Thread: Unknown problem! please help!
View Single Post
Old 05-02-2007, 04:36 AM   #6 (permalink)
4u111
Registered User
 
Join Date: Oct 2006
Posts: 177
OS: WINXP HE


Send a message via MSN to 4u111
Re: Unknown problem! please help!
i have done an extra online scan as you see and called emsi scan.

and here's the deckard's one:

and thanx for any help :-)

Deckard's System Scanner v20070426.43
Run by Sleiman Hassan on 2007-05-02 at 20:35:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-05-02 20:35:03
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.0.5730.11)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sleiman Hassan\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - \\HIME-C868A76915\ntfolder\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [shdef] C:\WINDOWS\shdef.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://\\HIME-C868A76915\ntfolder\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://\\HIME-C868A76915\ntfolder\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://\\HIME-C868A76915\ntfolder\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...sh/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...19/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: iPod Service - Apple Inc. - "C:\Program Files\iPod\bin\iPodService.exe"
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - "C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe"
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RoxMediaDB - Sonic Solutions - "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe"
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe


-- Files created between 2007-04-02 and 2007-05-02 -----------------------------

2017-03-25 13:48:03 0 d-------- C:\Program Files\Common Files\HP
2007-05-02 16:59:48 0 d-------- C:\ie-spyad_zo
2007-05-02 16:56:59 0 d-------- C:\Program Files\SpywareBlaster
2007-05-02 15:35:02 47 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2007-05-02 15:35:01 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware>
2007-05-02 15:29:58 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-05-02 15:29:51 0 d-------- C:\WINDOWS\LastGood
2007-05-02 14:57:36 0 d-------- C:\Program Files\Lavasoft
2007-05-01 16:15:47 0 d-------- C:\Program Files\Trojancheck 6
2007-04-28 16:01:11 0 d-------- C:\WINDOWS\McAfee.com
2007-04-26 18:11:22 0 d-------- C:\Program Files\XoftSpySE
2007-04-25 08:04:37 7551 --a------ C:\WINDOWS\system32\drivers\U3sHlpDr.sys
2007-04-25 06:21:01 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\My Games
2007-04-23 10:12:19 208229 --a------ C:\WINDOWS\rootkit.dll
2007-04-23 1036 208229 --a------ C:\WINDOWS\shdef.exe
2007-04-23 1021 33920 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-04-23 02:08:45 266240 --a------ C:\WINDOWS\CMIUninstall.exe <Not Verified; ; GeneralUninstall Application>
2007-04-23 02:08:44 225280 --a------ C:\WINDOWS\CmiRmRedundDir.exe <Not Verified; ; CmiRmRedundDir Application>
2007-04-23 02:08:44 28672 --a------ C:\WINDOWS\CMIRmDriver.dll
2007-04-23 02:08:44 0 d-------- C:\Program Files\C-Media 3D Audio
2007-04-23 02:05:37 0 d-------- C:\Program Files\Intel
2007-04-23 02:03:22 0 d-------- C:\WINDOWS\system32\Tools
2007-04-22 21:26:28 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\AVS Video Converter
2007-04-22 21:18:38 0 d-------- C:\Program Files\MagicDVDRipper
2007-04-22 21:10:10 0 d-------- C:\Documents and Settings\All Users\Pegasys Inc
2007-04-22 21:08:55 0 d-------- C:\Documents and Settings\All Users\TMPGEncDVDAuthor3
2007-04-22 21:07:41 53248 --a------ C:\WINDOWS\system32\GenSvcInst.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
2007-04-22 21:07:41 33408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS <Not Verified; B.H.A Corporation; B's Recorder GOLD>
2007-04-22 21:07:41 118784 --a------ C:\WINDOWS\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
2007-04-22 21:03:31 0 d-------- C:\Program Files\Pegasys Inc
2007-04-22 20:59:56 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Pegasys Inc
2007-04-22 20:30:15 0 d-------- C:\Program Files\AC3Filter
2007-04-22 20:28:41 129024 --a------ C:\WINDOWS\UNWISE.EXE
2007-04-22 20:28:41 0 d-------- C:\audio
2007-04-22 17:21:02 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\DivX
2007-04-22 17:13:26 0 d-------- C:\Program Files\DivX
2007-04-22 17:07:44 0 d-------- C:\Program Files\Xvid
2007-04-22 16:50:38 0 d-------- C:\Program Files\Easy Video Splitter
2007-04-22 03:49:40 0 d-------- C:\Program Files\AVI MPEG Splitter
2007-04-22 03:48:53 0 d-------- C:\Boilsoft ASF Converter
2007-04-20 13:32:42 0 d-------- C:\Program Files\Symbian OS Tools
