Deckard's System Scanner v20071014.68
Run by João on 2008-02-02 15:21:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as João.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:21:38, on 02-02-2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\LGDMEBTN.exe
C:\Program Files\LG Software\On Screen Display\HotKey.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\DeviceListener.exe
C:\Windows\system32\conime.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\WLANClient\WLanClient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Windows\system32\WerCon.exe
C:\Users\João\Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JOO~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [BatteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [LG Direct Media Button Service] LGDMEBTN.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [KeybdUtility] C:\Program Files\LG Software\On Screen Display\HotKey.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MobileConnect.EXE] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\JOO~1\AppData\Local\Temp\xxyxw.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\JOO~1\AppData\Local\Temp\jkhff.dll,c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Vodafone Mobile Connect.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Gnuf Casino - {8FE9B27A-BDCD-4d27-A430-4DC0B58D01B0} - C:\Gnuf\Casino\casinogame.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Gnuf Poker - {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - C:\Gnuf\Poker\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 12983 bytes

-- Files created between 2008-01-02 and 2008-02-02 -----------------------------

2008-02-02 00:00:51         0 d-------- C:\Program Files\Trend Micro
2008-02-01 20:09:28         0 d-------- C:\VundoFix Backups
2008-02-01 16:05:33         0 d-------- C:\Windows\system32\appmgmt
2008-01-31 00:49:45         0 d-------- C:\Program Files\Google
2008-01-31 00:49:10         0 d-------- C:\Program Files\Picasa2
2008-01-30 16:45:02         0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-30 12:16:38         0 d-------- C:\Program Files\Lavasoft
2008-01-30 12:16:37         0 d-------- C:\Users\All Users\Lavasoft
2008-01-28 12:47:34         0 d-------- C:\inetpub
2008-01-26 20:46:31         0 d-------- C:\Program Files\Common Files\Steam
2008-01-26 20:46:26         0 d-------- C:\Program Files\Steam
2008-01-25 17:49:58         0 d-------- C:\Program Files\MegaSpoof
2008-01-21 00:58:09         0 --a------ C:\Windows\nsreg.dat
2008-01-20 13:48:07         0 d-------- C:\Program Files\VistaCodecPack
2008-01-20 13:36:51         0 d-------- C:\Program Files\WinAVI MP4 Converter
2008-01-20 03:27:40         0 d-------- C:\Users\João\IST
2008-01-20 03:24:51         0 d-------- C:\Program Files\BT Next Evolution
2008-01-20 02:44:29         0 d-------- C:\Program Files\iPod
2008-01-20 02:43:25         0 d-------- C:\Program Files\iTunes
2008-01-20 02:19:59         0 d-------- C:\perflogs
2008-01-18 16:05:34         0 d-------- C:\Users\All Users\InstallShield
2008-01-18 16:01:05         0 d-------- C:\Users\All Users\Vodafone
2008-01-18 15:59:24      8464 --a------ C:\Windows\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-01-16 00:08:28         0 d-------- C:\Program Files\DivX
2008-01-15 22:16:09         0 d-------- C:\Program Files\Teamspeak2_RC2
2008-01-12 15:34:00         0 d-------- C:\Program Files\Hamachi
2008-01-09 00:46:33         0 d-------- C:\Users\All Users\T6
2008-01-09 00:46:33         0 d-------- C:\Program Files\T6
2008-01-07 21:20:03        32 --a------ C:\Users\All Users\ezsid.dat
2008-01-07 21:12:16         0 d-------- C:\Program Files\Skype
2008-01-07 21:12:15         0 d-------- C:\Program Files\Common Files\Skype
2008-01-07 21:11:49         0 d-------- C:\Users\All Users\Skype
2008-01-05 16:36:33         0 d-------- C:\Program Files\SpeedFan


