Alot of scanning later:
SDFix:
SDFix: Version 1.201 Run by Viper Jr on 06-Jul-08 at 02:27 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-06 02:31:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:fa,f8,aa,ef,11,04,d8,03,72,26,bb,7c,df,84,88,66,ec,ea,f3,4e,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,85,b9,79,21,32,d3,2d,2d,8d,aa,c3,b5,83,92,10,05,7b,..
"khjeh"=hex:7d,87,fc,af,b4,63,fc,33,3c,8d,fe,9f,7a,3f,4c,4d,3f,bf,ec,da,f2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a0,af,d8,6f,90,e0,a5,bb,e5,45,18,13,a1,e0,50,b3,22,f4,8d,d3,3c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:fa,f8,aa,ef,11,04,d8,03,72,26,bb,7c,df,84,88,66,ec,ea,f3,4e,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,85,b9,79,21,32,d3,2d,2d,8d,aa,c3,b5,83,92,10,05,7b,..
"khjeh"=hex:7d,87,fc,af,b4,63,fc,33,3c,8d,fe,9f,7a,3f,4c,4d,3f,bf,ec,da,f2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a0,af,d8,6f,90,e0,a5,bb,e5,45,18,13,a1,e0,50,b3,22,f4,8d,d3,3c,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000000
"TracesSuccessful"=dword:00000000
"LastTraceFailure"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Entertainment\\Spel\\Rise of Legends\\legends.exe"="D:\\Entertainment\\Spel\\Rise of Legends\\legends.exe:*:Enabled:Rise Of Legends"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"D:\\Entertainment\\Spel\\EVE-Online\\bin\\ExeFile.exe"="D:\\Entertainment\\Spel\\EVE-Online\\bin\\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"D:\\Entertainment\\Spel\\DarkPlanet\\Dark.exe"="D:\\Entertainment\\Spel\\DarkPlanet\\Dark.exe:*:Enabled:Dark"
"D:\\Entertainment\\Spel\\The Lord of The Ring-Battle for Middle-earth II\\game.dat"="D:\\Entertainment\\Spel\\The Lord of The Ring-Battle for Middle-earth II\\game.dat:*:Enabled:The Battle for Middle-earth II"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"D:\\Entertainment\\Spel\\NeverWinter Nights 2\\nwn2main.exe"="D:\\Entertainment\\Spel\\NeverWinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"D:\\Entertainment\\Spel\\NeverWinter Nights 2\\nwn2main_amdxp.exe"="D:\\Entertainment\\Spel\\NeverWinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"D:\\Entertainment\\Spel\\NeverWinter Nights 2\\nwupdate.exe"="D:\\Entertainment\\Spel\\NeverWinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"D:\\Entertainment\\Spel\\NeverWinter Nights 2\\nwn2server.exe"="D:\\Entertainment\\Spel\\NeverWinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"D:\\Entertainment\\Spel\\Empire at War\\GameData\\sweaw.exe"="D:\\Entertainment\\Spel\\Empire at War\\GameData\\sweaw.exe:*:Enabled:Petroglyph"
"D:\\Entertainment\\Spel\\Empire at War\\Forces of Corruption\\swfoc.exe"="D:\\Entertainment\\Spel\\Empire at War\\Forces of Corruption\\swfoc.exe:*:Enabled:Star Wars®: Empire at War: Forces of Corruption"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\Entertainment\\Spel\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"="D:\\Entertainment\\Spel\\Sins of a Solar Empire\\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :
Files with Hidden Attributes :
Wed 20 Feb 2008 24 ..SH. --- "C:\WINDOWS\S16DEF127.tmp"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sun 22 Jun 2008 320,000 ...H. --- "C:\Documents and Settings\Viper Jr\Desktop\EVE\~WRL0003.tmp"
Sun 22 Jun 2008 276,480 ...H. --- "C:\Documents and Settings\Viper Jr\Desktop\EVE\~WRL0005.tmp"
Sun 22 Jun 2008 253,440 ...H. --- "C:\Documents and Settings\Viper Jr\Desktop\EVE\~WRL3123.tmp"
Sat 21 Jun 2008 6,741 ...HR --- "C:\Documents and Settings\Viper Jr\Application Data\SecuROM\UserData\securom_v7_01.bak"
Finished!MBAM:
Malwarebytes' Anti-Malware 1.19
Database version: 924
Windows 5.1.2600 Service Pack 2
3:11:23 AM 06-Jul-08
mbam-log-7-6-2008 (03-11-23).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 198072
Time elapsed: 32 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Windows Sound (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Kaspersky:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, July 06, 2008 12:05:09 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/07/2008
Kaspersky Anti-Virus database records: 916362
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
F:\
Scan Statistics:
Total number of scanned objects: 168686
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 02:51:49
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Viper Jr\Application Data\Opera\Opera\mail\indexer\indexer.dat Object is locked skipped
C:\Documents and Settings\Viper Jr\Application Data\Opera\Opera\mail\lexicon\lexicon.dat Object is locked skipped
C:\Documents and Settings\Viper Jr\Application Data\Opera\Opera\mail\mailbase.dat Object is locked skipped
C:\Documents and Settings\Viper Jr\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Viper Jr\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Viper Jr\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Viper Jr\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Viper Jr\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Viper Jr\ntuser.dat Object is locked skipped
C:\Documents and Settings\Viper Jr\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe Infected: Trojan-Spy.Win32.Agent.bzz skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D4C4CA5F-D777-4737-9985-D06B82207499}\RP159\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{D4C4CA5F-D777-4737-9985-D06B82207499}\RP159\change.log Object is locked skipped
Scan process completed.