2007-04-20 13:32:42 0 d-------- C:\Program Files\Common Files\Symbian
2007-04-20 05:31:48 0 d-------- C:\Program Files\vso
2007-04-20 02:59:22 0 d-------- C:\Program Files\Common Files\ATI Technologies
2007-04-20 02:53:11 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\VersionTracker Pro
2007-04-20 02:46:20 0 d-------- C:\Program Files\AviSynth 2.5
2007-04-19 10:05:58 0 d-------- C:\Program Files\dvdSanta
2007-04-19 06:33:31 0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2007-04-19 06:33:22 0 d-------- C:\Program Files\TechSmith
2007-04-19 06:32:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-19 02:02:31 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Nokia Multimedia Player
2007-04-18 03:21:23 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Image Zone Express
2007-04-15 09:44:17 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-04-15 07:39:45 0 d-------- C:\Program Files\Sonic
2007-04-15 07:39:27 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-04-15 06:58:48 0 d-------- C:\Documents and Settings\Guest\Application Data\Adobe
2007-04-15 06:58:47 0 d-------- C:\Documents and Settings\Guest\Application Data\PC Suite
2007-04-15 06:58:41 0 d-------- C:\Documents and Settings\Guest\Application Data\Real
2007-04-15 06:58:20 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2007-04-15 06:58:04 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2007-04-15 06:58:04 0 dr-h----- C:\Documents and Settings\Guest\Recent
2007-04-15 06:58:04 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2007-04-15 06:58:04 0 d--h----- C:\Documents and Settings\Guest\NetHood
2007-04-15 06:58:04 0 dr------- C:\Documents and Settings\Guest\My Documents
2007-04-15 06:58:04 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2007-04-15 06:58:04 0 dr------- C:\Documents and Settings\Guest\Favorites
2007-04-15 06:58:04 0 d-------- C:\Documents and Settings\Guest\Desktop
2007-04-15 06:58:04 0 d--hs---- C:\Documents and Settings\Guest\Cookies
2007-04-15 06:58:04 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2007-04-15 06:58:04 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2007-04-15 06:58:03 0 d--h----- C:\Documents and Settings\Guest\Templates
2007-04-15 06:58:03 0 dr------- C:\Documents and Settings\Guest\Start Menu
2007-04-15 06:58:03 786432 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
2007-04-14 08:33:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2007-04-11 10:09:11 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Google
2007-04-11 10:08:30 0 d-------- C:\Program Files\Google
2007-04-10 09:39:31 0 d-------- C:\Program Files\GameSpy Arcade
2007-04-08 21:54:22 2634 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-08 21:47:48 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-04-08 20:27:05 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Lavasoft
2007-04-08 17:33:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2007-04-08 17:28:57 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-04-08 17:28:57 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-04-08 17:28:56 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-04-08 17:28:56 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-04-08 17:28:56 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-04-08 17:28:56 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-04-08 17:28:56 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-04-08 17:28:56 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-04-08 17:28:56 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-04-08 17:28:56 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-04-08 17:28:56 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-04-08 17:28:56 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-04-08 17:28:56 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-04-08 17:28:56 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-04-08 17:00:49 0 d-------- C:\Program Files\Common Files\PC Tools
2007-04-08 17:00:42 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2007-04-08 16:37:24 0 d-------- C:\Program Files\Spyware Doctor
2007-04-08 16:37:24 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\PC Tools
2007-04-05 13:59:49 0 d-------- C:\Downloads
2007-04-05 13:50:42 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-04-05 13:48:51 0 d-------- C:\Program Files\Common Files\PCSuite
2007-04-05 13:48:47 0 d-------- C:\Program Files\Common Files\Nokia
2007-04-05 13:48:20 0 d-------- C:\Program Files\DIFX
2007-04-05 13:48:08 0 d-------- C:\Program Files\PC Connectivity Solution
2007-04-05 13:43:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations


