|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
01-05-2008, 05:50 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jan 2008
Posts: 6
OS: Windows XP Home SP2
|
perfs.exe, routing.exe - how do I get rid of them?
I was running a NOD32 scan in which they were detected and removed... once I rebooted however they showed up again. From the searching I've done I'm pretty sure this is a trojan (most likely for botnets etc). How do I remove it?
HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 14:20:07, on 05.1.2008 г. Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\HP\KBD\KBD.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM\aim.exe C:\Program Files\Eraser\eraser.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Comodo\CBOClean\BOCORE.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\Program Files\ActiveState Perl Dev Kit 6.0\bin\pdkdebug.exe C:\WINDOWS\system32\perfs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\routing.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.204.143.153:6588 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1187647958218 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1187647921421 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{17B9F30C-35BA-4A5C-9214-6EA033243EDA}: NameServer = 192.168.1.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: PDK Debug Listener (pdkdebug) - ActiveState - C:\Program Files\ActiveState Perl Dev Kit 6.0\bin\pdkdebug.exe O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PRTG Service - Paessler Router Traffic Grapher (PRTGService) - Unknown owner - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe (file missing) O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe ------------ Thanks in advance. I hope I don't need to reinstall windows X_X |
|
     |
|
01-10-2008, 10:06 AM
|
#2 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 23,347
OS: 2000 Pro; XP Pro; XP Home
|
Re: perfs.exe, routing.exe - how do I get rid of them?
Hello and Welcome. Apologies for any delay in replying, but we have been rather busy lately.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Looks like ComboFix got rid of most of the issues. I need more information before continuing, please. If you still require assistance with your issue, and since it has been a few days since you first posted, please do this: --------------------------------------------------------------------------------------------- You are using an outdated version of HijackThis. Please uninstall from Add/Remove programs, and delete your current version. Next, download HijackThis to your desktop Alternate link Double-click on the file you just downloaded. Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis Upon install, HijackThis should open for you. When it does, just close it. --------------------------------------------------------------------------------------------- Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
What DSS will do:
--------------------------------------------------------------------------------------------- Thank you.
__________________
Practice Safe Surfing  Our help is voluntary, but this site needs donations to operate.
Please consider Donating to the Forum. Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience. |
|
|
|
|
01-10-2008, 09:13 PM
|
#3 (permalink) |
|
Registered User
Join Date: Jan 2008
Posts: 6
OS: Windows XP Home SP2
|
Re: perfs.exe, routing.exe - how do I get rid of them?
Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-10 21:10:47 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:10:52, on 10.1.2008 г. Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AIM\aim.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Last.fm\LastFmHelper.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Owner\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.204.143.153:6588 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1187647958218 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1187647921421 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{17B9F30C-35BA-4A5C-9214-6EA033243EDA}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PDK Debug Listener (pdkdebug) - ActiveState - C:\Program Files\ActiveState Perl Dev Kit 6.0\bin\pdkdebug.exe O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing) O23 - Service: PRTG Service - Paessler Router Traffic Grapher (PRTGService) - Unknown owner - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe (file missing) O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing) O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe -- End of file - 8449 bytes -- Files created between 2007-12-10 and 2008-01-10 ----------------------------- 2008-01-10 21:05:46 0 d-------- C:\Program Files\Trend Micro 2008-01-10 15:50:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-01-09 18:08:45 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart> 2008-01-09 18:02:08 6144 --a------ C:\WINDOWS\system32\atiicdxx.sys <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators> 2008-01-09 18:02:06 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component> 2008-01-09 18:02:05 24064 --a------ C:\WINDOWS\system32\ativcoxx.dll <Not Verified; ATI Technologies, Inc.; > 2008-01-09 18:02:05 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface> 2008-01-09 18:02:05 2060288 --a------ C:\WINDOWS\system32\atipuixx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:05 114688 --a------ C:\WINDOWS\system32\atippaxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:05 274432 --a------ C:\WINDOWS\system32\atipdsxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:05 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:05 180224 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component> 2008-01-09 18:02:04 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver> 2008-01-09 18:02:03 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord> 2008-01-09 18:02:03 344064 --a------ C:\WINDOWS\system32\atiptaxx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:03 139264 --a------ C:\WINDOWS\system32\atiprbxx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:03 61440 --a------ C:\WINDOWS\system32\atiphexx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:03 9535488 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver> 2008-01-09 18:02:03 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager> 2008-01-09 18:02:03 36864 --a------ C:\WINDOWS\system32\atiiprxx.exe 2008-01-09 18:02:03 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities> 2008-01-09 18:02:03 380928 --a------ C:\WINDOWS\system32\atiicdxx.dll <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators> 2008-01-09 18:02:03 368640 --a------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre> 2008-01-09 18:02:03 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family> 2008-01-09 18:02:03 348160 --a------ C:\WINDOWS\system32\aticds10.dll <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators> 2008-01-09 18:02:03 1830912 --a------ C:\WINDOWS\system32\atiadaxx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:03 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update> 2008-01-09 18:02:03 495616 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows> 2008-01-09 18:02:03 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows> 2008-01-09 18:02:03 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility> 2008-01-09 18:02:01 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat 2008-01-09 18:02:01 887724 --a------ C:\WINDOWS\system32\ativva6x.dat 2008-01-09 18:02:01 3107788 --a------ C:\WINDOWS\system32\ativva5x.dat 2008-01-09 18:02:01 158080 --a------ C:\WINDOWS\system32\atiicdxx.dat 2008-01-09 17:54:48 0 d-------- C:\Program Files\Driver Cleaner Pro 2008-01-08 18:28:33 0 d-------- C:\Program Files\Microsoft SQL Server 2008-01-08 18:28:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony 2008-01-06 01:15:32 0 dr-h----- C:\Documents and Settings\Owner\Recent 2008-01-06 01:08:05 0 d-------- C:\Documents and Settings\Owner\Application Data\URSoft 2008-01-06 00:12:19 0 d-------- C:\Program Files\Sophos 2008-01-05 18:18:47 0 d-------- C:\Program Files\SpywareBlaster 2008-01-05 14:43:26 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus> 2008-01-05 14:23:48 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-12-28 18:50:55 0 d-------- C:\Program Files\Ventrilo 2007-12-25 20:17:09 0 d-------- C:\Program Files\iPod 2007-12-25 20:17:03 0 d-------- C:\Program Files\iTunes 2007-12-25 20:15:43 0 d-------- C:\Program Files\Apple Software Update 2007-12-25 20:15:10 0 d-------- C:\Program Files\Common Files\Apple 2007-12-25 20:15:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-12-25 10:13:48 0 d-------- C:\Program Files\Alcohol Soft 2007-12-25 10:11:10 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-25 00:36:36 0 d-------- C:\Documents and Settings\Owner\.housecall6.6 2007-12-21 16:17:57 0 d-------- C:\World of Warcraft 2007-12-21 00:30:53 9619393 --a------ C:\WINDOWS\system32\FHCSECMJTNHSFD 2007-12-21 00:24:00 4 --a------ C:\WINDOWS\system32\0BEBB8 2007-12-21 00:18:47 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-12-21 00:17:03 8413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)> 2007-12-20 23:56:38 0 d-------- C:\Program Files\Best Buy Rhapsody 2007-12-20 23:42:18 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2007-12-20 19:10:29 0 d-------- C:\Program Files\Western Digital 2007-12-20 19:10:13 0 d-------- C:\Program Files\Western Digital Technologies -- Find3M Report --------------------------------------------------------------- 2008-01-10 19:14:55 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent 2008-01-09 18:07:00 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-01-09 18  31 0 d-------- C:\Program Files\MultiRes2008-01-09 18:01:52 0 d-------- C:\Program Files\Radeon Omega Drivers 2008-01-09 18:00:49 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-01-09 17:56:01 0 d-------- C:\Documents and Settings\Owner\Application Data\ATI 2008-01-08 23:27:14 0 d-------- C:\Documents and Settings\Owner\Application Data\FileZilla 2008-01-08 19:10:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Sony 2008-01-08 18:27:26 0 d-------- C:\Program Files\VstPlugins 2008-01-08 18:26:57 0 d-------- C:\Program Files\Sony 2008-01-07 19:57:14 0 d-------- C:\Program Files\Cheat Engine 2008-01-07 19:57:14 0 d-------- C:\Program Files\BandwidthMeterPro 2008-01-07 16:02:33 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype 2008-01-07 16:02:17 0 d-------- C:\Program Files\mIRC 2008-01-06 02:30:48 0 d-------- C:\Program Files\SmartFTP Client 2008-01-06 01:05:32 0 