OK... so here's the problem: I got a file from a friend on an USB stick, and the file turned out to be infected with (as Kaspersky Anti Virus 6 reported) Trojan.Win32.Monderc.Gen. KAV tried to remove it, and rebooted the computer. After it booted up, I ran a critical areas scan (including "backup locations") and KAV again found it, in one of the restore points. Removed and deleted again. That annoying red shield pops up to inform me the automatic updates are disabled, even though I always keep them on. Didn't pay much attention to it then.
A few hours later while I was working, KAV automatically found a trojan, though this time I think it was Monder, not Monderc. It was found in Local Settings, in a folder related with Internet Explorer. KAV kills it, and reboots the system.
System reboots, and I run another critical areas scan, followed by a full system scan, a reboot, and another full scan. Nothing found.
Now I try to fix the automatic updates problem. No matter what I do to it, the Security Center informs me that AU is offline. I run services.msc, and AU is disabled. I try to enable it and start it, but get told that "the service can't start ...(more text)". I search online for a solution, and try several. I try re-registering AU dlls, reinstalling AU agent, etc... nothing works. Every thread on the topic in various forums says that a Vundo infection is possible. From the descriptions of it's behavior, it seems plausible. I get VundoFix, and run it several times over the next few hours between reboots: nothing ever found. I run KAV several times more, between reboots: nothing ever found. System looks clean.
I just can't get automatic updates to work again...
Any help on this would be greatly appreciated.
Oh, and one thing to note: I am not an idiot and I have been using computers all my life. I am currently a CS student. There is no need to hand-hold me.
Deckard's System Scanner v20071014.68
Run by Strahinja on 2008-06-30 02:49:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2008-06-30 00:49:52 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Strahinja.exe) -------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:45, on 30.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\uTorrent\utorrent.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\MultiRes\MultiRes.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Strahinja\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Strahinja.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {018B27FF-E05F-4CB5-8763-540CB3FD457A} - C:\WINDOWS\system32\ssqNEvTn.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - G:\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {178B9156-C44B-4BA5-8240-0297B822E0BE} - (no file)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {48B6BA19-6750-450D-B616-AD37D8E72D66} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {91930B89-F135-4493-89F6-03A2E0BEBECE} - C:\WINDOWS\system32\awtttrrp.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - G:\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "G:\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump
s_startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [uTorrent] "C:\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MultiRes
O4 - Startup: MultiRes.lnk = C:\Program Files\MultiRes\MultiRes.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: check books - C:\Program Files\Book Designer 4.0\BookChecker.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{81F81B2F-BC8F-4EEF-B761-92DCD694CF20}: NameServer = 192.168.1.1,208.67.222.222,208.67.220.220
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: ssqNEvTn - C:\WINDOWS\
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 13209 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 CX23880 (WinFast CX2388x WDM Video Capture.) - c:\windows\system32\drivers\cx88vid.sys <Not Verified; Leadtek Research Inc.; CX2388x Video Capture Driver>
R2 CXAVXBAR (WinFast CX2388x WDM Crossbar.) - c:\windows\system32\drivers\cxavxbar.sys <Not Verified; Leadtek Research Inc.; CX2388x AVStream Crossbar Driver>
R2 CXTUNE (WinFast CX2388x WDM TVTuner.) - c:\windows\system32\drivers\cx88tune.sys <Not Verified; Leadtek Research Inc.; CX2388x Tuner Driver>
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 LBeepKE - c:\windows\system32\drivers\lbeepke.sys <Not Verified; Logitech Inc.; Logitech SetPoint>
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 RT61 (Ralink Wireless Driver) - c:\windows\system32\drivers\rt61.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11 Wireless Adapters>
R3 SMBios (Intel (R) System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel (R) System Management BIOS Driver>