-- Find3M Report ---------------------------------------------------------------

2017-03-25 14:36:54 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Help
2017-03-25 13:25:41 0 d-------- C:\Program Files\HP
2007-05-02 15:51:11 0 d-------- C:\Program Files\iTunes
2007-04-28 17:54:58 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Vso
2007-04-26 20:14:17 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Ahead
2007-04-23 02:04:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-21 11:25:20 0 d-------- C:\Program Files\Java
2007-04-21 04:38:08 0 d-------- C:\Program Files\Nokia
2007-04-20 12:58:17 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\PC Suite
2007-04-20 08:07:46 781 --a------ C:\Documents and Settings\Sleiman Hassan\Application Data\NMM-MetaData.db
2007-04-20 05:27:01 0 d-------- C:\Program Files\CloneDVD
2007-04-19 14:41:51 34 --a------ C:\Documents and Settings\Sleiman Hassan\Application Data\pcouffin.log
2007-04-19 14:41:46 47360 --a------ C:\Documents and Settings\Sleiman Hassan\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-04-19 14:41:46 1144 --a------ C:\Documents and Settings\Sleiman Hassan\Application Data\pcouffin.inf
2007-04-19 14:41:46 1074 --a------ C:\Documents and Settings\Sleiman Hassan\Application Data\pcouffin.cat
2007-04-15 07:39:47 0 d-------- C:\Program Files\Roxio
2007-04-15 07:39:10 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-04-12 10:46:03 0 d-------- C:\Program Files\MSN Messenger
2007-04-11 10:08:06 0 d-------- C:\Program Files\Common Files\InstallShield
2007-04-08 16:33:13 0 d-------- C:\Program Files\MTV Networks
2007-03-31 20:46:42 26 --a------ C:\WINDOWS\system32\kakle.dll
2007-03-31 20:46:38 196608 --a------ C:\WINDOWS\system32\maag.dll <Not Verified; NCT Company Ltd.; NCTWMAFile2 ActiveX DLL>
2007-03-31 20:46:38 1212416 --a------ C:\WINDOWS\system32\ckll.dll <Not Verified; NCT Company Ltd.; NCTAudioInformation2 ActiveX DLL>
2007-03-31 20:46:38 1245184 --a------ C:\WINDOWS\system32\bkll.dll <Not Verified; NCT Company Ltd.; NCTRMFile ActiveX DLL>
2007-03-31 20:46:37 1986560 --a------ C:\WINDOWS\system32\akll.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2007-03-31 20:46:37 2535424 --a------ C:\WINDOWS\system32\agsaamj.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress3 Module>
2007-03-31 20:46:37 90112 --a------ C:\WINDOWS\system32\agsaami.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFormatSettings3 Module>
2007-03-31 20:46:37 610304 --a------ C:\WINDOWS\system32\agsaamg.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFile3 Module>
2007-03-31 20:46:37 372736 --a------ C:\WINDOWS\system32\agsaamc.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFileWMA3 Module>
2007-03-31 20:46:25 0 d-------- C:\Program Files\Real_SC
2007-03-30 22:00:26 0 d-------- C:\Program Files\Online Services
2007-03-30 18:26:06 0 d-------- C:\Program Files\Windows Media Connect 2
2007-03-30 17:34:55 0 d-------- C:\Program Files\Ahead
2007-03-25 18:08:57 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Adobe
2007-03-25 18:07:51 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-24 04:56:44 0 d-------- C:\Program Files\3D Space Tour
2007-03-22 21:45:33 14 --a------ C:\WINDOWS\system32\systeminfo3.dll
2007-03-22 21:45:33 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\DVDXStudio
2007-03-19 23:30:13 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Apple Computer
2007-03-19 23:28:53 0 d-------- C:\Program Files\iPod
2007-03-19 23:28:23 0 d-------- C:\Program Files\QuickTime
2007-03-19 23:27:33 0 d-------- C:\Program Files\Apple Software Update
2007-03-19 21:54:42 0 d-------- C:\Program Files\Wtm CD Protect
2007-03-18 23:19:52 0 d-------- C:\Program Files\CRS-MegaDev
2007-03-18 22:05:06 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Real
2007-03-18 22:01:34 0 d-------- C:\Program Files\Common Files\xing shared
2007-03-18 22:01:32 0 d-------- C:\Program Files\Common Files\Real
2007-03-18 22:01:16 0 d-------- C:\Program Files\Real
2007-03-18 21:42:26 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Dev-Cpp
2007-03-17 16:31:42 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Leadertech
2007-03-16 16:15:58 0 d-------- C:\Program Files\PowerISO
2007-03-16 11:39:29 0 d-------- C:\Program Files\MSXML 4.0
2007-03-15 16:52:03 0 d-------- C:\Program Files\WinAVIVideoConverter
2007-03-14 16:49:44 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Datalayer
2007-03-14 15:42:36 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\HP
2007-03-14 15:41:05 110045 --a------ C:\WINDOWS\hpoins08.dat
2007-03-14 15:29:57 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-03-14 13:02:57 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Roxio
2007-03-14 01:21:06 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Sun
2007-03-14 01:19:30 0 d-------- C:\Program Files\Common Files\Java
2007-03-13 16:09:44 0 d-------- C:\Program Files\Winamp
2007-03-13 03:53:43 0 d-------- C:\Program Files\Common Files\ODBC
2007-03-13 03:53:41 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-03-13 03:53:12 62 --ahs---- C:\Documents and Settings\Sleiman Hassan\Application Data\desktop.ini
2007-03-12 23:43:59 0 d-------- C:\Program Files\Microsoft Works
2007-03-12 23:43:49 0 d-------- C:\Program Files\MSBuild
2007-03-12 23:31:16 0 d-------- C:\Program Files\Common Files\Ahead
2007-03-12 23:31:15 0 d-------- C:\Program Files\Nero
2007-03-12 20:26:10 0 d-------- C:\Program Files\ATI Technologies
2007-03-12 20:22:21 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-03-12 20:03:49 0 d-------- C:\Program Files\Messenger
2007-03-12 16:58:59 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Macromedia
2007-03-12 16:36:26 0 d-------- C:\Program Files\Trend Micro
2007-03-12 16:27:30 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Identities
2007-03-12 16:08:29 0 d-------- C:\Program Files\microsoft frontpage
2007-03-12 16:07:04 0 d--h----- C:\Program Files\WindowsUpdate
2007-03-12 1606 0 d-------- C:\Program Files\Common Files\MSSoap
2007-03-12 16:05:57 0 d-------- C:\Program Files\Movie Maker
2007-03-12 16:05:31 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-12 16:04:37 0 d-------- C:\Program Files\MSN Gaming Zone