d-------- C:\Program Files\Eraser 2008-01-05 16:20:04 0 d-------- C:\Program Files\Winamp 2008-01-05 16:01:19 0 d-------- C:\Program Files\PowerISO 2008-01-05 15:39:15 0 d-------- C:\Program Files\Last.fm 2008-01-05 15:15:58 0 d-------- C:\Program Files\FileZilla Client 2008-01-05 15:10:11 0 d-------- C:\Program Files\AIM 2008-01-05 02:08:24 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe 2008-01-05 02 46 0 d-------- C:\Program Files\Common Files\Adobe2008-01-03 15:30:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Xfire 2007-12-31 01:59:14 0 d-------- C:\Documents and Settings\Owner\Application Data\Hamachi 2007-12-30 16:33:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Aim 2007-12-28 18:45:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-27 22:13:54 0 d-------- C:\Program Files\DC++ 2007-12-26 00:56:43 0 d-------- C:\Program Files\ICQ 2007-12-25 22:46:14 0 d-------- C:\Program Files\SHOUTcast 2007-12-25 20:16:37 0 d-------- C:\Program Files\QuickTime Alternative 2007-12-25 20:15:10 0 d-------- C:\Program Files\Common Files 2007-12-24 00:00:36 253440 --a------ C:\WINDOWS\system32\ndt2.sys 2007-12-21 16:17:57 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment 2007-12-21 01:13:46 0 d-------- C:\Program Files\Real 2007-12-21 01:12:34 0 d-------- C:\Program Files\Heroes 2007-12-21 01:12:27 0 d-------- C:\Program Files\Doomsday 2007-12-21 00:17:30 0 d-------- C:\Program Files\Common Files\Real 2007-12-21 00:17:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Real 2007-12-20 23:42:16 0 d-------- C:\Program Files\Common Files\InstallShield 2007-12-19 19:03:58 0 d---s---- C:\Program Files\Xfire 2007-12-06 20:28:24 0 d-------- C:\Documents and Settings\Owner\Application Data\foobar2000 2007-12-04 19:04:08 269312 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver> 2007-12-04 18:33:47 1640192 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver> 2007-12-04 18:11:18 499712 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family> 2007-12-02 11:21:29 0 d-------- C:\Program Files\Exact Audio Copy 2007-12-02 11:21:25 0 d-------- C:\Documents and Settings\Owner\Application Data\AccurateRip 2007-11-25 17:05:22 0 d-------- C:\Program Files\GuerillaSoft 2007-11-25 01:18:03 1 --a------ C:\WINDOWS\system32\SI.bin 2007-11-22 13:24:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Mount&Blade 2007-11-16 21:13:50 0 d-------- C:\Program Files\middle_man -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KBD"="C:\HP\KBD\KBD.EXE" [11.02.2003 Ј. 18:02] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [13.09.2002 Ј. 20:42] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [11.05.2000 Ј. 01:00] "PS2"="C:\WINDOWS\system32\ps2.exe" [16.10.2002 Ј. 14:57] "QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [11.12.2007 Ј. 10:56] "AtiPTA"="atiptaxx.exe" [21.02.2006 Ј. 17:05 C:\WINDOWS\system32\atiptaxx.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03.08.2004 Ј. 23:56] "AIM"="C:\Program Files\AIM\aim.exe" [18.06.2003 Ј. 12:54] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [10.8.2007 Ј. 00:37:28] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoLowDiskSpaceChecks"=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk backup=C:\WINDOWS\pss\ WinCinema Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlackICE PC Protection.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlackICE PC Protection.lnk backup=C:\WINDOWS\pss\BlackICE PC Protection.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^FlexType 2K.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk backup=C:\WINDOWS\pss\FlexType 2K.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune 3.6.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MagicTune 3.6.lnk backup=C:\WINDOWS\pss\MagicTune 3.6.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ATI Tray Tools.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ATI Tray Tools.lnk backup=C:\WINDOWS\pss\ATI Tray Tools.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^check-ip-changed.bat] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\check-ip-changed.bat backup=C:\WINDOWS\pss\check-ip-changed.batStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BandwidthMeterPro] C:\Program Files\BandwidthMeterPro\BWMeterPro.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp] CTXFIHLP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] C:\Program Files\Eraser\eraser.exe -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] c:\windows\system\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "d:\wares-mp3s-games-etc\games\steam\steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RichVideo"=2 (0x2) "BlackICE"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Eraser"=C:\Program Files\Eraser\eraser.exe -hide [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "razer"=C:\Program Files\Razer\Copperhead\razerhid.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0804dd6-b5fc-11d9-a9fe-806d6172696f}] AutoRun\command- G:\autoplay.exe -- End of Deckard's System Scanner: finished at 2008-01-10 21:11:15 ------------ I closed extra.txt once and on the next scan it didnt pop up. Oops :( |
|
|
|
|
01-10-2008, 09:16 PM
|
#4 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 23,347
OS: 2000 Pro; XP Pro; XP Home
|
Re: perfs.exe, routing.exe - how do I get rid of them?
