Tech Support Forum - View Single Post

Niazcro · 06-27-2007, 09:01 AM

Deckard's System Scanner v20070611.50
Run by Teka on 2007-06-27 at 17:02:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Teka.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 17:02:29, on 27.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Teka\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Teka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tportal.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tportal.hr/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: T-Com - {640D51F7-EA3D-4F9A-A3A2-F803112C2C74} - C:\Program Files\Internet Explorer\SIGNUP\HTnet Start.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.tportal.hr/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F6F78B7-0E69-40CF-80E6-86A10019C6AC}: NameServer = 195.29.150.3 195.29.150.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

-- Files created between 2007-05-27 and 2007-06-27 -----------------------------

2007-06-27 13:03:27 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-27 13:03:25 0 d-------- C:\WINDOWS\LastGood
2007-06-27 12:58:38 0 d-------- C:\Program Files\Common Files\Java
2007-06-26 20:23:50 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-06-26 19:48:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-06-24 13:18:38 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-06-23 13:32:06 0 dr-h----- C:\Documents and Settings\Teka\Application Data\SecuROM
2007-06-23 13:20:12 0 d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
2007-06-10 15:56:21 0 d-------- C:\Program Files\Windows Live
2007-06-08 22

33 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-06-06 20:14:24 0 d-------- C:\Documents and Settings\Teka\Application Data\RegSweep
2007-06-06 11:56:16 0 d-------- C:\WINDOWS\pss
2007-06-05 10:29:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2007-06-05 10:20:11 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-06-05 10:20:11 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-06-05 10:20:11 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-06-05 10:20:11 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-06-05 10:20:11 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-06-05 10:20:10 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-06-05 10:20:10 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-06-05 10:20:10 610304 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-06-05 10:20:10 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-06-05 10:20:02 0 d-------- C:\WINDOWS\CSC
2007-06-04 12:31:14 0 d-------- C:\Program Files\IObit
2007-06-03 10:30:01 0 d-------- C:\VundoFix Backups
2007-05-30 21:08:28 0 d-------- C:\Program Files\DivX
2007-05-27 15:05:33 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-05-27 13:21:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\Teka\Saved Games
2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\Teka\Application Data\FloodLightGames
2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames

-- Find3M Report ---------------------------------------------------------------

2007-06-27 12:59:09 0 d-------- C:\Program Files\Java
2007-06-27 12:51:53 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-06-26 21:05:30 0 d-------- C:\Program Files\Windows Live Toolbar
2007-06-26 21:05:24 0 d-------- C:\Program Files\Winamp
2007-06-26 21:01:22 0 d-------- C:\Program Files\MSN Messenger
2007-06-26 20:56:21 0 d-------- C:\Program Files\Messenger Plus! Live
2007-06-24 13:12:38 0 d-------- C:\Program Files\sollab
2007-06-22 16:07:55 0 d-------- C:\Documents and Settings\Teka\Application Data\DMCache
2007-06-12 13:58:03 77312 --a------ C:\WINDOWS\ua2.dll
2007-06-04 11:39:06 0 d-------- C:\Documents and Settings\Teka\Application Data\Uniblue
2007-06-04 11:38:58 0 d-------- C:\Program Files\Uniblue
2007-05-30 21:08:48 5141 --a------ C:\WINDOWS\mozver.dat
2007-05-26 15:57:21 0 d-------- C:\Program Files\Yahoo!
2007-05-26 15:55:08 0 d-------- C:\Program Files\Common Files\ACD Systems
2007-05-25 13:23:13 0 d-------- C:\Documents and Settings\Teka\Application Data\Comodo
2007-05-24 15:20:40 0 d-------- C:\Program Files\Comodo
2007-05-24 14:02:26 4 --a------ C:\WINDOWS\system32\C99967
2007-05-24 14:01:09 0 d-------- C:\Program Files\Common Files\Real
2007-05-24 14:00:38 0 d-------- C:\Documents and Settings\Teka\Application Data\Real
2007-05-24 14:00:35 0 d-------- C:\Program Files\Rhapsody
2007-05-23 20:46:24 81550 --a------ C:\WINDOWS\system32\mi2.exe
2007-05-20 17:11:33 0 d-------- C:\Documents and Settings\Teka\Application Data\uTorrent
2007-05-20 13:10:55 4096 --a------ C:\WINDOWS\d3dx.dat
2007-05-20 13:09:47 0 d-------- C:\Program Files\ReflexiveArcade
2007-05-20 12

