Deckard's System Scanner v20071014.68 Run by Tit Kian on 2008-07-25 01:38:07 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 17: 2008-07-24 17:38:19 UTC - RP730 - Deckard's System Scanner Restore Point 16: 2008-07-23 21:13:23 UTC - RP729 - System Checkpoint 15: 2008-07-22 20:43:08 UTC - RP728 - System Checkpoint 14: 2008-07-21 03:30:16 UTC - RP727 - Deckard's System Scanner Restore Point 13: 2008-07-17 17:21:49 UTC - RP726 - System Checkpoint -- First Restore Point -- 1: 2008-07-02 13:34:40 UTC - RP714 - System Checkpoint Performed disk cleanup. -- HijackThis (run as Tit Kian.exe) -------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:38:28, on 2008-7-25 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\uTorrent\uTorrent.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\WScript.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Tit Kian\desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\TITKIA~1.EXE O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Policies\Explorer\Run: [Explorer] xiao.vbs O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Explorer] xiao.vbs (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Explorer] xiao.vbs (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE -- End of file - 8528 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080721-111513-512 O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe backup-20080721-111513-542 O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) backup-20080721-111513-578 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=zuzed004YYMY_ZZzer000 backup-20080721-111513-584 O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Explorer] xiao.vbs (User 'Default user') backup-20080721-111513-689 O4 - HKLM\..\RunServices: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe backup-20080721-111513-717 O4 - HKLM\..\Policies\Explorer\Run: [lljy_df] C:\WINDOWS\system\llzjy080718.exe backup-20080721-111513-762 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) backup-20080721-111513-875 O4 - HKLM\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe backup-20080721-111513-915 O4 - HKCU\..\Policies\Explorer\Run: [{A85EEF68-0BC6-1033-1208-050509050001}] "C:\Program Files\Common Files\{A85EEF68-0BC6-1033-1208-050509050001}\Update.exe" mc-110-12-0001232 backup-20080721-111513-970 R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file) -- File Associations ----------------------------------------------------------- [COLOR=red].reg - regfile - shell\open\command - regedit.exe "%1" %*[/COLOR] [COLOR=red].scr - scrfile - shell\open\command - "%1" %*[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing) S3 XDva170 - c:\windows\system32\xdva170.sys (file missing) S3 XDva177 - c:\windows\system32\xdva177.sys (file missing) S3 XDva186 - c:\windows\system32\xdva186.sys (file missing) S3 XDva187 - c:\windows\system32\xdva187.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" S2 UTSCSI (USBest Service Zero) - c:\windows\system32\utscsi.exe S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Process Modules ------------------------------------------------------------- C:\WINDOWS\system32\winlogon.exe (pid 700) 2007-10-21 22:48:00 229376 --a------ C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll 2007-09-27 12:40:14 488523 --a------ C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll 2007-07-11 15:06:58 28740 --a------ C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll 2002-07-30 11:33:00 45056 --a------ C:\WINDOWS\system32\NavLogon.dll C:\WINDOWS\system32\svchost.exe (pid 1128) 2007-09-27 12:40:14 488523 --a------ C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll 2007-07-11 15:06:58 28740 --a------ C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll C:\WINDOWS\explorer.exe (pid 260) 2007-09-27 12:40:14 488523 --a------ C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll 2007-07-11 15:06:58 28740 --a------ C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll 2006-12-01 22:54:32 626688 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll 2006-12-01 22:56:00 96256 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll 2005-04-19 19:02:58 69632 --a------ C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll 2006-04-18 18:15:22 126464 --a------ C:\Program Files\WinRAR\RarExt.dll 2008-03-15 07:52:17 221184 --a------ C:\Program Files\PowerISO\PWRISOSH.DLL 2002-07-30 11:35:14 40960 --a------ C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll -- Files created between 2008-06-25 and 2008-07-25 ----------------------------- 2008-07-21 21:52:17 0 d-------- C:\Documents and Settings\Tit Kian\Application Data\Malwarebytes 2008-07-21 21:52:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-21 21:51:55 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-21 11:42:56 15316 ---hs---- C:\WINDOWS\system32\xiao.vbs 2008-07-21 11:22:44 84250454 --a------ C:\registrybackup.reg 2008-07-21 02:12:59 8038 --a------ C:\WINDOWS\3.exe 2008-07-21 00:50:32 0 d-------- C:\Program Files\Trend Micro 2008-07-21 00:46:31 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI 2008-07-20 23:15:41 12178 --a------ C:\WINDOWS\14.exe 2008-07-20 23:15:20 12178 --a------ C:\WINDOWS\10.exe 2008-07-20 23:14:59 8038 --a------ C:\WINDOWS\7.exe 2008-07-20 23:14:43 12179 --a------ C:\WINDOWS\5.exe 2008-07-20 23:14:31 8038 --a------ C:\WINDOWS\4.exe 