> > vkladam log z DSS main.txt
Deckard's System Scanner v20071014.68
Run by admin on 2008-06-26 12:37:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 3 Restore Point(s) --
3: 2008-06-26 10:37:22 UTC - RP37 - Deckard's System Scanner Restore Point
2: 2008-06-25 21:15:36 UTC - RP36 - Last known good configuration
1: 2008-06-25 21:15:31 UTC - RP35 - Kontrolný bod systému
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as admin.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38, on 2008-06-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\admin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.zoznam.sk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: (no name) - {544AFF8D-5D88-48BD-94D5-F4FE55254A2D} - C:\WINDOWS\system32\geBSmJDv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {F86B11F3-0CE1-475F-9541-5329BF7B3597} - C:\WINDOWS\system32\wvUMGxwt.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2017999e] rundll32.exe "C:\WINDOWS\system32\gsqshkeb.dll",b
O4 - HKLM\..\Run: [BM2324aa02] Rundll32.exe "C:\WINDOWS\system32\ivmwwmkd.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu -
res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu -
res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu -
res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} -
res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.nvidia.com/content/DriverDow ... eqlab2.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) -
http://3dlifeplayer.dl.3dvia.com/player ... taller.exeO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: wvUMGxwt - C:\WINDOWS\SYSTEM32\wvUMGxwt.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8920 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080518-204704-343 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
backup-20080518-204704-633 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20080518-204704-843 O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} -
res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
backup-20080518-204704-854 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime
backup-20080608-211046-686 O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} -
res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
backup-20080608-211046-906 O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
backup-20080608-213124-917 O4 - HKCU\..\Run: [Skype672] C:\PROGRA~1\Skype\Phone\Skype.exe
backup-20080623-230239-243 O2 - BHO: (no name) - {F86B11F3-0CE1-475F-9541-5329BF7B3597} - C:\WINDOWS\system32\wvUMGxwt.dll
backup-20080623-230239-295 O20 - Winlogon Notify: wvUMGxwt - C:\WINDOWS\SYSTEM32\wvUMGxwt.dll
backup-20080623-230239-480 O4 - HKLM\..\Run: [BM2324aa02] Rundll32.exe "C:\WINDOWS\system32\cyjqmtme.dll",s
backup-20080623-230239-616 O4 - HKLM\..\Run: [2017999e] rundll32.exe "C:\WINDOWS\system32\cjeljgbu.dll",b
backup-20080623-230239-795 O2 - BHO: (no name) - {6E1D5175-1A1B-4DD2-A309-F209FFE4EA1B} - C:\WINDOWS\system32\khfGVOfg.dll
backup-20080624-105614-115 O4 - HKLM\..\Run: [2017999e] rundll32.exe "C:\WINDOWS\system32\fkadocni.dll",b
backup-20080624-105614-325 O20 - Winlogon Notify: wvUMGxwt - C:\WINDOWS\SYSTEM32\wvUMGxwt.dll
backup-20080624-105614-510 O4 - HKLM\..\Run: [BM2324aa02] Rundll32.exe "C:\WINDOWS\system32\ogoojqdu.dll",s
backup-20080624-105614-522 O2 - BHO: (no name) - {F86B11F3-0CE1-475F-9541-5329BF7B3597} - C:\WINDOWS\system32\wvUMGxwt.dll
backup-20080624-105614-668 O2 - BHO: (no name) - {62B37E7E-D466-47D3-8602-393B3C3B16C4} - C:\WINDOWS\system32\khfGVOfg.dll
backup-20080624-113000-718 O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} -
res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
backup-20080624-230045-305 O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} -
res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
backup-20080624-230045-463 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
backup-20080624-230045-887 O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
-- File Associations -----------------------------------------------------------
.bat - batfile - DefaultIcon - C:\WINDOWS\Icons\NewSilverSystem[1]\NewSilverSystem.icl,52.ini - inifile - DefaultIcon - C:\WINDOWS\Icons\NewSilverSystem[1]\NewSilverSystem.icl,49.txt - txtfile - DefaultIcon - C:\WINDOWS\Icons\NewSilverSystem[1]\NewSilverSystem.icl,46-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S0 srescan - c:\windows\system32\zonelabs\srescan.sys (file missing)
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 SE2Ebus (Sony Ericsson Device 046 Driver driver (WDM)) - c:\windows\system32\drivers\se2ebus.sys <Not Verified; MCCI; Sony Ericsson Device 046 Driver>