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys
R3 WFIOCTL - c:\program files\winfast\wftvfm\wfioctl.sys <Not Verified; Leadtek Research Inc.; WinFast MultiMedia Device Driver (Windows 2000/XP)>
S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
S2 PERFDD - c:\ibmperf\bin\perfdd-xp.sys
S3 ACSSCR (ACR38 Smart Card Reader) - c:\windows\system32\drivers\a38usb.sys (file missing)
S3 ATIAVAIW (ATI T200 Unified AVStream service) - c:\windows\system32\drivers\atinavt2.sys <Not Verified; ATI Technologies Inc.; ATI AVStream>
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 pdiddcci (DDC/CI monitor) - c:\windows\system32\drivers\pdiddcci.sys <Not Verified; Portrait Displays, Inc.; Portrait Displays DDC/CI Monitor Device Driver>
S3 PSSdk23 - c:\windows\system32\drivers\pssdk23.drv (file missing)
S3 Sntnlusb (Rainbow USB SuperPro) - c:\windows\system32\drivers\sntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>
S3 tap0801 (TAP-Win32 Adapter V8) - c:\windows\system32\drivers\tap0801.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>
S3 VMnetAdapter (VMware Virtual Ethernet Adapter Driver) - c:\windows\system32\drivers\vmnetadapter.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 DTSRVC (Portrait Displays Display Tune Service) - c:\program files\common files\portrait displays\shared\dtsrvc.exe
R2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper (TM) Disk Defragmenter>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-05-30 and 2008-06-30 -----------------------------
2008-06-30 02:39:42 0 d-------- C:\Program Files\Trend Micro
2008-06-30 02:17:02 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-30 02:06:54 0 d-------- C:\WINDOWS\LastGood
2008-06-30 01:08:51 0 d-------- C:\VundoFix Backups
2008-06-30 00:36:48 0 d-------- C:\WINDOWS\pss
2008-06-29 23:12:33 0 d-------- C:\WINDOWS\system32\Filt
2008-06-29 23:12:33 0 d-------- C:\Program Files\Agnitum
2008-06-29 23:06:44 0 d-------- C:\WTablet
2008-06-29 22:57:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Agnitum
2008-06-29 22:39:44 20000 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-29 22:39:44 12013600 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-29 20:39:16 2116 --ahs---- C:\WINDOWS\system32\prrtttwa.ini2
2008-06-29 20:39:14 319488 --a------ C:\WINDOWS\system32\awtttrrp.dll
2008-06-29 17:07:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-28 13:34:23 0 d-------- C:\Documents and Settings\Strahinja\Application Data\SPORE Creature Creator
2008-06-26 16:41:27 35654 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-26 16:41:20 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-26 16:41:20 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-06-26 16:30:38 0 d-------- C:\Program Files\Diablo II
2008-06-24 20:52:08 0 d-------- C:\Program Files\Black Isle
2008-06-23 02:20:37 0 d-------- C:\Program Files\TechSmith
2008-06-16 00:04:10 0 d-------- C:\Documents and Settings\Strahinja\Application Data\Google
2008-06-14 18:10:55 0 d-------- C:\Program Files\Trials 2 Second Edition
2008-06-06 14:58:29 0 d-------- C:\WINDOWS\nvidia icons
2008-05-31 01:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-31 01:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
-- Find3M Report ---------------------------------------------------------------
2008-06-30 02:53:46 0 d-------- C:\Documents and Settings\Strahinja\Application Data\uTorrent
2008-06-30 02:06:36 0 d-------- C:\Program Files\GetRight
2008-06-30 01:53:49 8405015 --a------ C:\WINDOWS\TempFile
2008-06-30 01:52:07 0 d-------- C:\Documents and Settings\Strahinja\Application Data\WTablet
2008-06-29 22:22:39 0 d-------- C:\Program Files\Kaspersky Lab
2008-06-28 17:55:42 0 d-------- C:\Program Files\Paradox Interactive
2008-06-28 16:58:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-25 19:35:55 0 d-------- C:\Documents and Settings\Strahinja\Application Data\Hamachi
2008-06-25 16:37:40 0 d-------- C:\Documents and Settings\Strahinja\Application Data\Adobe
2008-06-23 02:20:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 22:36:54 0 d-------- C:\Documents and Settings\Strahinja\Application Data\Mozilla
2008-06-16 00:03:36 0 d-------- C:\Program Files\Google
2008-06-14 18:11:12 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-06-14 18:11:12 110592 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-06-09 03:53:57 0 d-------- C:\Program Files\DivX
2008-06-08 00:47:22 0 d-------- C:\Program Files\Common Files
2008-06-06 22:46:22 443912 -rahs---- C:\bootmgr
2008-06-06 15:08:14 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-27 19:19:46 0 d-------- C:\Documents and Settings\Strahinja\Application Data\JAM Software
