Hi Reid,
Sorry! I've thought that I posted the right one
Thanks for helping!
Here's the main.txt
Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-23 18:51:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-23 18:51:19
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner.ADMIN-CDB184AE0\Desktop\dss.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) -
http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) -
http://appdirectory.messenger.msn.co...p/DigWXMSN.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{1A8B0DF8-3849-4F73-AE9D-8B775E4EA43A}: NameServer = 165.21.83.88 165.21.100.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
--
End of file - 8323 bytes
-- Files created between 2007-12-23 and 2008-01-23 -----------------------------
2008-01-22 16:38:11 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-01-22 16:37:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 17:47:48 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-14 17:28:03 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-13 16:45:02 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Macrovision
2008-01-13 16:44:20 0 d-------- C:\Program Files\Common Files\Macromedia Shared
2008-01-13 16:44:19 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Macromedia
2008-01-12 13:11:06 0 dr-h----- C:\$VAULT$.AVG
2008-01-12 13:10:24 0 d-------- C:\Documents and Settings\Owner.ADMIN-CDB184AE0\Application Data\AVG7
2008-01-12 13:10:14 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2008-01-12 13:09:50 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-01-12 13:09:50 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2008-01-12 13:07:22 86144 --a------ C:\WINDOWS\system32\drivers\wmilibb.sys
-- Find3M Report ---------------------------------------------------------------
2008-01-23 18:48:55 0 d-------- C:\Documents and Settings\Owner.ADMIN-CDB184AE0\Application Data\Skype
2008-01-23 18:46:07 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-0000000C-00001102-00000004-00521102}.dat
2008-01-23 18:46:07 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000C-00001102-00000004-00521102}.dat
2008-01-22 16:38:12 0 d-------- C:\Program Files\Lavasoft
2008-01-22 16:37:46 0 d-------- C:\Program Files\Common Files
2008-01-20 02:20:28 0 d-------- C:\Documents and Settings\Owner.ADMIN-CDB184AE0\Application Data\LimeWire
2008-01-14 18:40:06 0 d-------- C:\Program Files\PowerISO
2008-01-14 18:39:54 0 d-------- C:\Program Files\MSN Messenger
2008-01-14 18:39:01 0 d-------- C:\Program Files\MagicISO
2008-01-14 18:37:35 0 d-------- C:\Program Files\iTunes
2008-01-14 18:27:22 0 d-------- C:\Program Files\Bonjour
2008-01-13 16:44:59 0 d-------- C:\Documents and Settings\Owner.ADMIN-CDB184AE0\Application Data\Macromedia
2008-01-13 16:44:03 0 d-------- C:\Program Files\Macromedia
2008-01-13 16:44:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-11 21:56:15 0 d-------- C:\Documents and Settings\Owner.ADMIN-CDB184AE0\Application Data\dvdcss
2008-01-11 17:27:33 54272 -r-hs---- C:\WINDOWS\system32\amvo0.dll
2008-01-04 02:21:49 0 d-------- C:\Program Files\New Folder
2007-12-18 00:20:12 0 d-------- C:\Documents and Settings\Owner.ADMIN-CDB184AE0\Application Data\vlc
2007-12-18 00:04:32 0 d-------- C:\Program Files\VideoLAN
2007-11-29 14:20:34 0 d-------- C:\Program Files\LimeWire
2007-11-27 20:56:49 0 d-------- C:\Program Files\BitComet
2007-11-20 21:10:52 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [10/16/2006 02:49 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [06/14/2005 08:00 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [06/14/2005 08:00 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [09/12/2003 09:10 PM]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [12/26/2001 02:00 AM]
"WINDVDPatch"="CTHELPER.EXE" [07/02/2002 05:56 PM C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [11/29/2001 01:00 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/2005 03:48 AM]
"AME_CSA"="amecsa.cpl" [01/30/2003 11:46 AM C:\WINDOWS\system32\AmeCSA.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 04:55 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/12/2008 01:09 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [05/31/2005 01:04 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [05/07/2007 10:32 AM]
C:\Documents and Settings\Owner.ADMIN-CDB184AE0\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [5/30/2006 3:24:43 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01ced8a0-958e-11dc-9dbe-00c0a8a3a3b3}]
AutoRun\command- G:\ntde1ect.com
explore\Command- G:\ntde1ect.com
open\Command- G:\ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10782efe-6793-11dc-9d5c-00c0a8a3a3b3}]
AutoRun\command- G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10782eff-6793-11dc-9d5c-00c0a8a3a3b3}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- H:\Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3448f078-6c0c-11dc-9d6a-00c0a8a3a3b3}]
AutoRun\command- ntde1ect.com
explore\Command- ntde1ect.com
open\Command- ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3448f079-6c0c-11dc-9d6a-00c0a8a3a3b3}]
AutoRun\command- ntde1ect.com
explore\Command- ntde1ect.com
open\Command- ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3448f07a-6c0c-11dc-9d6a-00c0a8a3a3b3}]
AutoRun\command- ntde1ect.com
explore\Command- ntde1ect.com
open\Command- ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ce336be-5ccb-11dc-9d48-00c0a8a3a3b3}]
AutoRun\command- G:\ntde1ect.com
explore\Command- G:\ntde1ect.com
open\Command- G:\ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{701210b4-7fb5-11dc-9d91-00c0a8a3a3b3}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- G:\Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cee495da-3443-11dc-9d01-00c0a8a3a3b3}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- G:\Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfc1e8c8-004d-11dc-9c6c-00c0a8a3a3b3}]
AutoRun\command- H:\ntde1ect.com
explore\Command- H:\ntde1ect.com
open\Command- H:\ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfc1e8c9-004d-11dc-9c6c-00c0a8a3a3b3}]
AutoRun\command- I:\ntde1ect.com
explore\Command- I:\ntde1ect.com
open\Command- I:\ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb98060c-9d03-11dc-9dcd-00c0a8a3a3b3}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- G:\Recycled\ctfmon.exe
-- End of Deckard's System Scanner: finished at 2008-01-23 18:51:41 ------------