S3 SE2Emdfl (Sony Ericsson Device 046 USB WMC Modem Filter) - c:\windows\system32\drivers\se2emdfl.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC Modem Filter Driver>
S3 SE2Emdm (Sony Ericsson Device 046 USB WMC Modem Driver) - c:\windows\system32\drivers\se2emdm.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC Data Modem>
S3 SymIM (Symantec Network Security Intermediate Filter Service) - c:\windows\system32\drivers\symim.sys (file missing)
S3 SymIMMP - c:\windows\system32\drivers\symim.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-05-23 17:16:02 374 --a------ C:\WINDOWS\Tasks\Úklid 1 kliknutím.job
2008-05-23 17:15:11 376 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
-- Files created between 2008-05-26 and 2008-06-26 -----------------------------
2008-06-25 23:16:12 81920 --a------ C:\WINDOWS\system32\gsqshkeb.dll
2008-06-25 23:16:05 91136 --a------ C:\WINDOWS\system32\ivmwwmkd.dll
2008-06-25 23:15:21 436224 --ahs---- C:\WINDOWS\system32\vDJmSBeg.ini2
2008-06-25 23:15:18 323072 --a------ C:\WINDOWS\system32\geBSmJDv.dll
2008-06-25 21:58:31 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-25 21:55:29 68096 --a------ C:\WINDOWS\zip.exe
2008-06-25 21:55:29 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-25 21:55:29 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-25 21:55:29 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-25 21:55:29 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-25 21:55:29 98816 --a------ C:\WINDOWS\sed.exe
2008-06-25 21:55:29 80412 --a------ C:\WINDOWS\grep.exe
2008-06-25 21:55:29 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-25 21:22:41 91136 --a------ C:\WINDOWS\system32\qktrhxsr.dll
2008-06-25 13:44:16 91136 --a------ C:\WINDOWS\system32\jtaaxakr.dll
2008-06-24 21:48:38 0 d-------- C:\Program Files\VideoCAM GE111
2008-06-24 21:48:38 0 d-------- C:\Program Files\Common Files\PCCamera
2008-06-24 13:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-24 10:57:09 0 dr-h----- C:\Documents and Settings\admin\Recent
2008-06-24 09:41:59 81408 --a------ C:\WINDOWS\system32\fkadocni.dll
2008-06-24 09:41:52 91136 --a------ C:\WINDOWS\system32\ogoojqdu.dll
2008-06-23 14:03:24 0 d-------- C:\Documents and Settings\admin\Application Data\Playrix Entertainment
2008-06-23 10:40:25 0 d-------- C:\WINDOWS\Supermarket Mania
2008-06-23 09:58:58 0 d-------- C:\Documents and Settings\All Users\Application Data\VirtualFarm
2008-06-23 09:41:32 80384 --a------ C:\WINDOWS\system32\cjeljgbu.dll
2008-06-23 09:41:25 90624 --a------ C:\WINDOWS\system32\cyjqmtme.dll
2008-06-23 09:38:39 24576 --a------ C:\WINDOWS\system32\ddcYrQiJ.dll
2008-06-23 09:35:34 24576 --a------ C:\WINDOWS\system32\wvUMGxwt.dll
2008-06-17 22:47:23 0 d-------- C:\WINDOWS\Album
2008-06-17 20:56:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-06-14 10:57:34 230432 --a------ C:\StiImg.dat
2008-06-11 12:56:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-06-10 20:56:16 0 d-------- C:\Documents and Settings\admin\Application Data\Skype
2008-06-10 20:56:00 0 d-------- C:\Program Files\Skype
2008-06-10 20:55:59 0 d-------- C:\Program Files\Common Files\Skype
2008-06-09 12:12:21 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-06-09 12:11:38 0 d-------- C:\Program Files\Image-Line
2008-06-09 12:11:18 0 d-------- C:\Program Files\Outsim
2008-06-08 21:28:11 41984 --a------ C:\WINDOWS\17PHolmes1381.exe
2008-06-08 21:27:34 0 d-------- C:\WINDOWS\Balloon Bliss
2008-06-08 21:23:37 0 d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-06-08 20:39:58 0 d-------- C:\Documents and Settings\All Users\Application Data\close poke frag ooze
2008-06-08 18:20:58 0 d-------- C:\Documents and Settings\admin\Application Data\Alawar
2008-06-08 18:15:25 0 d-------- C:\Program Files\Alawar
2008-06-07 21:21:25 0 d-------- C:\Documents and Settings\admin\Application Data\WinRAR
2008-06-06 21:05:54 0 d-------- C:\Program Files\VirusTotalUploader
2008-06-02 07:32:16 0 d-------- C:\Documents and Settings\All Users\SonicStage
2008-05-30 00:01:35 0 d-------- C:\Program Files\Sony Corporation
2008-05-30 00:00:53 770048 --a------ C:\WINDOWS\system32\CDDBUISony.dll <Not Verified; Gracenote; CDDBUIControl Module>
2008-05-30 00:00:53 585728 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll <Not Verified; Gracenote; CddbMusicID Module>
2008-05-30 00:00:53 73728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll <Not Verified; Gracenote; CddbLink Module>
2008-05-30 00:00:53 643072 --a------ C:\WINDOWS\system32\CDDBControlSony.dll <Not Verified; Gracenote, Inc.; CDDBControl Core Module>
2008-05-30 00:00:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-05-29 23:59:53 0 d-------- C:\Program Files\Sony
2008-05-29 23:59:24 0 d-------- C:\Program Files\Common Files\Sony Shared
