This afternoon, flagged again.
Here is my log:
Deckard's System Scanner v20071014.68
Run by Andre on 2008-03-14 23:45:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
13: 2008-03-15 03:46:11 UTC - RP13 - Deckard's System Scanner Restore Point
12: 2008-03-14 22:27:50 UTC - RP12 - Installed CA Desktop DNA Migrator
11: 2008-03-14 22:26:14 UTC - RP11 - Installed CA Parental Controls
10: 2008-03-13 13:56:29 UTC - RP10 - Installed Ad-Aware 2007
9: 2008-03-12 01:57:13 UTC - RP9 - Software Distribution Service 3.0
-- First Restore Point --
1: 2008-03-11 12:44:28 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Andre.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:34 PM, on 3/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
D:\DOCUMENTS\Downloads\dss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\DOCUME~1\Andre\Desktop\Andre.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jkmcreative.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {01669be4-3f87-b49a-6774-773e8f38aab3} - {3baa83f8-e377-4776-a94b-78f34eb96610} - C:\WINDOWS\system32\cfeswcpp.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (file missing)
O2 - BHO: (no name) - {F60AD3DF-A52E-49F6-8C03-F7483ED2C032} - C:\WINDOWS\system32\vtstq.dll (file missing)
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O2 - BHO: (no name) - {FC9F68DA-8485-41AA-9EA3-FA7C639DC486} - C:\WINDOWS\system32\awttqpo.dll (file missing)
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [BM7327c509] Rundll32.exe "C:\WINDOWS\system32\xoeitpkp.dll",s
O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1202422383562
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe
O24 - Desktop Component 0: (no name) - D:\DOCUMENTS\Personal\mr2\FERRARI.jpg
O24 - Desktop Component 1: (no name) - D:\DOCUMENTS\My Pictures\Viagems e festas\Brasil\Claudia brasil Dez 07\SD530264.JPG
O24 - Desktop Component 2: (no name) - D:\DOCUMENTS\Personal\mr2\Pictures\mr2jul07_5.jpg
O24 - Desktop Component 3: (no name) - D:\DOCUMENTS\My Pictures\Family and friends\Photo_061005_001.jpg
--
End of file - 7569 bytes
-- HijackThis Fixed Entries (C:\DOCUME~1\Andre\Desktop\backups\) ---------------
backup-20080206-210757-102 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
backup-20080206-210757-130 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)
backup-20080206-210757-664 O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
backup-20080206-210757-778 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
backup-20080206-210757-779 O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
backup-20080206-210757-808 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
backup-20080206-210757-881 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
backup-20080206-210757-931 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080206-210758-135 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201133599859
backup-20080206-210758-273 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080206-210758-303 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080206-210758-716 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)
backup-20080311-230522-104 O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20080311-230522-110 O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
backup-20080311-230522-259 O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
backup-20080311-230522-350 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080311-230522-382 O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20080311-230522-534 O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
backup-20080311-230522-560 O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
backup-20080311-230522-570 O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
backup-20080311-230522-587 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20080311-230522-649 O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
