Hi Silver,
Following is the Kaspersky report. I cannot produce a new HJT log. Seems the alleged baddies stem from an Incredimail.exe installation file which I have saved but have never installed and a ComboFix.exe file which I had downloaded and run over a year ago following instructions from another anti-spyware forum. At that time I could not produce HJT logs. HJT would lock up whenever I attempted to scan. After very lengthy attempts the problem was never resolved.
Since that time I had wiped my system clean (C:\ drive only). Is it coincidental that HJT is locking up again? This is the first instance where HJT once again locks up. I hope it's not the same issue this time!!
I do not want to sacrifice streaming video so I did not uninstall DK2 Drivers v 6.21.0.169.
Thanks,
Pete
Note: I thought that since DSS produced an HJT log it might be able to do so now - and it was successful, although it had to run a clone (?). So far it's beyond my understanding as to why DSS could accomplish an HJT log whereas it locks up when I do so. I tried to run HJT again after running DSS and it still locks up.
In any case, I attached the HJT log and also the new DSS log in case it's helpful. One notable difference is that the "extra" text file was not produced this time around. Meaningful?
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 06, 2008 4:32:24 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/04/2008
Kaspersky Anti-Virus database records: 683559
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 149859
Number of viruses found: 4
Number of infected objects: 7
Number of suspicious objects: 0
Duration of the scan process: 03:38:35
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\call256.dbb Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\callmember256.dbb Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\chat256.dbb Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\chat512.dbb Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\chatmsg2048.dbb Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\chatmsg8192.dbb Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\chatsync\0b\0ba6fc407135aa0b.dat Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\chatsync\9c\9cc05d36fc2108d9.dat Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\index2.dat Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\profile256.dbb Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\transfer1024.dbb Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\transfer256.dbb Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\transfer512.dbb Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\user1024.dbb Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\user16384.dbb Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\user256.dbb Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\user4096.dbb Object is locked skipped
C:\Documents and Settings\USER\Application Data\Skype\western.design\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\USER\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-4-4-2008( 20-26-37 ).LOG Object is locked skipped
C:\Documents and Settings\USER\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\GatherLogs\MyIndex\MyIndex.109.Crwl Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\GatherLogs\MyIndex\MyIndex.109.gthr Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\CiFiles\0001000D.ci Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\CiFiles\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\NlFiles\CiST0000.000 Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\NlFiles\DocId.Map Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.Ntfy11.gthr Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Properties\MSS.log Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Properties\MSStmp.log Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Properties\RSApp.edb Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Properties\tmp.edb Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Logs\MAPI.txt Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Temp\rssgthrsvc\Ntf1.tmp Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Temp\rssgthrsvc\Ntf2.tmp Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Temp\rssgthrsvc\Perflib_Perfdata_228.dat Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\USER\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\USER\Local Settings\History\History.IE5\MSHist012008040420080405\index.dat Object is locked skipped
C:\Documents and Settings\USER\Local Settings\History\History.IE5\MSHist012008040520080406\index.dat Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Temp\IMG97.tmp Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Temp\~DF279A.tmp Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Temp\~DF3817.tmp Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Temp\~DF4EA0.tmp Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Temp\~DF9034.tmp Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Temp\~DF903F.tmp Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Temp\~DFA849.tmp Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Temp\~DFCB01.tmp Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Temp\~DFDE37.tmp Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Temp\~DFDE42.tmp Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Temp\~DFF732.tmp Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\USER\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\USER\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\USER\UserData\index.dat Object is locked skipped
C:\Program Files\Cobian Backup 8\DB\log.txt Object is locked skipped
C:\System Volume Information\_restore{6734019E-BE73-4D2F-995E-7050BE2A7733}\RP183\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\~Local Disk H\~All New Files\~C Drive\Incredimail\incredimail_install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.d skipped
E:\~C Drive\~Program Installation Files\Computer Maintenance and Utilities\ComboFix\combofix.exe/10 Infected: Trojan.BAT.Agent.al skipped
E:\~C Drive\~Program Installation Files\Computer Maintenance and Utilities\ComboFix\combofix.exe/11 Infected: Trojan.WinREG.Qoologic skipped
E:\~C Drive\~Program Installation Files\Computer Maintenance and Utilities\ComboFix\combofix.exe/5 Infected: Trojan.BAT.Agent.ak skipped
E:\~C Drive\~Program Installation Files\Computer Maintenance and Utilities\ComboFix\combofix.exe QuickBatch: infected - 3 skipped
E:\~C Drive\~Program Installation Files\Computer Maintenance and Utilities\ComboFix\combofix.exe UPX: infected - 3 skipped
E:\~C Drive\~Program Installation Files\Computer Maintenance and Utilities\ComboFix\combofix.exe PE_Patch.UPX: infected - 3 skipped
E:\System Volume Information\_restore{6734019E-BE73-4D2F-995E-7050BE2A7733}\RP183\change.log Object is locked skipped
E:\Western Design\Customer Files\Lane Tool\Manufacture\3953\3953 Quote (04-04-08).xls Object is locked skipped
E:\Western Design\Customer Files\Lane Tool\Manufacture\3953\3953 Quotes (04-05-08)\CWRDRFQ-APR-001(CHUAN WANG 2).xls Object is locked skipped
E:\Western Design\Customer Files\Lane Tool\Manufacture\3953\3953 Quotes (04-05-08)\5104-246(HUAMEI).xls Object is locked skipped
E:\Western Design\WD&M\Western Design & Mfg., Co., Ltd.xls Object is locked skipped
Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 5:29:30 AM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\DNHlp32.exe
C:\Program Files\Cobian Backup 8\Cobian.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\AutoHook2002\AHook2002.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\HIJACK~1\USER.exe
C:\WINDOWS\notepad.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://google.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DNHelper32] C:\WINDOWS\system32\DNHlp32.exe
O4 - HKLM\..\Run: [Cobian Backup 8] "C:\Program Files\Cobian Backup 8\Cobian.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [MRUBlaster] C:\Program Files\MRU-Blaster\indexcleaner.exe -COOKIES
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Startup: AutoHook2002.lnk = ?