2008-05-29 23:59:24 0 d-------- C:\Documents and Settings\admin\Application Data\Sony Corporation
2008-05-29 21:14:11 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
-- Find3M Report ---------------------------------------------------------------
2008-06-26 12:04:40 0 d-------- C:\Documents and Settings\admin\Application Data\skypePM
2008-06-24 21:49:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-24 21:48:38 0 d-------- C:\Program Files\Common Files
2008-06-17 20:01:04 0 d-------- C:\Program Files\Opera
2008-06-10 09:12:29 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-09 07:45:43 0 d-------- C:\Documents and Settings\admin\Application Data\LimeWire
2008-06-04 06:46:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-01 21:13:53 0 d-------- C:\Program Files\Mahjong Holidays 2005
2008-05-31 09:25:56 0 d-------- C:\Documents and Settings\admin\Application Data\AdobeUM
2008-05-30 21:25:00 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-28 23:53:12 0 d-------- C:\Documents and Settings\admin\Application Data\Adobe
2008-05-23 18:21:20 0 --a------ C:\WINDOWS\XXLGSC
2008-05-22 22:28:52 0 d-------- C:\Program Files\Codec Pack - All In 1
2008-05-22 22:27:09 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-21 15:32:26 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-21 14:22:07 0 d-------- C:\Program Files\Picasa2
2008-05-19 23:13:33 0 d-------- C:\Documents and Settings\admin\Application Data\vlc
2008-05-19 23:12:56 0 d-------- C:\Program Files\VideoLAN
2008-05-19 21:46:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-19 21:45:12 0 d-------- C:\Documents and Settings\admin\Application Data\SUPERAntiSpyware.com
2008-05-19 19:37:36 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-05-18 23:46:11 0 d-------- C:\Documents and Settings\admin\Application Data\Comodo
2008-05-18 23:42:20 0 d-------- C:\Program Files\COMODO
2008-05-18 22:58:55 0 d-------- C:\Program Files\SpywareBlaster
2008-05-18 21:23:38 0 d-------- C:\Program Files\CCleaner
2008-05-18 13:59:07 0 d-------- C:\Program Files\Speeditup Free
2008-05-18 13:31:52 0 d-------- C:\Program Files\Java
2008-05-16 11:13:23 0 d-------- C:\Program Files\Trend Micro
2008-05-14 00:51:59 0 d-------- C:\Program Files\PC Translator
2008-05-13 10:48:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-12 21:59:46 0 d-------- C:\Documents and Settings\admin\Application Data\Symantec
2008-05-12 13:33:38 4096 --a------ C:\WINDOWS\d3dx.dat
2008-05-12 10:55:14 0 d-------- C:\Program Files\directx
2008-05-11 19:33:10 0 d-------- C:\Program Files\Rockstar Games
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-29 11:08:27 0 d-------- C:\Program Files\BitComet
2008-04-27 15:25:35 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-27 15:25:31 0 d-------- C:\Documents and Settings\admin\Application Data\.wyzo
2008-04-27 13:31:54 0 d-------- C:\Program Files\LimeWire
2008-04-26 17:01:18 0 d-------- C:\Documents and Settings\admin\Application Data\Opera
2008-04-15 23:38:59 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{544AFF8D-5D88-48BD-94D5-F4FE55254A2D}]
2008-06-25 23:15 323072 --a------ C:\WINDOWS\system32\geBSmJDv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F86B11F3-0CE1-475F-9541-5329BF7B3597}]
2008-06-23 09:35 24576 --a------ C:\WINDOWS\system32\wvUMGxwt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-31 05:44]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-11-17 02:05]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46]
"nwiz"="nwiz.exe" [2008-05-02 22:46 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 05:12 C:\WINDOWS\RTHDCPL.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-05-18 23:42]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]
"QuickTime Task"="C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2008-03-23 18:30]
"2017999e"="C:\WINDOWS\system32\gsqshkeb.dll" [2008-06-25 23:16]
"BM2324aa02"="C:\WINDOWS\system32\ivmwwmkd.dll" [2008-06-25 23:16]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 09:20]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-16 23:07]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-04 06:46]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-21 10:07 77824]
"{F86B11F3-0CE1-475F-9541-5329BF7B3597}"= C:\WINDOWS\system32\wvUMGxwt.dll [2008-06-23 09:35 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUMGxwt]
wvUMGxwt.dll 2008-06-23 09:35 24576 C:\WINDOWS\system32\wvUMGxwt.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geBSmJDv
"Notification Packages"= scecli scecli scecli scecli
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
UxTuneUp
-- End of Deckard's System Scanner: finished at 2008-06-26 12:39:30 ------------
fix.reg