backup-20080311-230522-653 O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (file missing)
backup-20080311-230522-745 O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20080311-230522-848 O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
backup-20080311-230522-858 O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
-- File Associations -----------------------------------------------------------
.scr - AutoCADLTScriptFile - shell\open\command - C:\WINDOWS\NOTEPAD.EXE "%1"
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 bpfinder (BACKPACK Finder) - c:\windows\system32\drivers\bpfinder.sys <Not Verified; Micro Solutions, Inc.; BACKPACK Finder>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys
R3 bpflt (BACKPACK Filter) - c:\windows\system32\drivers\bpflt.sys <Not Verified; Micro Solutions, Inc.; BACKPACK Filter>
R3 bpusbflt (BACKPACK USB Filter) - c:\windows\system32\drivers\bpusbflt.sys <Not Verified; Micro Solutions, Inc.; BACKPACK USB Filter>
S0 szkg - c:\windows\system32\drivers\szkg.sys (file missing)
S3 bppccard (BACKPACK PC Card) - c:\windows\system32\drivers\bppccard.sys <Not Verified; Micro Solutions, Inc.; BACKPACK PC Card Driver>
S3 bppnpdrv (BACKPACK Driver) - c:\windows\system32\drivers\bppnpdrv.sys <Not Verified; Micro Solutions, Inc.; BACKPACK Plug and Play Driver>
S3 bpusbdrv (BACKPACK USB 1 Cable) - c:\windows\system32\drivers\bpusbdrv.sys <Not Verified; Micro Solutions, Inc.; BACKPACK USB Cable>
S3 btaudio (Bluetooth Audio Device) - c:\windows\system32\drivers\btaudio.sys (file missing)
S3 BTDriver (Bluetooth Virtual Communications Driver) - c:\windows\system32\drivers\btport.sys (file missing)
S3 BTWDNDIS (Bluetooth LAN Access Server) - c:\windows\system32\drivers\btwdndis.sys (file missing)
S3 btwhid - c:\windows\system32\drivers\btwhid.sys (file missing)
S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - c:\windows\system32\drivers\btwusb.sys (file missing)
S3 FXDRV - i:\fxdrv.sys (file missing)
S3 PalmUSBD - c:\windows\system32\drivers\palmusbd.sys (file missing)
S3 rcvpn (SonicWALL VPN Adapter) - c:\windows\system32\drivers\rcvpn.sys (file missing)
S3 SaiNtBus - c:\windows\system32\drivers\saintbus.sys <Not Verified; Saitek; Configuration Software>
S3 W8335XP (NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)) - c:\windows\system32\drivers\wg311v3xp.sys (file missing)
S3 XIRLINK (IBM PC Camera) - c:\windows\system32\drivers\c-itnt.sys <Not Verified; Xirlink, Inc; Xirlink Digital Video PC Camera>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 WinSvchostManager (WinSock Svchost Manager) - c:\windows\system32\svcprs32.exe
S4 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-02-14 and 2008-03-14 -----------------------------
2008-03-14 18:43:56 6 --a------ C:\WINDOWS\system32\mkghj.dll
2008-03-14 18:27:08 0 d-------- C:\Documents and Settings\Andre\Application Data\CallingID
2008-03-14 18:26:37 0 d-------- C:\Program Files\Common Files\Scanner
2008-03-14 18:26:17 2732032 --a------ C:\WINDOWS\system32\win32cpr.dll
2008-03-14 18:26:17 823296 --a------ C:\WINDOWS\system32\svcprs32.exe
2008-03-14 18:26:16 1564771 --a------ C:\WINDOWS\system32\winsflt.dll
2008-03-14 18:26:16 1212416 --a------ C:\WINDOWS\system32\mdmcls32.exe
2008-03-14 18:26:16 11333632 --a------ C:\WINDOWS\cfgmng32.exe
2008-03-14 18:26:15 1830912 --a------ C:\WINDOWS\system32\winsflte.dll <Not Verified; PureSight Inc; PureSight Classification SDK>
2008-03-14 18:26:10 0 d-------- C:\WINDOWS\rnapxs
2008-03-14 18:25:05 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-03-14 18:25:04 0 d-------- C:\Program Files\CA
2008-03-13 16:49:56 0 d-------- C:\VundoFix Backups
2008-03-13 10:07:20 0 d-------- C:\WINDOWS\CAVTemp
2008-03-13 09:56:32 0 d-------- C:\Program Files\Lavasoft
2008-03-13 09:56:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-13 09:55:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-13 09:47:56 93760 --a------ C:\WINDOWS\system32\cfeswcpp.dll
2008-03-13 09:44:55 86080 --a------ C:\WINDOWS\system32\wqirxomq.dll