-- Find3M Report ---------------------------------------------------------------

2008-02-02 04:26:52        12 --a------ C:\Windows\bthservsdp.dat
2008-02-02 03:27:50         0 d-------- C:\Users\João\AppData\Roaming\Azureus
2008-02-01 16:14:00         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-30 12:13:35         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-28 10:58:34         0 d-------- C:\Users\João\AppData\Roaming\Adobe
2008-01-26 20:46:31         0 d-------- C:\Program Files\Common Files
2008-01-26 03:30:43         0 d-------- C:\Program Files\World of Warcraft
2008-01-25 23:17:45         0 d-------- C:\Program Files\PokerStars
2008-01-25 18:37:47         0 d-------- C:\Program Files\Windows Mail
2008-01-25 18:37:45         0 d-------- C:\Program Files\Windows Sidebar
2008-01-25 18:22:28         0 d-------- C:\Users\João\AppData\Roaming\Skype
2008-01-25 16:03:04         0 d-------- C:\Users\João\AppData\Roaming\skypePM
2008-01-21 04:29:35         0 d-------- C:\Users\João\AppData\Roaming\mIRC
2008-01-21 00:58:29         0 d-------- C:\Users\João\AppData\Roaming\Talkback
2008-01-21 00:58:00         0 d-------- C:\Users\João\AppData\Roaming\Mozilla
2008-01-20 02:40:37         0 d-------- C:\Program Files\QuickTime
2008-01-18 16:53:34         0 d-------- C:\Users\João\AppData\Roaming\Vodafone
2008-01-18 16:01:02         0 d-------- C:\Program Files\Vodafone
2008-01-18 16:01:02         0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-15 22:16:23         0 d-------- C:\Users\João\AppData\Roaming\teamspeak2
2008-01-12 16:29:22         0 d-------- C:\Users\João\AppData\Roaming\Hamachi
2008-01-12 14:44:23         0 d-------- C:\Program Files\Microsoft Games
2007-12-31 15:20:21         0 d-------- C:\Users\João\AppData\Roaming\Apple Computer
2007-12-31 15:12:45         0 d-------- C:\Program Files\Apple Software Update
2007-12-31 15:10:26         0 d-------- C:\Program Files\Common Files\Apple
2007-12-31 15:06:57         0 d-------- C:\Users\João\AppData\Roaming\Mp3tag
2007-12-31 14:48:29         0 d-------- C:\Program Files\Mp3tag
2007-12-29 16:06:26         0 d-------- C:\Users\João\AppData\Roaming\Gearbox Software
2007-12-29 15:44:49         0 d-------- C:\Program Files\id Software
2007-12-27 21:05:28      7680 --a------ C:\Windows\system32\ff_vfw.dll
2007-12-25 21:41:08         0 d-------- C:\Program Files\MSXML 4.0
2007-12-24 19:21:44         0 d-------- C:\Program Files\Azureus
2007-12-22 17:09:59         0 dr-h----- C:\Users\João\AppData\Roaming\SecuROM
2007-12-19 14:30:20         0 d-------- C:\Users\João\AppData\Roaming\Sports Interactive
2007-12-18 14:07:43         0 d-------- C:\Users\João\AppData\Roaming\Ahead
2007-12-16 15:53:11         0 d-------- C:\Program Files\Java
2007-12-16 15:50:28         0 d-------- C:\Program Files\Common Files\Java
2007-12-16 14:55:49         0 d-------- C:\Program Files\THQ
2007-12-15 17:40:27         0 d-------- C:\Program Files\eMule
2007-12-15 17:40:26         0 d-------- C:\Users\João\AppData\Roaming\eMule
2007-12-13 16:13:16         0 d-------- C:\Program Files\Ultima Online 2D
2007-12-12 19:41:52         0 d-------- C:\Program Files\UOAM
2007-12-12 18:23:27         0 d-------- C:\Program Files\UOGateway
2007-12-12 17:32:45         0 d-------- C:\Program Files\mIRC
2007-12-12 17:29:23         0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-12-12 14:30:54         0 d-------- C:\Users\João\AppData\Roaming\PLT Scheme
2007-12-11 19:21:05         0 d-------- C:\Program Files\ParadisePoker
2007-12-09 22:50:38         0 d-------- C:\Users\João\AppData\Roaming\Microgaming
2007-12-06 18:09:09         0 d-------- C:\Program Files\Windows Defender
2007-12-06 18:06:39         0 d-------- C:\Program Files\Xilinx
2007-12-06 15:52:03         0 d-------- C:\Program Files\PLT
2007-12-06 15:10:23         0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-05 22:54:55       174 --ahs---- C:\Program Files\desktop.ini
2007-12-05 22:52:22         0 d-------- C:\Program Files\Windows Calendar
2007-12-05 22:20:51         0 d-------- C:\Program Files\Common Files\Adobe
2007-12-05 22:17:59         0 d-------- C:\Program Files\Common Files\Control Panels
2007-12-05 21:41:44         0 d-------- C:\Program Files\Bonjour
2007-12-05 21:32:51         0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-05 21:16:48         0 d-------- C:\Users\João\AppData\Roaming\ATI
2007-12-05 21:08:03         0 d-------- C:\Program Files\Synaptics
2007-12-05 21:04:07         0 d-------- C:\Program Files\Realtek
2007-12-05 21:02:56         0 d-------- C:\Program Files\LG Software
2007-12-05 21:00:14         0 d-------- C:\Program Files\Softex
2007-12-05 20:54:16         0 d-------- C:\Program Files\Windows Live
2007-12-05 20:53:56         0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-05 20:53:19         0 d-------- C:\Program Files\Intel
2007-12-05 20:52:00         0 d-------- C:\Users\João\AppData\Roaming\InstallShield
2007-12-05 20:51:42         0 d-------- C:\Program Files\Fingerprint Sensor
2007-12-05 20:49:02         0 d-------- C:\Program Files\ATI Technologies
2007-12-05 20:47:48         0 d-------- C:\Program Files\ATI
2007-12-05 20:37:55         0 d--h----- C:\Program Files\Zero G Registry
2007-12-05 20:35:57         0 d-------- C:\Program Files\Sports Interactive
2007-12-05 20:28:09         0 d-------- C:\Program Files\Common Files\Ahead
2007-12-05 20:26:33         0 d-------- C:\Program Files\Nero
2007-12-05 20:20:31         0 d-------- C:\Program Files\Alwil Software
2007-12-05 20:15:00         0 d-------- C:\Program Files\Microsoft Works
2007-12-05 20:14:41         0 d-------- C:\Program Files\MSBuild
2007-12-05 20:13:29         0 d-------- C:\Program Files\Microsoft.NET
2007-12-05 20:10:03         0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-12-05 19:56:07         0 d-------- C:\Program Files\DAEMON Tools
2007-12-05 19:51:18         7 --a------ C:\Windows\system32\CurrentName.dat
2007-12-05 19:51:18      4096 --a------ C:\Windows\system32\19301.sys
2007-12-05 19:44:59         0 d-------- C:\Users\João\AppData\Roaming\WinRAR
2007-12-05 19:32:31         0 d-------- C:\Users\João\AppData\Roaming\Macromedia
2007-12-05 19:20:53         0 d-------- C:\Users\João\AppData\Roaming\Identities