2008-05-26 21:00:38 0 d-------- C:\Documents and Settings\Strahinja\Application Data\OpenOffice.org2
2008-05-25 19:56:21 0 d-------- C:\Program Files\Cave Story Deluxe
2008-05-25 17:56:11 0 d-------- C:\Program Files\NVIDIA Corporation
2008-05-25 17:55:28 0 d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-05-23 00:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-23 00:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-23 00:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-23 00:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-17 00:06:52 0 d-------- C:\Documents and Settings\Strahinja\Application Data\gtk-2.0
2008-05-13 02:56:15 0 d-------- C:\Program Files\Book Designer 4.0
2008-05-10 03:40:58 0 d-------- C:\Program Files\calibre
2008-05-10 03:40:40 0 d-------- C:\Program Files\libprs500
2008-05-10 03:31:24 0 d-------- C:\Program Files\Gabest
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-30 18:26:40 0 d-------- C:\Program Files\Messenger
2008-04-30 18:26:22 0 d-------- C:\Program Files\Movie Maker
2008-04-30 18:24:06 0 d-------- C:\Program Files\Windows NT
2008-04-25 19:41:38 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{018B27FF-E05F-4CB5-8763-540CB3FD457A}]
C:\WINDOWS\system32\ssqNEvTn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{178B9156-C44B-4BA5-8240-0297B822E0BE}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48B6BA19-6750-450D-B616-AD37D8E72D66}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91930B89-F135-4493-89F6-03A2E0BEBECE}]
29.06.2008 20:39 319488 --a------ C:\WINDOWS\system32\awtttrrp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [19.07.2006 13:03]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [17.07.2007 18:39 C:\WINDOWS\KHALMNPR.Exe]
"SkyTel"="SkyTel.EXE" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12.01.2006 17:40]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [16.11.2006 18:15]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 05:25]
"DT LGE"="C:\Program Files\Portrait Displays\forteManager\DTHtml.exe" [01.02.2007 15:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27.04.2007 09:41]
"P17Helper"="SPIRun.dll" [03.07.2006 12:43 C:\WINDOWS\system32\SPIRun.dll]
"RTHDCPL"="RTHDCPL.EXE" [22.09.2005 13:36 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [03.05.2005 18:43 C:\WINDOWS\ALCMTR.EXE]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16.02.2005 16:15]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 23:16]
"Acrobat Assistant 8.0"="G:\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [11.01.2008 19:54]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [20.03.2007 16:40]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02.05.2008 22:46]
"nwiz"="nwiz.exe" [02.05.2008 22:46 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [02.05.2008 22:46]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [08.11.2006 18:28]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [09.06.2008 14:04]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" [21.05.2008 18:14]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [14.04.2008 05:42]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [06.09.2007 15:08]
"DisplayFusion"="C:\Program Files\DisplayFusion\DisplayFusion.exe" [05.12.2007 22:09]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01.01.2007 23:22]
"uTorrent"="C:\uTorrent\utorrent.exe" [31.01.2008 00:23]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [04.09.2007 19:25]
C:\Documents and Settings\Strahinja\Start Menu\Programs\Startup\
MultiRes.lnk - C:\Program Files\MultiRes\MultiRes.exe [9/12/2006 2:05:16 PM]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [12/24/2006 2:25:24 AM]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [12/24/2006 3:38:49 AM]
SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [8/30/2007 7:13:06 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{018B27FF-E05F-4CB5-8763-540CB3FD457A}"= C:\WINDOWS\system32\ssqNEvTn.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqNEvTn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\progra~1\agnitum\outpos~1\wl_hook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtttrrp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33383ef1-8279-11dc-8f33-005056c00008}]
AutoRun\command- J:\SR2020-Install.exe
-- End of Deckard's System Scanner: finished at 2008-06-30 02:55:44 ------------
A few hours later while I was working, KAV automatically found a trojan, though this time I think it was Monder, not Monderc. It was found in Local Settings, in a folder related with Internet Explorer. KAV kills it, and reboots the system.