2008-03-13 09:39:40 90176 --a------ C:\WINDOWS\system32\xoeitpkp.dll
2008-03-11 22:45:30 921632 --a------ C:\PA7311.DAT
2008-03-10 12:19:57 0 d-------- C:\Program Files\Acro Software
2008-03-10 12:19:47 40448 --a------ C:\WINDOWS\system32\gebabcc.dll
2008-03-10 11:26:02 0 d-------- C:\Documents and Settings\Andre\Application Data\Adobe
2008-03-09 19:59:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-09 18:18:08 40448 --a------ C:\WINDOWS\system32\gebbyay.dll
2008-03-09 17:58:46 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-03-09 17:58:15 0 d-------- C:\Program Files\Reference Assemblies
2008-03-09 17:56:11 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-03-09 17:42:10 40448 --a------ C:\WINDOWS\system32\awttsqq.dll
2008-03-09 16:40:53 9208 --ahs---- C:\WINDOWS\system32\rqtss.ini2
2008-03-09 16:30:41 40448 --a------ C:\WINDOWS\system32\ljjgfdb.dll
2008-03-09 16:16:53 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-09 16:02:17 40448 --a------ C:\WINDOWS\system32\iifcyya.dll
2008-03-08 15:27:16 0 d-------- C:\Documents and Settings\Andre\Application Data\wsInspector
2008-03-08 15:24:13 0 d-------- C:\Program Files\Startup Inspector for Windows
2008-03-05 16:44:42 0 d-------- C:\Program Files\Microsoft Works
2008-03-05 15:48:10 0 d-------- C:\Program Files\Common Files\Protexis
2008-03-05 15:48:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-03-05 15:45:59 0 d-------- C:\Program Files\Common Files\Corel
2008-03-05 14:47:01 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\A6C71A4801.sys
2008-03-05 14:47:00 2828 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-03-05 13:54:38 0 d-------- C:\Program Files\Corel
2008-03-05 13:53:20 0 d-------- C:\WINDOWS\Corel
2008-03-04 00:12:41 0 d-------- C:\Program Files\JKM Creative
2008-02-29 18:09:39 0 d-------- C:\p550
2008-02-29 18:07:58 0 d-------- C:\Program Files\IZArc
2008-02-29 17:40:16 0 d-------- C:\Documents and Settings\Andre\Application Data\BitTorrent
2008-02-29 17:39:48 0 d-------- C:\Program Files\DNA
2008-02-29 17:39:48 0 d-------- C:\Documents and Settings\Andre\Application Data\DNA
2008-02-29 17:39:47 0 d-------- C:\Program Files\BitTorrent
2008-02-23 14:57:43 0 d-------- C:\Backup
2008-02-18 20:19:35 157696 --a------ C:\WINDOWS\system32\OggEnc.exe
2008-02-18 20:19:35 145408 --a------ C:\WINDOWS\system32\Lame.exe
2008-02-18 20:19:35 76800 --a------ C:\WINDOWS\system32\Faac.exe
2008-02-18 20:19:31 920576 --a------ C:\WINDOWS\system32\AdjMmsEng.dll <Not Verified; MultiMedia Soft; adjstud Dynamic Link Library>
2008-02-18 20:19:31 0 d-------- C:\Program Files\Xenocode
2008-02-18 20:19:31 0 d-------- C:\Program Files\Audio Sound Recorder for .NET
-- Find3M Report ---------------------------------------------------------------
2008-03-14 18:26:37 0 d-------- C:\Program Files\Common Files
2008-03-14 18:26:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-12 22:35:50 0 d-------- C:\Documents and Settings\Andre\Application Data\Skype
2008-03-12 17:42:15 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-12 17:42:10 0 d-------- C:\Program Files\Analog Devices
2008-03-11 22:24:50 0 d-------- C:\Program Files\Symantec
2008-03-11 22:23:51 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-10 11:24:54 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-05 15:27:42 0 d-------- C:\Documents and Settings\Andre\Application Data\Corel
2008-02-23 22:18:32 0 d-------- C:\Program Files\IBM PC Camera
2008-02-22 14:05:03 0 d-------- C:\Program Files\Thumbs4
2008-02-21 20:03:30 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-13 20:18:11 0 d-------- C:\Program Files\FreePCB
2008-02-13 20:12:26 0 d-------- C:\Program Files\TinyCAD
2008-02-07 14:34:22 0 d-------- C:\Program Files\VIA
2008-02-07 09:34:09 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-02-06 17:06:48 0 d-------- C:\Program Files\SonicWallES
2008-02-05 18:26:45 0 d-------- C:\Program Files\Yahoo!