2008-07-20 23:05:52 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia 2008-07-20 23:01:35 0 dr------- C:\Documents and Settings\NetworkService\Favorites 2008-07-09 17:09:27 0 d-------- C:\Program Files\MSBuild 2008-07-09 16:52:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help -- Find3M Report --------------------------------------------------------------- 2008-07-25 01:39:13 0 d-------- C:\Documents and Settings\Tit Kian\Application Data\uTorrent 2008-07-22 00:41:28 0 d-------- C:\Program Files\Windows Live Safety Center 2008-07-21 11:18:44 0 d-------- C:\Program Files\Common Files 2008-07-18 02:39:48 0 d-------- C:\Program Files\uTorrent 2008-07-09 17:09:42 0 d-------- C:\Program Files\Microsoft Works 2008-06-21 13:21:51 0 d-------- C:\Documents and Settings\Tit Kian\Application Data\LimeWire 2008-06-18 19:31:20 33184 --a------ C:\Documents and Settings\Tit Kian\Application Data\GDIPFONTCACHEV1.DAT 2008-06-17 10:53:41 0 d-------- C:\Documents and Settings\Tit Kian\Application Data\Adobe 2008-06-03 00:45:17 0 d-------- C:\Program Files\Bonjour 2008-06-03 00:45:12 0 d-------- C:\Program Files\Common Files\Adobe 2008-06-03 00:25:31 0 d-------- C:\Program Files\Common Files\Macrovision Shared 2008-06-02 17:48:04 0 d-------- C:\Program Files\PowerISO 2008-06-01 21:22:30 0 d-------- C:\Program Files\Java 2008-06-01 21:10:42 0 d-------- C:\Documents and Settings\Tit Kian\Application Data\OpenOffice.org2 -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 C:\WINDOWS\RTHDCPL.exe] "Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 01:07] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35] "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 11:35] "QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2006-10-25 18:58] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32] "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 12:00] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:31] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 07:50] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34] "BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-03-25 14:38] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-4 19:56:55] ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-6 1:07:30] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "DisableTaskMgr"=0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "DisableTaskMgr"=0 (0x0) "NoDispAppearancePage"=0 (0x0) "NoDispBackgroundPage"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] "Explorer"=xiao.vbs [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktopChanges"=0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run] "Explorer"=xiao.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-10-21 22:48 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avg.exe] DEBUGGER=SDF [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccevtmgr.exe] DEBUGGER=SDF [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccsetmgr.exe] DEBUGGER=SDF [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defwatch.exe] DEBUGGER=SDF [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fwmain.exe] DEBUGGER=SDF [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gr9x3863r.exe] DEBUGGER=SDF [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guid.exe] DEBUGGER=SDF [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvxp.exe] DEBUGGER=SDF [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvxp_1.exe] DEBUGGER=SDF [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mpstart.exe] DEBUGGER=SDF [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psview.exe] DEBUGGER=SDF [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\snipesword.exe] DEBUGGER=SDF [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spidernet.exe] DEBUGGER=SDF [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\srgui.exe] DEBUGGER=SDF [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ssm.exe] DEBUGGER=SDF [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\woptiutilities.exe] DEBUGGER=SDF [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{042d1dc1-ace4-11da-b206-001485c3f393}] AutoRun\command- wscript.exe xiao.vbs find\Command- wscript.exe xiao.vbs open\Command- wscript.exe xiao.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{072cfe37-c9f8-11da-b221-001485c3f393}] AutoRun\command- wscript.exe xiao.vbs find\Command- wscript.exe xiao.vbs open\Command- wscript.exe xiao.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21d8b674-5912-11dc-b2fe-001485c3f393}] AutoRun\command- ek.com explore\Command- ek.com open\Command- ek.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3600a03c-6b37-11dc-b316-001485c3f393}] Autoplay\command- MySexy.exe AutoRun\command- MySexy.exe Explore\command- MySexy.exe OPEN\command- MySexy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6245513-52d8-11dd-bff2-001485c3f393}] AutoRun\command- wscript.exe xiao.vbs find\Command- wscript.exe xiao.vbs open\Command- wscript.exe xiao.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae34f91c-a5f2-11db-b2ab-001485c3f393}] Auto\command- RavMonE.exe e AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae34f91f-a5f2-11db-b2ab-001485c3f393}] Auto\command- F:\RavMonE.exe e AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e -- End of Deckard's System Scanner: finished at 2008-07-25 01:40:06 ------------