System reboots, and I run another critical areas scan, followed by a full system scan, a reboot, and another full scan. Nothing found.
Now I try to fix the automatic updates problem. No matter what I do to it, the Security Center informs me that AU is offline. I run services.msc, and AU is disabled. I try to enable it and start it, but get told that "the service can't start ...(more text)". I search online for a solution, and try several. I try re-registering AU dlls, reinstalling AU agent, etc... nothing works. Every thread on the topic in various forums says that a Vundo infection is possible. From the descriptions of it's behavior, it seems plausible. I get VundoFix, and run it several times over the next few hours between reboots: nothing ever found. I run KAV several times more, between reboots: nothing ever found. System looks clean.
I just can't get automatic updates to work again...
Any help on this would be greatly appreciated.
Oh, and one thing to note: I am not an idiot and I have been using computers all my life. I am currently a CS student. There is no need to hand-hold me.
Deckard's System Scanner v20071014.68
Run by Strahinja on 2008-06-30 02:49:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2008-06-30 00:49:52 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Strahinja.exe) -------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:45, on 30.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\uTorrent\utorrent.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\MultiRes\MultiRes.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Strahinja\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Strahinja.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {018B27FF-E05F-4CB5-8763-540CB3FD457A} - C:\WINDOWS\system32\ssqNEvTn.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - G:\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {178B9156-C44B-4BA5-8240-0297B822E0BE} - (no file)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {48B6BA19-6750-450D-B616-AD37D8E72D66} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {91930B89-F135-4493-89F6-03A2E0BEBECE} - C:\WINDOWS\system32\awtttrrp.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - G:\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "G:\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump
s_startupO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [uTorrent] "C:\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MultiRes
O4 - Startup: MultiRes.lnk = C:\Program Files\MultiRes\MultiRes.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: check books - C:\Program Files\Book Designer 4.0\BookChecker.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{81F81B2F-BC8F-4EEF-B761-92DCD694CF20}: NameServer = 192.168.1.1,208.67.222.222,208.67.220.220
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: ssqNEvTn - C:\WINDOWS\
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 13209 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 CX23880 (WinFast CX2388x WDM Video Capture.) - c:\windows\system32\drivers\cx88vid.sys <Not Verified; Leadtek Research Inc.; CX2388x Video Capture Driver>
R2 CXAVXBAR (WinFast CX2388x WDM Crossbar.) - c:\windows\system32\drivers\cxavxbar.sys <Not Verified; Leadtek Research Inc.; CX2388x AVStream Crossbar Driver>
R2 CXTUNE (WinFast CX2388x WDM TVTuner.) - c:\windows\system32\drivers\cx88tune.sys <Not Verified; Leadtek Research Inc.; CX2388x Tuner Driver>
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 LBeepKE - c:\windows\system32\drivers\lbeepke.sys <Not Verified; Logitech Inc.; Logitech SetPoint>
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 RT61 (Ralink Wireless Driver) - c:\windows\system32\drivers\rt61.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11 Wireless Adapters>
R3 SMBios (Intel (R) System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel (R) System Management BIOS Driver>
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys
R3 WFIOCTL - c:\program files\winfast\wftvfm\wfioctl.sys <Not Verified; Leadtek Research Inc.; WinFast MultiMedia Device Driver (Windows 2000/XP)>
S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
S2 PERFDD - c:\ibmperf\bin\perfdd-xp.sys
S3 ACSSCR (ACR38 Smart Card Reader) - c:\windows\system32\drivers\a38usb.sys (file missing)