2008-02-05 18:11:28 0 d-------- C:\Documents and Settings\Andre\Application Data\SonicWALL
2008-02-05 18:08:36 0 d-------- C:\Program Files\Estimate Master
2008-02-05 17:58:17 0 d-------- C:\Documents and Settings\Andre\Application Data\Bullzip
2008-02-03 16:54:36 0 d-------- C:\Documents and Settings\Andre\Application Data\My Battle for Middle-earth Files
2008-02-03 13:11:02 0 d-------- C:\Program Files\EA GAMES
2008-01-28 20:53:05 0 d-------- C:\Program Files\MSDN
2008-01-23 20:20:34 0 d-------- C:\Program Files\MSXML 6.0
2008-01-23 19:56:24 0 d-------- C:\Program Files\Microsoft Silverlight
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3baa83f8-e377-4776-a94b-78f34eb96610}]
03/13/2008 09:47 AM 93760 --a------ C:\WINDOWS\system32\cfeswcpp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F60AD3DF-A52E-49F6-8C03-F7483ED2C032}]
C:\WINDOWS\system32\vtstq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC9F68DA-8485-41AA-9EA3-FA7C639DC486}]
C:\WINDOWS\system32\awttqpo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [01/25/2008 12:40 PM]
"dvHighMem"="C:\WINDOWS\cfgmng32.exe" [11/14/2007 12:34 PM]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [01/11/2008 09:30 PM]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe" [03/14/2008 06:26 PM]
"cafw"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [01/24/2008 04:43 PM]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [01/24/2008 04:43 PM]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [01/24/2008 04:43 PM]
"BM7327c509"="C:\WINDOWS\system32\xoeitpkp.dll" [03/13/2008 09:39 AM]
"CaPPcl"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe" [01/11/2008 06:56 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= D:\DOCUMENTS\Personal\mr2\FERRARI.jpg
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= D:\DOCUMENTS\My Pictures\Viagems e festas\Brasil\Claudia brasil Dez 07\SD530264.JPG
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= D:\DOCUMENTS\Personal\mr2\Pictures\mr2jul07_5.jpg
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source= D:\DOCUMENTS\My Pictures\Family and friends\Photo_061005_001.jpg
FriendlyName=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FC9F68DA-8485-41AA-9EA3-FA7C639DC486}"= C:\WINDOWS\system32\awttqpo.dll [ ]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\CIDLinkAdvisor.dll [10/15/2007 09:40 PM 1373624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 05/18/2007 01:30 PM 79368 C:\WINDOWS\system32\UmxWNP.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtstq.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=C:\WINDOWS\pss\Office Startup.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andre^Start Menu^Programs^Startup^Corel Registration.lnk]
path=C:\Documents and Settings\Andre\Start Menu\Programs\Startup\Corel Registration.lnk
backup=C:\WINDOWS\pss\Corel Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Active Desktop Calendar]
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager]
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
"C:\Program Files\Spyware Doctor\pctsTray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
"C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PtiuPbmd]
Rundll32.exe ptipbm.dll,SetWriteBack
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"InCDsrv"=2 (0x2)
"VETMSGNT"=2 (0x2)
"CAISafe"=2 (0x2)
"vsmon"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"NVSvc"=2 (0x2)
"idsvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
-- End of Deckard's System Scanner: finished at 2008-03-14 23:52:23 ------------