01-11 17:53:52 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-01-11 17:53:52 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-01-11 17:53:52 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-01-11 17:53:52 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-01-11 17:53:19 0 d--hs---- C:\System Volume Information
2008-01-11 17:53:19 0 d-------- C:\Documents and Settings
2008-01-11 17:47:01 0 d-------- C:\WINDOWS
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\WinSxS
2008-01-11 17:47:01 0 dr------- C:\WINDOWS\Web
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\twain_32
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\wins
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\wbem
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\usmt
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\spool
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\ShellExt
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\Setup
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\ras
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\oobe
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\npp
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\mui
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\inetsrv
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\IME
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\icsxml
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\ias
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\export
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\drivers
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-01-11 17:47:01 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\dhcp
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\config
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\3076
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\2052
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\1054
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\1042
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\1041
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\1037
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\1033
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\1031
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\1028
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system32\1025
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\system
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\security
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\Resources
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\repair
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\Provisioning
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\PeerNet
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\pchealth
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\mui
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\msapps
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\msagent
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\Media
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\java
2008-01-11 17:47:01 0 d--h----- C:\WINDOWS\inf
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\ime
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\Help
2008-01-11 17:47:01 0 dr--s---- C:\WINDOWS\Fonts
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\ehome
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\Driver Cache
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\Debug
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\Cursors
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\Connection Wizard
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\Config
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\AppPatch
2008-01-11 17:47:01 0 d-------- C:\WINDOWS\addins
2008-01-11 17:12:28 0 d-------- C:\WINDOWS\system32\Lang
2008-01-11 17:11:25 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-01-11 17:11:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-01-11 17:10:30 0 d-------- C:\Program Files\AMD
2008-01-11 16:51:26 0 d-------- C:\WINDOWS\Downloaded Installations
2008-01-11 16:46:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-01-11 16:46:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-01-11 16:46:49 1279 --a------ C:\WINDOWS\mozver.dat
2008-01-11 16:45:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-11 16:45:45 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-11 16:45:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-01-11 16:33:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2008-01-11 16:31:15 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-01-11 16:15:35 0 d-------- C:\WINDOWS\OPTIONS
2008-01-11 16:13:53 0 d-------- C:\Program Files\Realtek
2008-01-11 16:13:08 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-01-11 16:12:55 0 d-------- C:\Program Files\ATI Technologies
2008-01-11 16:12:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-11 16:12:20 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-11 16:12:10 0 d-------- C:\ATI
2008-01-11 16:08:59 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-01-11 16:07:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-01-11 16:07:14 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-11 16:07:14 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-11 16:07:14 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-11 16:07:14 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-11 16:07:14 2883584 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-11 16:07:14 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-11 16:07:14 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-01-11 16:07:14 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-11 16:07:14 0 d---s---- C:\Documents and Settings\Administrator\Favorites
2008-01-11 16:07:14 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-11 16:07:14 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-01-11 16:07:14 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-11 16:07:07 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-01-11 1659 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-01-11 1658 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-01-11 1658 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-01-11 1658 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-01-11 1658 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-01-11 1658 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-01-11 1654 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-01-11 1654 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-01-11 1654 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-01-11 1654 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-01-11 1654 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-01-11 1603 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-01-11 16:05:57 0 -rahs---- C:\MSDOS.SYS
2008-01-11 16:05:57 0 -rahs---- C:\IO.SYS
2008-01-11 16:05:57 0 --a------ C:\CONFIG.SYS
2008-01-11 16:05:57 0 --a------ C:\AUTOEXEC.BAT
2008-01-11 16:04:57 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-01-11 16:04:49 0 dr------- C:\WINDOWS\Offline Web Pages
2008-01-11 16:04:49 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-01-11 16:04:41 0 d--h----- C:\Program Files\WindowsUpdate
2008-01-11 16:04:16 0 d-------- C:\WINDOWS\system32\DirectX
2008-01-11 16:03:26 0 d---s---- C:\WINDOWS\Tasks
2008-01-11 16:03:25 0 d-------- C:\Program Files\Common Files\MSSoap
2008-01-11 16:03:20 0 d-------- C:\WINDOWS\srchasst
2008-01-11 16:03:19 0 d-------- C:\WINDOWS\system32\Macromed
2008-01-11 16:03:08 0 d-------- C:\Program Files\Movie Maker
2008-01-11 16:02:57 0 d-------- C:\WINDOWS\system32\Restore
2008-01-11 16:02:17 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-11 16:02:03 0 d-------- C:\WINDOWS\Registration
2008-01-11 16:01:56 0 d-------- C:\Program Files\Online Services
2008-01-11 16:01:50 0 d-------- C:\Program Files\Messenger
2008-01-11 16:01:44 0 d-------- C:\Program Files\MSN Gaming Zone
2008-01-11 16:00:52 0 d-------- C:\Program Files\Windows NT
2008-01-11 16:00:48 0 d-------- C:\WINDOWS\system32\MsDtc
2008-01-11 16:00:46 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-01-11 17:54:12 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2007-10-25 10:26:48 53248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-20 20:17:08 39424 --a------ C:\WINDOWS\runtime.exe <Not Verified; NirSoft; IE PassView>
2007-10-19 19:43:58 491520 --a------ C:\WINDOWS\dependencies.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [23.07.2007 11:06]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10.10.2007 19:51]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [21.09.2007 03:10 C:\WINDOWS\KHALMNPR.Exe]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [21.12.2007 08:21]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11.12.2007 10:56]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11.12.2007 12:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 01:11]
"RTHDCPL"="RTHDCPL.EXE" [20.12.2007 16:47 C:\WINDOWS\RTHDCPL.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [21.09.2007 03:10 C:\WINDOWS\KHALMNPR.Exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10.11.2006 12:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [22.05.2007 11:04]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13.10.2004 18:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03.08.2004 23:56]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16.03.2005 19:16:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [11.01.2008 22:45:44]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [14.01.2008 21:18:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20.12.2006 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19.04.2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 15.11.2007 10:10 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-01-18 14:19:13 ------------
Attached Files
File Type: txt extra.txt (13.2 KB, 2 views)
falkriz is offline