S3 ATIAVAIW (ATI T200 Unified AVStream service) - c:\windows\system32\drivers\atinavt2.sys <Not Verified; ATI Technologies Inc.; ATI AVStream>
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 pdiddcci (DDC/CI monitor) - c:\windows\system32\drivers\pdiddcci.sys <Not Verified; Portrait Displays, Inc.; Portrait Displays DDC/CI Monitor Device Driver>
S3 PSSdk23 - c:\windows\system32\drivers\pssdk23.drv (file missing)
S3 Sntnlusb (Rainbow USB SuperPro) - c:\windows\system32\drivers\sntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>
S3 tap0801 (TAP-Win32 Adapter V8) - c:\windows\system32\drivers\tap0801.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>
S3 VMnetAdapter (VMware Virtual Ethernet Adapter Driver) - c:\windows\system32\drivers\vmnetadapter.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 DTSRVC (Portrait Displays Display Tune Service) - c:\program files\common files\portrait displays\shared\dtsrvc.exe
R2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper (TM) Disk Defragmenter>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-05-30 and 2008-06-30 -----------------------------
2008-06-30 02:39:42 0 d-------- C:\Program Files\Trend Micro
2008-06-30 02:17:02 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-30 02:06:54 0 d-------- C:\WINDOWS\LastGood
2008-06-30 01:08:51 0 d-------- C:\VundoFix Backups
2008-06-30 00:36:48 0 d-------- C:\WINDOWS\pss
2008-06-29 23:12:33 0 d-------- C:\WINDOWS\system32\Filt
2008-06-29 23:12:33 0 d-------- C:\Program Files\Agnitum
2008-06-29 23:06:44 0 d-------- C:\WTablet
2008-06-29 22:57:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Agnitum
2008-06-29 22:39:44 20000 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-29 22:39:44 12013600 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-29 20:39:16 2116 --ahs---- C:\WINDOWS\system32\prrtttwa.ini2
2008-06-29 20:39:14 319488 --a------ C:\WINDOWS\system32\awtttrrp.dll
2008-06-29 17:07:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-28 13:34:23 0 d-------- C:\Documents and Settings\Strahinja\Application Data\SPORE Creature Creator
2008-06-26 16:41:27 35654 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-26 16:41:20 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-26 16:41:20 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-06-26 16:30:38 0 d-------- C:\Program Files\Diablo II
2008-06-24 20:52:08 0 d-------- C:\Program Files\Black Isle
2008-06-23 02:20:37 0 d-------- C:\Program Files\TechSmith
2008-06-16 00:04:10 0 d-------- C:\Documents and Settings\Strahinja\Application Data\Google
2008-06-14 18:10:55 0 d-------- C:\Program Files\Trials 2 Second Edition
2008-06-06 14:58:29 0 d-------- C:\WINDOWS\nvidia icons
2008-05-31 01:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-31 01:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
-- Find3M Report ---------------------------------------------------------------
2008-06-30 02:53:46 0 d-------- C:\Documents and Settings\Strahinja\Application Data\uTorrent
2008-06-30 02:06:36 0 d-------- C:\Program Files\GetRight
2008-06-30 01:53:49 8405015 --a------ C:\WINDOWS\TempFile
2008-06-30 01:52:07 0 d-------- C:\Documents and Settings\Strahinja\Application Data\WTablet
2008-06-29 22:22:39 0 d-------- C:\Program Files\Kaspersky Lab
2008-06-28 17:55:42 0 d-------- C:\Program Files\Paradox Interactive
2008-06-28 16:58:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-25 19:35:55 0 d-------- C:\Documents and Settings\Strahinja\Application Data\Hamachi
2008-06-25 16:37:40 0 d-------- C:\Documents and Settings\Strahinja\Application Data\Adobe
2008-06-23 02:20:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 22:36:54 0 d-------- C:\Documents and Settings\Strahinja\Application Data\Mozilla
2008-06-16 00:03:36 0 d-------- C:\Program Files\Google
2008-06-14 18:11:12 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-06-14 18:11:12 110592 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-06-09 03:53:57 0 d-------- C:\Program Files\DivX
2008-06-08 00:47:22 0 d-------- C:\Program Files\Common Files
2008-06-06 22:46:22 443912 -rahs---- C:\bootmgr
2008-06-06 15:08:14 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-27 19:19:46 0 d-------- C:\Documents and Settings\Strahinja\Application Data\JAM Software