If that's the second run of DSS, I want the first main.txt, as it has different information.
That main.txt log, and extra.txt will be located at C:\Deckard\System Scanner inside a numbered folder. Please locate and post both.
__________________
Practice Safe Surfing Our help is voluntary, but this site needs donations to operate.
Please consider Donating to the Forum. Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience. |
|
|
|
|
01-10-2008, 10:28 PM
|
#5 (permalink) |
|
Registered User
Join Date: Jan 2008
Posts: 6
OS: Windows XP Home SP2
|
Re: perfs.exe, routing.exe - how do I get rid of them?
Sorry about that, I didn't know the program kept logs. Here is the original: -------------------- Deckard's System Scanner v20071014.68 Run by Owner on 2008-01-10 21 51Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 45: 2008-01-11 05 56 UTC - RP916 - Deckard's System Scanner Restore Point44: 2008-01-11 03:00:30 UTC - RP915 - Ad-Aware Restore Point 2008-01-10 19:00:24 43: 2008-01-10 23:50:27 UTC - RP914 - Installed AVG 7.5 42: 2008-01-10 23:48:45 UTC - RP913 - Removed AVG 7.5 41: 2008-01-10 01:56:55 UTC - RP912 - Removed ATI Catalyst Control Center -- First Restore Point -- 1: 2007-12-21 06:11:41 UTC - RP872 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:08:29, on 10.1.2008 г. Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AIM\aim.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Last.fm\LastFmHelper.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Owner\Desktop\dss.exe C:\WINDOWS\system32\taskmgr.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe C:\WINDOWS\system32\dumprep.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.204.143.153:6588 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1187647958218 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1187647921421 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{17B9F30C-35BA-4A5C-9214-6EA033243EDA}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PDK Debug Listener (pdkdebug) - ActiveState - C:\Program Files\ActiveState Perl Dev Kit 6.0\bin\pdkdebug.exe O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing) O23 - Service: PRTG Service - Paessler Router Traffic Grapher (PRTGService) - Unknown owner - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe (file missing) O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing) O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe -- End of file - 8584 bytes -- File Associations ----------------------------------------------------------- .reg - regfile - shell\open\command - "regedit.exe" "%1" -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 fasttx2k - c:\windows\system32\drivers\fasttx2k.sys <Not Verified; Promise Technology, Inc.; Promise FastTrak Series Driver> R0 PQV2i - c:\windows\system32\drivers\pqv2i.sys <Not Verified; StorageCraft; V2i Protector> R1 atitray - c:\program files\ngoatiod172\att\atitray.sys R1 MagicTune - c:\windows\system32\drivers\mtictwl.sys R1 PQIMount - c:\windows\system32\drivers\pqimount.sys <Not Verified; PowerQuest Corporation; V2i Protector> R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> R1 truecrypt - c:\windows\system32\drivers\truecrypt.sys <Not Verified; TrueCrypt Foundation; TrueCrypt> R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)> R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> R4 Avg7RsW (AVG7 Wrap Driver) - c:\windows\system32\drivers\avg7rsw.sys (file missing) S2 zntport (NTPort Library Driver) - c:\windows\system32\zntport.sys (file missing) S3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - c:\windows\system32\drivers\alcxwdm.sys (file missing) S3 HWACCESS - c:\windows\system32\hwaccess.sys S3 MEMSWEEP2 - c:\windows\system32\45f5.tmp (file missing) S3 ProtoWall (ProtoWall Network Service) - c:\windows\system32\drivers\protowall.sys (file missing) S3 RapDrv - c:\windows\system32\drivers\rapdrv.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System> S3 RapFile - c:\windows\system32\drivers\rapfile.