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00C6482D-C502-44C8-8409-FCE54AD9C208} C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} \\HIME-C868A76915\ntfolder\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll [x]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\pccguide.exe\""
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"RegistryMechanic"=""
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"icq lite"="C:\\WINDOWS\\scvhost.exe"
"Update Checker"="C:\\WINDOWS\\scvhost.exe"
"AntiVir"="C:\\WINDOWS\\scvhost.exe"
@="C:\\WINDOWS\\scvhost.exe"
"shdef"="C:\\WINDOWS\\shdef.exe"
"Windows Update"="C:\\WINDOWS\\scvhost.exe"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"msconfig"="C:\\WINDOWS\\scvhost.exe"
"icq lite"="C:\\WINDOWS\\scvhost.exe"
"Update Checker"="C:\\WINDOWS\\scvhost.exe"
"AntiVir"="C:\\WINDOWS\\scvhost.exe"
@="C:\\WINDOWS\\scvhost.exe"
"Windows Update"="C:\\WINDOWS\\scvhost.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Nokia.PCSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-05-02 at 20:35:38 ---------
Attached Files
File Type: txt deckards.main.txt (30.4 KB, 2 views)
__________________
1010011 1101101 1101001 1101100 1100101
Last edited by Ried; 05-02-2007 at 06:41 AM.
4u111 is offline