2008-05-26 21:00:38 0 d-------- C:\Documents and Settings\Strahinja\Application Data\OpenOffice.org2
2008-05-25 19:56:21 0 d-------- C:\Program Files\Cave Story Deluxe
2008-05-25 17:56:11 0 d-------- C:\Program Files\NVIDIA Corporation
2008-05-25 17:55:28 0 d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-05-23 00:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-23 00:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-23 00:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-23 00:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-17 00:06:52 0 d-------- C:\Documents and Settings\Strahinja\Application Data\gtk-2.0
2008-05-13 02:56:15 0 d-------- C:\Program Files\Book Designer 4.0
2008-05-10 03:40:58 0 d-------- C:\Program Files\calibre
2008-05-10 03:40:40 0 d-------- C:\Program Files\libprs500
2008-05-10 03:31:24 0 d-------- C:\Program Files\Gabest
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-30 18:26:40 0 d-------- C:\Program Files\Messenger
2008-04-30 18:26:22 0 d-------- C:\Program Files\Movie Maker
2008-04-30 18:24:06 0 d-------- C:\Program Files\Windows NT
2008-04-25 19:41:38 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{018B27FF-E05F-4CB5-8763-540CB3FD457A}]
C:\WINDOWS\system32\ssqNEvTn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{178B9156-C44B-4BA5-8240-0297B822E0BE}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48B6BA19-6750-450D-B616-AD37D8E72D66}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91930B89-F135-4493-89F6-03A2E0BEBECE}]
29.06.2008 20:39 319488 --a------ C:\WINDOWS\system32\awtttrrp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [19.07.2006 13:03]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [17.07.2007 18:39 C:\WINDOWS\KHALMNPR.Exe]
"SkyTel"="SkyTel.EXE" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12.01.2006 17:40]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [16.11.2006 18:15]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 05:25]
"DT LGE"="C:\Program Files\Portrait Displays\forteManager\DTHtml.exe" [01.02.2007 15:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27.04.2007 09:41]
"P17Helper"="SPIRun.dll" [03.07.2006 12:43 C:\WINDOWS\system32\SPIRun.dll]
"RTHDCPL"="RTHDCPL.EXE" [22.09.2005 13:36 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [03.05.2005 18:43 C:\WINDOWS\ALCMTR.EXE]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16.02.2005 16:15]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 23:16]
"Acrobat Assistant 8.0"="G:\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [11.01.2008 19:54]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [20.03.2007 16:40]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02.05.2008 22:46]
"nwiz"="nwiz.exe" [02.05.2008 22:46 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [02.05.2008 22:46]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [08.11.2006 18:28]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [09.06.2008 14:04]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" [21.05.2008 18:14]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [14.04.2008 05:42]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [06.09.2007 15:08]
"DisplayFusion"="C:\Program Files\DisplayFusion\DisplayFusion.exe" [05.12.2007 22:09]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01.01.2007 23:22]
"uTorrent"="C:\uTorrent\utorrent.exe" [31.01.2008 00:23]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [04.09.2007 19:25]
C:\Documents and Settings\Strahinja\Start Menu\Programs\Startup\
MultiRes.lnk - C:\Program Files\MultiRes\MultiRes.exe [9/12/2006 2:05:16 PM]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [12/24/2006 2:25:24 AM]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [12/24/2006 3:38:49 AM]
SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [8/30/2007 7:13:06 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{018B27FF-E05F-4CB5-8763-540CB3FD457A}"= C:\WINDOWS\system32\ssqNEvTn.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqNEvTn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\progra~1\agnitum\outpos~1\wl_hook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtttrrp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33383ef1-8279-11dc-8f33-005056c00008}]
AutoRun\command- J:\SR2020-Install.exe
-- End of Deckard's System Scanner: finished at 2008-06-30 02:55:44 ------------