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
Deckard's System Scanner v20071014.68
Run by USER on 2008-04-06 05:26:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Total Physical Memory: 511 MiB (512 MiB recommended).
-- HijackThis (run as USER.exe) ------------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-06 05:27:43
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\DNHlp32.exe
C:\Program Files\Cobian Backup 8\Cobian.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Canon\IJPLM\ijplmsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\AutoHook2002\AHook2002.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\USER\Desktop\dss.exe
C:\Program Files\HijackThis\USER.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.search.msn...st/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DNHelper32] C:\WINDOWS\system32\DNHlp32.exe
O4 - HKLM\..\Run: [Cobian Backup 8] "C:\Program Files\Cobian Backup 8\Cobian.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [MRUBlaster] C:\Program Files\MRU-Blaster\indexcleaner.exe -COOKIES
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: AutoHook2002.lnk = ?
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Windows Desktop Search.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\ijplmsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
--
End of file - 12164 bytes
-- Files created between 2008-03-06 and 2008-04-06 -----------------------------
2008-04-05 15:00:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-05 15:00:28 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-05 15:00:27 0 d-------- C:\WINDOWS\LastGood
2008-04-05 14:54:03 0 d-------- C:\WINDOWS\system32\appmgmt
2008-03-30 09:28:15 0 d-------- C:\Documents and Settings\USER\Application Data\Nokia Multimedia Player
2008-03-30 08:41:32 0 d-------- C:\Program Files\Common Files\PCSuite
2008-03-30 08:41:32 0 d-------- C:\Program Files\Common Files\Nokia
2008-03-30 08:40:02 0 d-------- C:\Program Files\PC Connectivity Solution
2008-03-30 08:21:24 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-03-30 08:21:01 0 d-------- C:\Documents and Settings\USER\Application Data\Nokia
2008-03-30 08:19:02 0 d-------- C:\Program Files\DIFX
2008-03-30 08:18:40 0 d-------- C:\Documents and Settings\USER\Application Data\PC Suite
2008-03-30 08:18:07 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-03-30 08:18:03 0 d-------- C:\Program Files\Nokia
2008-03-30 08:16:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-03-29 14:37:33 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-29 14:37:17 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-29 14:37:17 0 d-------- C:\Documents and Settings\USER\Application Data\SUPERAntiSpyware.com
2008-03-29 14:33:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-29 11:22:02 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-29 11:07:06 0 d-------- C:\Program Files\SpywareBlaster
2008-03-29 09:47:43 0 dr-h----- C:\Documents and Settings\USER\Recent
2008-03-25 08:58:08 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-21 09:54:43 0 d-------- C:\Documents and Settings\USER\Application Data\Canon
2008-03-21 09:52:32 0 d-------- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-03-21 09:49:40 11776 --a------ C:\WINDOWS\system32\pmsbfn32.dll <Not Verified; ; PMSBFN32 Dynamic Link Library>
2008-03-21 09:49:23 0 d-------- C:\Program Files\Common Files\NewSoft
2008-03-21 09:48:55 0 d-------- C:\WINDOWS\system32\Color
2008-03-21 09:48:18 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-21 09:48:15 0 d-------- C:\Documents and Settings\USER\Application Data\ScanSoft
2008-03-21 09:48:06 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-03-21 09:44:06 0 d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-03-21 09:43:50 0 d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-03-20 18:44:24 0 d-------- C:\Program Files\NewSoft
2008-03-20 18:44:24 0 d-------- C:\Program Files\Common Files\PDFView
2008-03-20 18:43:01 0 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-03-20 18:42:44 0 d-------- C:\Program Files\ScanSoft
2008-03-20 18:39:18 0 d-------- C:\Program Files\Common Files\CANON
2008-03-20 18:35:35 0 d--h----- C:\Program Files\CanonBJ
2008-03-20 18:32:45 0 d-------- C:\Program Files\Canon
2008-03-14 18:35:04 691545 --a------ C:\WINDOWS\unins000.exe