08 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-05-14 23:07:10 0 d-------- C:\Documents and Settings\Teka\Application Data\Screenshot Sender
2007-05-13 20:51:11 0 d-------- C:\Program Files\RSSOwl
2007-05-10 20:12:06 0 d-------- C:\Program Files\LimeWire
2007-05-10 19:37:48 0 d-------- C:\Program Files\Google
2007-05-02 20:53:28 0 d-------- C:\Program Files\Ashampoo
2007-04-29 15:42:08 0 d-------- C:\Program Files\Macrogaming
2007-04-29 12:45:53 0 d-------- C:\Program Files\SecondLife
2007-04-29 12:34:02 0 d-------- C:\Documents and Settings\Teka\Application Data\SecondLife
2007-04-28 20:52:09 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-04-28 11:13:42 0 d-------- C:\Program Files\T-Com MAXadsl CD-ROM
2007-04-28 09:27:40 0 d-------- C:\Program Files\T-Com ADSL driver

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AtiPTA"="atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"Device Detector"="DevDetect.exe -autorun"
"googletalk"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Uniblue SpeedUpMyPC"="C:\\Program Files\\Uniblue\\SpeedUpMyPC\\SpeedUpMyPC.exe -s"
"msnmsgr"="~\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewContextMenu"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoSMMyDocs"=dword:00000000
"NoRecentDocsMenu"=dword:00000000
"NoSMMyPictures"=dword:00000000
"StartMenuLogoff"=dword:00000001
"NoChangeStartMenu"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000
"NoRecentDocsHistory"=dword:00000000
"MaxRecentDocs"=dword:0000000b
"NoStartMenuMFUprogramsList"=dword:00000000
"NoLowDiskSpaceChecks"=dword:00000000
"LinkResolveIgnoreLinkInfo"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_WMIAPSRV