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System> S3 RapNet - c:\windows\system32\drivers\rapnet.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System> S3 Razerlow (Razer Copperhead Driver) - c:\windows\system32\drivers\razerlow.sys <Not Verified; Razer (Asia-Pacific) Pte Ltd; Diamondback USB Optical Mouse> S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus> S3 UfasoftSnifDriver4 (Ufasoft Snif Driver v4) - c:\program files\ufasoft\sniffer\usft_sn4.sys (file missing) S3 UKS11LDR (M-Audio USB Keystation Loader) - c:\windows\system32\drivers\uks11ldr.sys <Not Verified; MIDIMAN; Midiman USB Keystation Loader> S3 USBKT1X1 (M-Audio USB Keystation) - c:\windows\system32\drivers\usbkt1x1.sys <Not Verified; Doug Fetter Software Wizardry; Midiman USB Keystation Midi Interface> S3 XDva013 - c:\windows\system32\xdva013.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> S2 BOCore - c:\program files\comodo\cboclean\bocore.exe <Not Verified; COMODO; COMODO BOClean - Anti-Malware> S2 GEARSecurity - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec> S2 pdkdebug (PDK Debug Listener) - "c:\program files\activestate perl dev kit 6.0\bin\pdkdebug.exe" <Not Verified; ActiveState; Perl Dev Kit> S2 perfmons (perfmons Service) - c:\windows\system32\perfs.exe (file missing) S2 PRTGService (PRTG Service - Paessler Router Traffic Grapher) - c:\program files\prtg traffic grapher\prtg traffic grapher.exe (file missing) S2 Routing (Routing Service) - c:\windows\system32\routing.exe (file missing) S3 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "c:\program files\tuneup utilities 2004\winstylerthemesvc.exe" <Not Verified; TuneUp Software GmbH; TuneUp Utilities> S4 BlackICE - "c:\program files\iss\blackice\blackd.exe" <Not Verified; Internet Security Systems, Inc.; Network ICE Corporation blackd> S4 RapApp - "c:\program files\iss\blackice\rapapp.exe" <Not Verified; Internet Security Systems, Inc.; Rap Protection System> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394 Net Adapter Device ID: V1394\NIC1394\E0180027FDC3 Manufacturer: Microsoft Name: 1394 Net Adapter PNP Device ID: V1394\NIC1394\E0180027FDC3 Service: NIC1394 Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Hamachi Network Interface Device ID: ROOT\NET\0000 Manufacturer: LogMeIn, Inc. Name: Hamachi Network Interface PNP Device ID: ROOT\NET\0000 Service: hamachi -- Scheduled Tasks ------------------------------------------------------------- 2008-01-05 19:05:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2008-01-04 17:16:42 394 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job -- Files created between 2007-12-10 and 2008-01-10 ----------------------------- 2008-01-10 21:05:46 0 d-------- C:\Program Files\Trend Micro 2008-01-10 15:50:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-01-09 18:08:45 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart> 2008-01-09 18:02:08 6144 --a------ C:\WINDOWS\system32\atiicdxx.sys <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators> 2008-01-09 18:02:06 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component> 2008-01-09 18:02:05 24064 --a------ C:\WINDOWS\system32\ativcoxx.dll <Not Verified; ATI Technologies, Inc.; > 2008-01-09 18:02:05 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface> 2008-01-09 18:02:05 2060288 --a------ C:\WINDOWS\system32\atipuixx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:05 114688 --a------ C:\WINDOWS\system32\atippaxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:05 274432 --a------ C:\WINDOWS\system32\atipdsxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:05 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:05 180224 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component> 2008-01-09 18:02:04 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver> 2008-01-09 18:02:03 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord> 2008-01-09 18:02:03 344064 --a------ C:\WINDOWS\system32\atiptaxx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:03 139264 --a------ C:\WINDOWS\system32\atiprbxx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:03 61440 --a------ C:\WINDOWS\system32\atiphexx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:03 9535488 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver> 2008-01-09 18:02:03 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager> 2008-01-09 18:02:03 36864 --a------ C:\WINDOWS\system32\atiiprxx.exe 2008-01-09 18:02:03 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities> 2008-01-09 18:02:03 380928 --a------ C:\WINDOWS\system32\atiicdxx.dll <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators> 2008-01-09 18:02:03 368640 --a------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre> 2008-01-09 18:02:03 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family> 2008-01-09 18:02:03 348160 --a------ C:\WINDOWS\system32\aticds10.dll <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators> 2008-01-09 18:02:03 1830912 --a------ C:\WINDOWS\system32\atiadaxx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-01-09 18:02:03 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update> 2008-01-09 18:02:03 495616 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows> 2008-01-09 18:02:03 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows> 2008-01-09 18:02:03 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility> 2008-01-09 18:02:01 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat 2008-01-09 18:02:01 887724 --a------ C:\WINDOWS\system32\ativva6x.dat 2008-01-09 18:02:01 3107788 --a------ C:\WINDOWS\system32\ativva5x.dat 2008-01-09 18:02:01 158080 --a------ C:\WINDOWS\system32\atiicdxx.dat 2008-01-09 17:54:48 0 d-------- C:\Program Files\Driver Cleaner Pro 2008-01-08 18:28:33 0 d-------- C:\Program Files\Microsoft SQL Server 2008-01-08 18:28:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony 2008-01-06 01:15:32 0 dr-h----- C:\Documents and Settings\Owner\Recent 2008-01-06 01:08:05 0 d-------- C:\Documents and Settings\Owner\Application Data\URSoft 2008-01-06 00:12:19 0 d-------- C:\Program Files\Sophos 2008-01-05 18:18:47 0 d-------- C:\Program Files\SpywareBlaster 2008-01-05 14:43:26 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus> 2008-01-05 14:23:48 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-12-28 18:50:55 0 d-------- C:\Program Files\Ventrilo 2007-12-25 20:17:09 0 d-------- C:\Program Files\iPod 2007-12-25 20:17:03 0 d-------- C:\Program Files\iTunes 2007-12-25 20:15:43 0 d-------- C:\Program Files\Apple Software Update 2007-12-25 20:15:10 0 d-------- C:\Program Files\Common Files\Apple 2007-12-25 20:15:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-12-25 10:13:48 0 d-------- C:\Program Files\Alcohol Soft 2007-12-25 10:11:10 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-25 00:36:36 0 d-------- C:\Documents and Settings\Owner\.housecall6.6 2007-12-21 16:17:57 0 d-------- C:\World of Warcraft 2007-12-21 00:30:53 9619393 --a------ C:\WINDOWS\system32\FHCSECMJTNHSFD 2007-12-21 00:24:00 4 --a------ C:\WINDOWS\system32\0BEBB8 2007-12-21 00:18:47 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-12-21 00:17:03 8413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)> 2007-12-20 23:56:38 0 d-------- C:\Program Files\Best Buy Rhapsody 2007-12-20 23:42:18 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2007-12-20 19:10:29 0 d-------- C:\Program Files\Western Digital 2007-12-20 19:10:13 0 d-------- C:\Program Files\Western Digital Technologies -- Find3M Report --------------------------------------------------------------- 2008-01-10 19:14:55 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent 2008-01-09 18:07:00 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-01-09 18 31 0 d-------- C:\Program Files\MultiRes2008-01-09 18:01:52 0 d-------- C:\Program Files\Radeon Omega Drivers 2008-01-09 18:00:49 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-01-09 17:56:01 0 