2008-03-14 12:58:35 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-03-14 09:55:23 0 d-------- C:\WINDOWS\network diagnostic
2008-03-14 09:46:31 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-03-14 09:43:47 0 d-------- C:\Documents and Settings\All Users\Application Data\AcrobatInstall
2008-03-07 17:38:44 0 d-------- C:\Documents and Settings\USER\Application Data\Screaming Bee
2008-03-07 17:28:06 0 d-------- C:\Program Files\Common Files\Screaming Bee
2008-03-07 17:16:46 0 d-------- C:\Program Files\Screaming Bee
-- Find3M Report ---------------------------------------------------------------
2008-04-06 05:26:28 0 d-------- C:\Documents and Settings\USER\Application Data\Skype
2008-04-05 16:07:08 0 d-------- C:\Documents and Settings\USER\Application Data\skypePM
2008-04-05 14:54:16 0 d-------- C:\Program Files\Google
2008-04-05 14:53:54 0 d-------- C:\Program Files\Java
2008-04-05 09:05:14 0 d-------- C:\Documents and Settings\USER\Application Data\AVG7
2008-04-05 03:21:21 0 d-------- C:\Documents and Settings\USER\Application Data\SolidWorks
2008-03-30 11:32:52 1076606 --a------ C:\Documents and Settings\USER\Application Data\NMM-MetaData.db
2008-03-30 08:41:32 0 d-------- C:\Program Files\Common Files
2008-03-29 14:36:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 09:49:13 0 d-------- C:\Program Files\SpywareGuard
2008-03-21 09:48:05 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-20 18:44:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-14 18:35:04 5532 --a------ C:\WINDOWS\unins000.dat
2008-03-12 18:12:29 0 d-------- C:\Program Files\DWGeditor
2008-03-07 01:13:20 0 d-------- C:\Program Files\SolidWorks
2008-02-29 10:10:15 0 d-------- C:\Program Files\Common Files\Skype
2008-02-19 18:06:15 0 d-------- C:\Program Files\AutoHook2002
2008-02-18 11:25:52 0 d-------- C:\Program Files\AutoHook2K
2008-02-15 15:55:26 0 d-------- C:\Program Files\UNBRAKO Library
2008-02-14 04:14:08 0 d-------- C:\Documents and Settings\USER\Application Data\Adobe
2008-02-14 04:12:05 0 d-------- C:\Program Files\Common Files\Adobe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [06/20/2003 08:06 PM C:\WINDOWS\system32\ptipbmf.dll]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/09/2003 12:35 PM]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [09/08/2006 12:19 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/21/2007 01:13 PM]
"DNHelper32"="C:\WINDOWS\system32\DNHlp32.exe" [10/20/2005 09:50 PM]
"Cobian Backup 8"="C:\Program Files\Cobian Backup 8\Cobian.exe" [03/21/2007 12:35 AM]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [07/27/2007 09:39 PM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [05/10/2007 10:46 PM]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [05/15/2007 08:01 AM]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/04/2007 08:50 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/25/2006 09:03 AM]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [02/04/2007 12:02 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 05:22 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/01/2007 03:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:56 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [12/10/2007 10:12 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"MRUBlaster"=C:\Program Files\MRU-Blaster\indexcleaner.exe -COOKIES
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
C:\Documents and Settings\USER\Start Menu\Programs\Startup\
AutoHook2002.lnk - C:\Documents and Settings\USER\Application Data\Microsoft\Installer\{92636699-1133-453C-8D73-7ED6645FB9BF}\_DBD49373F8A1_40C9_9DFD_445210316E38.exe [2/18/2008 7:15:20 PM]
MRU-Blaster Scheduler.lnk - C:\Program Files\MRU-Blaster\scheduler.exe [7/19/2003 4:48:42 PM]
MRU-Blaster Silent Clean.lnk - C:\Program Files\MRU-Blaster\mrublaster.exe [3/28/2004 3:07:48 PM]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [3/27/2006 5:44:08 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [03/14/2006 08:11 AM 233472]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baf2f900-edc8-11dc-aad3-000ea65ecef7}]
AutoRun\command- wscript.exe .\.vbs
open\command- wscript.exe .\.vbs
*Newly Created Service* - APPMGMT
-- End of Deckard's System Scanner: finished at 2008-04-06 05:29:03 ------------
Edited by Tippaporn, 05 April 2008 - 04:44 PM.