DSS main:
Deckard's System Scanner v20071014.68
Run by Viper Jr on 2008-07-06 12:08:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
66: 2008-07-06 10:08:13 UTC - RP160 - Deckard's System Scanner Restore Point
65: 2008-07-06 00:10:14 UTC - RP159 - Installed Grand Theft Auto Vice City
64: 2008-07-06 00:08:37 UTC - RP158 - Removed Grand Theft Auto Vice City
63: 2008-07-05 20:00:38 UTC - RP157 - Installed LEGO Star Wars II
62: 2008-07-05 00:25:30 UTC - RP156 - System Checkpoint
-- First Restore Point --
1: 2008-04-18 21:31:26 UTC - RP95 - Configured Heroes of Might & Magic V: Hammers of Fate - Patch 2.
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Viper Jr.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:42 PM, on 06-Jul-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware 2008\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Viper Jr\Desktop\dss.exe
C:\PROGRA~1\JIJACK~1\Viper Jr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2008\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5484 bytes
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech iWheelWorks Mouse Driver>
R3 Amps2prt (A4Tech PS/2 Port Mouse Driver) - c:\windows\system32\drivers\amps2prt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech iWheelWorks Mouse Driver>
R3 catchme - c:\docume~1\viperj~1\locals~1\temp\catchme.sys (file missing)
R3 TrioLinkerII - c:\windows\system32\drivers\tlkerii.sys <Not Verified; EMS Ltd; TrioLinker Plus II>
S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech iWheelWorks Mouse Driver>
S3 Arfumftr (A4Tech USB RF-Mouse filter driver) - c:\windows\system32\drivers\arfumftr.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech iWheelWorks Mouse Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_1969&DEV_2048&SUBSYS_82331043&REV_A0\4&38D2602C&0&00E1
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_1969&DEV_2048&SUBSYS_82331043&REV_A0\4&38D2602C&0&00E1
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: Applied Networking Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi
-- Files created between 2008-06-06 and 2008-07-06 -----------------------------
2008-07-06 02:24:41 0 d-------- C:\WINDOWS\ERUNT
2008-07-06 02:09:02 0 dr-h----- C:\Documents and Settings\Viper Jr\Recent
2008-06-26 20:27:14 0 d-------- C:\Program Files\Fraps
2008-06-26 17:45:30 0 d--h----- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-06-25 23:17:14 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-25 23:17:14 0 d-------- C:\Documents and Settings\Viper Jr\Application Data\skypePM
2008-06-25 23:15:38 0 d-------- C:\Documents and Settings\Viper Jr\Application Data\Skype
2008-06-25 23:15:25 0 d-------- C:\Program Files\Skype
2008-06-25 23:15:24 0 d-------- C:\Program Files\Common Files\Skype
2008-06-25 23:15:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-23 03:41:29 0 d-------- C:\Program Files\exSTUFFExplorer
2008-06-19 17:34:24 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 12:28:36 0 d-------- C:\Program Files\Ad-Aware 2008
2008-06-13 12:28:02 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 12:44:53 0 d-------- C:\Documents and Settings\Viper Jr\Application Data\Atari
2008-06-11 07:35:52 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-11 07:34:47 197120 --a------ C:\WINDOWS\patchw32.dll
2008-06-11 07:34:47 0 d-------- C:\Program Files\Common Files\PocketSoft
2008-06-09 13:31:53 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-09 13:21:01 0 d-------- C:\Program Files\Bonjour
2008-06-09 13:14:58 0 d-------- C:\Program Files\Common Files\Macrovision Shared
-- Find3M Report ---------------------------------------------------------------
2008-07-06 12:08:42 0 d-------- C:\Program Files\JijackThis
2008-07-06 02:37:53 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-06 02:10:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-04 21:10:31 0 d-------- C:\Documents and Settings\Viper Jr\Application Data\Adobe
2008-06-25 23:15:24 0 d-------- C:\Program Files\Common Files
2008-06-21 20:57:44 0 d-------- C:\Documents and Settings\Viper Jr\Application Data\Bioshock
2008-06-17 01:53:48 0 d-------- C:\Documents and Settings\Viper Jr\Application Data\Winamp
2008-06-13 11:51:50 0 d-------- C:\Documents and Settings\Viper Jr\Application Data\EVEMon
2008-06-09 13:20:59 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-09 13:06:32 0 d-------- C:\Program Files\FlashFXP
2008-05-24 23:30:49 19 --a------ C:\WINDOWS\popcinfo.dat
2008-05-19 20:06:43 0 d-------- C:\Documents and Settings\Viper Jr\Application Data\Hamachi
2008-05-15 22:07:00 0 d-------- C:\Program Files\Unity
2008-05-15 20:27:22 0 d-------- C:\Program Files\Hamachi
2008-05-11 16:14:35 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-04-15 08:59:19 1 --a------ C:\WINDOWS\system32\SI.bin
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05-Dec-07 02:41 AM]
"RTHDCPL"="RTHDCPL.EXE" [10-Apr-07 09:28 AM C:\WINDOWS\RTHDCPL.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05-Dec-07 02:41 AM]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [13-Mar-08 04:48 PM]
"NodLogin"="C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" [29-Jan-08 03:57 PM]
"WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [25-Aug-04 05:31 PM]
"nwiz"="nwiz.exe" [05-Dec-07 02:41 AM C:\WINDOWS\system32\nwiz.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28-Jan-08 12:43 PM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [14-Feb-08 01:09 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [15-Oct-06 06:41 PM]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- WD_Windows_Tools\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9282b63a-1d9d-11dd-864d-0015e9f00c7c}]
AutoRun\command- WD_Windows_Tools\Setup.exe
-- End of Deckard's System Scanner: finished at 2008-07-06 12:09:04 ------------
DSS-extra comming up in next post!
Edited by Viper Jr., 06 July 2008 - 04:37 AM.