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [06-12-2007 15:13]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04-12-2007 13:00]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12-01-2006 15:40]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10-11-2006 12:35]
"BatteryMiser 5"="C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe" [25-04-2007 14:03]
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" []
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [29-09-2006 12:39]
"LG Direct Media Button Service"="LGDMEBTN.exe" [14-12-2006 19:50 C:\Windows\System32\LGDMEBTN.exe]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [22-12-2006 16:18]
"KeybdUtility"="C:\Program Files\LG Software\On Screen Display\HotKey.exe" [15-02-2007 09:55]
"RtHDVCpl"="RtHDVCpl.exe" [29-12-2006 00:00 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12-01-2007 13:36]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [22-10-2006 23:24]
"@"="" []
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [20-03-2007 16:40]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24-08-2007 07:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 01:11]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10-01-2008 15:27]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15-01-2008 03:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [25-01-2008 15:23]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [15-01-2007 16:14]
"MobileConnect.EXE"="C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE" [13-07-2007 16:37]
"MSServer"="C:\Users\JOO~1\AppData\Local\Temp\xxyxw.dll,#1" []
"cmds"="C:\Users\JOO~1\AppData\Local\Temp\jkhff.dll,c" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28-01-2008 11:43]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02-11-2006 12:36]

C:\Users\JoÆo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Vodafone Mobile Connect.lnk - C:\Windows\Installer\{1ECCE5C7-7C28-4384-8711-90228FCFDFA8}\NewShortcut8_B9D0823E49B04B5B9B0C5415624F0666.exe [18-01-2008 16:02:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= C:\Windows\system32\bmpsap.dll [11-12-2006 15:58 114688]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService	nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted	hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork	PLA DPS BFE mpssvc
LocalServiceNetworkRestricted	DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg
bthsvcs	BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{177a6602-a38e-11dc-80b2-806e6f6e6963}]
AutoRun\command- E:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{177a66cb-a38e-11dc-80b2-000df026fb93}]
AutoRun\command- E:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8914b69d-b32d-11dc-a439-000df026fb93}]
AutoRun\command- G:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8914b69e-b32d-11dc-a439-000df026fb93}]
AutoRun\command- G:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca5b9806-aca5-11dc-a5df-000df026fb93}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Recycled\ctfmon.exe
Open(0)\command- F:\Recycled\ctfmon.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-02-02 15:22:16 ------------