d-------- C:\Documents and Settings\Owner\Application Data\ATI 2008-01-08 23:27:14 0 d-------- C:\Documents and Settings\Owner\Application Data\FileZilla 2008-01-08 19:10:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Sony 2008-01-08 18:27:26 0 d-------- C:\Program Files\VstPlugins 2008-01-08 18:26:57 0 d-------- C:\Program Files\Sony 2008-01-07 19:57:14 0 d-------- C:\Program Files\Cheat Engine 2008-01-07 19:57:14 0 d-------- C:\Program Files\BandwidthMeterPro 2008-01-07 16:02:33 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype 2008-01-07 16:02:17 0 d-------- C:\Program Files\mIRC 2008-01-06 02:30:48 0 d-------- C:\Program Files\SmartFTP Client 2008-01-06 01:05:32 0 d-------- C:\Program Files\Eraser 2008-01-05 16:20:04 0 d-------- C:\Program Files\Winamp 2008-01-05 16:01:19 0 d-------- C:\Program Files\PowerISO 2008-01-05 15:39:15 0 d-------- C:\Program Files\Last.fm 2008-01-05 15:15:58 0 d-------- C:\Program Files\FileZilla Client 2008-01-05 15:10:11 0 d-------- C:\Program Files\AIM 2008-01-05 02:08:24 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe 2008-01-05 02 46 0 d-------- C:\Program Files\Common Files\Adobe2008-01-03 15:30:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Xfire 2007-12-31 01:59:14 0 d-------- C:\Documents and Settings\Owner\Application Data\Hamachi 2007-12-30 16:33:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Aim 2007-12-28 18:45:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-27 22:13:54 0 d-------- C:\Program Files\DC++ 2007-12-26 00:56:43 0 d-------- C:\Program Files\ICQ 2007-12-25 22:46:14 0 d-------- C:\Program Files\SHOUTcast 2007-12-25 20:16:37 0 d-------- C:\Program Files\QuickTime Alternative 2007-12-25 20:15:10 0 d-------- C:\Program Files\Common Files 2007-12-24 00:00:36 253440 --a------ C:\WINDOWS\system32\ndt2.sys 2007-12-21 16:17:57 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment 2007-12-21 01:13:46 0 d-------- C:\Program Files\Real 2007-12-21 01:12:34 0 d-------- C:\Program Files\Heroes 2007-12-21 01:12:27 0 d-------- C:\Program Files\Doomsday 2007-12-21 00:17:30 0 d-------- C:\Program Files\Common Files\Real 2007-12-21 00:17:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Real 2007-12-20 23:42:16 0 d-------- C:\Program Files\Common Files\InstallShield 2007-12-19 19:03:58 0 d---s---- C:\Program Files\Xfire 2007-12-06 20:28:24 0 d-------- C:\Documents and Settings\Owner\Application Data\foobar2000 2007-12-04 19:04:08 269312 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver> 2007-12-04 18:33:47 1640192 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver> 2007-12-04 18:11:18 499712 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family> 2007-12-02 11:21:29 0 d-------- C:\Program Files\Exact Audio Copy 2007-12-02 11:21:25 0 d-------- C:\Documents and Settings\Owner\Application Data\AccurateRip 2007-11-25 17:05:22 0 d-------- C:\Program Files\GuerillaSoft 2007-11-25 01:18:03 1 --a------ C:\WINDOWS\system32\SI.bin 2007-11-22 13:24:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Mount&Blade 2007-11-16 21:13:50 0 d-------- C:\Program Files\middle_man -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KBD"="C:\HP\KBD\KBD.EXE" [11.02.2003 Ј. 18:02] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [13.09.2002 Ј. 20:42] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [11.05.2000 Ј. 01:00] "PS2"="C:\WINDOWS\system32\ps2.exe" [16.10.2002 Ј. 14:57] "QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [11.12.2007 Ј. 10:56] "AtiPTA"="atiptaxx.exe" [21.02.2006 Ј. 17:05 C:\WINDOWS\system32\atiptaxx.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03.08.2004 Ј. 23:56] "AIM"="C:\Program Files\AIM\aim.exe" [18.06.2003 Ј. 12:54] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [10.8.2007 Ј. 00:37:28] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoLowDiskSpaceChecks"=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk backup=C:\WINDOWS\pss\ WinCinema Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All User |