-- End of Deckard's System Scanner: finished at 2007-06-27 at 17:02:49 ---------

06-27-2007, 09:01 AM	#12 (permalink)
Niazcro Registered User Join Date: Jun 2007 Posts: 8 OS: WinXP	Re: CPU Usage 100% when online Deckard's System Scanner v20070611.50 Run by Teka on 2007-06-27 at 17:02:27 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Teka.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 17:02:29, on 27.6.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Teka\Desktop\dss.exe C:\PROGRA~1\HIJACK~1\Teka.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tportal.hr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tportal.hr/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: T-Com - {640D51F7-EA3D-4F9A-A3A2-F803112C2C74} - C:\Program Files\Internet Explorer\SIGNUP\HTnet Start.exe (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.tportal.hr/ O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7F6F78B7-0E69-40CF-80E6-86A10019C6AC}: NameServer = 195.29.150.3 195.29.150.4 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- Files created between 2007-05-27 and 2007-06-27 ----------------------------- 2007-06-27 13:03:27 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-06-27 13:03:25 0 d-------- C:\WINDOWS\LastGood 2007-06-27 12:58:38 0 d-------- C:\Program Files\Common Files\Java 2007-06-26 20:23:50 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-06-26 19:48:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-06-24 13:18:38 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System> 2007-06-23 13:32:06 0 dr-h----- C:\Documents and Settings\Teka\Application Data\SecuROM 2007-06-23 13:20:12 0 d-------- C:\Documents and Settings\All Users\Application Data\JollyBear 2007-06-10 15:56:21 0 d-------- C:\Program Files\Windows Live 2007-06-08 2233 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games 2007-06-06 20:14:24 0 d-------- C:\Documents and Settings\Teka\Application Data\RegSweep 2007-06-06 11:56:16 0 d-------- C:\WINDOWS\pss 2007-06-05 10:29:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel 2007-06-05 10:20:11 0 d-------- C:\Documents and Settings\Administrator\Favorites 2007-06-05 10:20:11 0 d-------- C:\Documents and Settings\Administrator\Desktop 2007-06-05 10:20:11 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2007-06-05 10:20:11 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2007-06-05 10:20:11 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Templates 2007-06-05 10:20:10 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2007-06-05 10:20:10 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Recent 2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2007-06-05 10:20:10 610304 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT 2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2007-06-05 10:20:10 0 d-------- C:\Documents and Settings\Administrator\My Documents 2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2007-06-05 10:20:02 0 d-------- C:\WINDOWS\CSC 2007-06-04 12:31:14 0 d-------- C:\Program Files\IObit 2007-06-03 10:30:01 0 d-------- C:\VundoFix Backups 2007-05-30 21:08:28 0 d-------- C:\Program Files\DivX 2007-05-27 15:05:33 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-05-27 13:21:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\Teka\Saved Games 2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\Teka\Application Data\FloodLightGames 2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames -- Find3M Report --------------------------------------------------------------- 2007-06-27 12:59:09 0 d-------- C:\Program Files\Java 2007-06-27 12:51:53 0 d-------- C:\Program Files\Microsoft AntiSpyware 2007-06-26 21:05:30 0 d-------- C:\Program Files\Windows Live Toolbar 2007-06-26 21:05:24 0 d-------- C:\Program Files\Winamp 2007-06-26 21:01:22 0 d-------- C:\Program Files\MSN Messenger 2007-06-26 20:56:21 0 d-------- C:\Program Files\Messenger Plus! Live 2007-06-24 13:12:38 0 d-------- C:\Program Files\sollab 2007-06-22 16:07:55 0 d-------- C:\Documents and Settings\Teka\Application Data\DMCache 2007-06-12 13:58:03 77312 --a------ C:\WINDOWS\ua2.dll 2007-06-04 11:39:06 0 d-------- C:\Documents and Settings\Teka\Application Data\Uniblue 2007-06-04 11:38:58 0 d-------- C:\Program Files\Uniblue 2007-05-30 21:08:48 5141 --a------ C:\WINDOWS\mozver.dat 2007-05-26 15:57:21 0 d-------- C:\Program Files\Yahoo! 2007-05-26 15:55:08 0 d-------- C:\Program Files\Common Files\ACD Systems 2007-05-25 13:23:13 0 d-------- C:\Documents and Settings\Teka\Application Data\Comodo 2007-05-24 15:20:40 0 d-------- C:\Program Files\Comodo 2007-05-24 14:02:26 4 --a------ C:\WINDOWS\system32\C99967 2007-05-24 14:01:09 0 d-------- C:\Program Files\Common Files\Real 2007-05-24 14:00:38 0 d-------- C:\Documents and Settings\Teka\Application Data\Real 2007-05-24 14:00:35 0 d-------- C:\Program Files\Rhapsody 2007-05-23 20:46:24 81550 --a------ C:\WINDOWS\system32\mi2.exe 2007-05-20 17:11:33 0 d-------- C:\Documents and Settings\Teka\Application Data\uTorrent 2007-05-20 13:10:55 4096 --a------ C:\WINDOWS\d3dx.dat 2007-05-20 13:09:47 0 d-------- C:\Program Files\ReflexiveArcade 2007-05-20 1208 0 d-------- C:\Program Files\Mozilla Thunderbird 2007-05-14 23:07:10 0 d-------- C:\Documents and Settings\Teka\Application Data\Screenshot Sender 2007-05-13 20:51:11 0 d-------- C:\Program Files\RSSOwl 2007-05-10 20:12:06 0 d-------- C:\Program Files\LimeWire 2007-05-10 19:37:48 0 d-------- C:\Program Files\Google 2007-05-02 20:53:28 0 d-------- C:\Program Files\Ashampoo 2007-04-29 15:42:08 0 d-------- C:\Program Files\Macrogaming 2007-04-29 12:45:53 0 d-------- C:\Program Files\SecondLife 2007-04-29 12:34:02 0 d-------- C:\Documents and Settings\Teka\Application Data\SecondLife 2007-04-28 20:52:09 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ> 2007-04-28 11:13:42 0 d-------- C:\Program Files\T-Com MAXadsl CD-ROM 2007-04-28 09:27:40 0 d-------- C:\Program Files\T-Com ADSL driver -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "AtiPTA"="atiptaxx.exe" "SoundMan"="SOUNDMAN.EXE" "Device Detector"="DevDetect.exe -autorun" "googletalk"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart" "COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background" "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe" "nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Uniblue SpeedUpMyPC"="C:\\Program Files\\Uniblue\\SpeedUpMyPC\\SpeedUpMyPC.exe -s" "msnmsgr"="~\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=dword:00000000 "NoResolveSearch"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewContextMenu"=dword:00000000 "NoSaveSettings"=dword:00000000 "NoSMMyDocs"=dword:00000000 "NoRecentDocsMenu"=dword:00000000 "NoSMMyPictures"=dword:00000000 "StartMenuLogoff"=dword:00000001 "NoChangeStartMenu"=dword:00000000 "ClearRecentDocsOnExit"=dword:00000000 "NoRecentDocsHistory"=dword:00000000 "MaxRecentDocs"=dword:0000000b "NoStartMenuMFUprogramsList"=dword:00000000 "NoLowDiskSpaceChecks"=dword:00000000 "LinkResolveIgnoreLinkInfo"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 newlycreated - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_WMIAPSRV -- End of Deckard's System Scanner: finished at 2007-06-27 at 17:02:49 ---------