********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
Sun 01/27/2008 19:47:10.03
NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.
Last update was made 28-12-07
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-27 19:47:14
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:5e,7e,b0,57,18,31,d8,8b,c5,86,3b,83,92,79,a9,05,16,91,82,e3,43,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f2,27,bd,bf,4b,bd,dd,61,46,11,04,a1,f2,7d,bb,13,44,..
"khjeh"=hex:cc,a6,34,3d,c8,e8,52,68,9e,67,5f,90,65,a9,97,90,bf,35,6f,65,18,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3c,29,fb,71,e3,d7,1f,94,5d,f1,f3,50,cf,28,0d,04,aa,83,8c,da,64,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:4c,39,70,ec,d4,21,23,9b,40,c7,51,8e,36,da,f6,16,57,78,56,89,35,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:42,7e,5b,2b,6a,d7,3a,58,62,3f,76,3a,21,79,e6,15,06,59,6c,24,75,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:42,7e,5b,2b,6a,d7,3a,58,62,3f,76,3a,21,79,e6,15,06,59,6c,24,75,..
IPC error: 2 The system cannot find the file specified.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:5e,7e,b0,57,18,31,d8,8b,c5,86,3b,83,92,79,a9,05,16,91,82,e3,43,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f2,27,bd,bf,4b,bd,dd,61,46,11,04,a1,f2,7d,bb,13,44,..
"khjeh"=hex:29,bd,b5,5b,2d,b3,02,e3,ae,bf,73,e7,df,7c,f3,6b,4e,1f,01,bb,da,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3c,29,fb,71,e3,d7,1f,94,5d,f1,f3,50,cf,28,0d,04,aa,83,8c,da,64,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:55,00,bc,17,06,71,b7,71,45,f1,4f,a6,85,61,db,40,34,f3,c6,7b,86,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:42,7e,5b,2b,6a,d7,3a,58,62,3f,76,3a,21,79,e6,15,06,59,6c,24,75,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:42,7e,5b,2b,6a,d7,3a,58,62,3f,76,3a,21,79,e6,15,06,59,6c,24,75,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:5e,7e,b0,57,18,31,d8,8b,c5,86,3b,83,92,79,a9,05,16,91,82,e3,43,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f2,27,bd,bf,4b,bd,dd,61,46,11,04,a1,f2,7d,bb,13,44,..
"khjeh"=hex:29,bd,b5,5b,2d,b3,02,e3,ae,bf,73,e7,df,7c,f3,6b,4e,1f,01,bb,da,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:20,a0,96,9c,3c,49,86,e7,d6,61,0e,6b,2e,a4,b0,cd,89,e3,69,66,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:8f,83,dd,b6,99,ac,c6,a6,9f,49,73,08,84,7b,41,93,7f,c4,f8,04,3f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:42,7e,5b,2b,6a,d7,3a,58,62,3f,76,3a,21,79,e6,15,06,59,6c,24,75,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:42,7e,5b,2b,6a,d7,3a,58,62,3f,76,3a,21,79,e6,15,06,59,6c,24,75,..
scanning hidden registry entries ...
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
hidden processes: 0
hidden services: 0
hidden files: 0
Deckard's System Scanner v20071014.68
Run by alex on 2008-01-27 19:33:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------
System Drive C: has 17.88 GiB (less than 15%) free.-- HijackThis (run as alex.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:52 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\alex\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\alex.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.daemonsearch.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-484763869-299502267-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'adge')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Reporting Agents (Reporting) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
--
End of file - 6448 bytes
-- Files created between 2007-12-27 and 2008-01-27 -----------------------------
2008-01-27 13:54:55 0 d-------- C:\Program Files\SAV
2008-01-27 13:48:57 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-27 13:48:31 0 d-------- C:\Program Files\Symantec
2008-01-27 01:50:00 0 d-------- C:\Program Files\Trend Micro
2008-01-27 00:59:45 0 d-------- C:\Program Files\Common Files\Java
2008-01-22 22:54:00 0 d-------- C:\Documents and Settings\alex\.housecall6.6
2008-01-22 22:53:46 0 d-------- C:\Documents and Settings\alex\Application Data\Sun
2008-01-22 17:01:26 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-18 23:29:52 0 d-------- C:\Program Files\iPod
2008-01-18 23:29:47 0 d-------- C:\Program Files\iTunes
2008-01-16 17:41:13 0 d-------- C:\Program Files\LG Drivers
2008-01-15 09:45:08 0 d-------- C:\WINDOWS\Sun
2008-01-15 09:45:08 0 d-------- C:\Documents and Settings\adge\Application Data\Sun
2008-01-15 09:41:34 0 d-------- C:\Program Files\Java
2008-01-15 05:57:58 0 d-------- C:\Program Files\Microsoft Research
2008-01-09 16:58:44 0 d-------- C:\Program Files\Rockstar Games
2008-01-06 10:13:12 0 d-------- C:\Program Files\Sierra Entertainment
2008-01-06 09:20:52 0 dr-h----- C:\Documents and Settings\alex\Recent
2008-01-02 18:40:11 0 d-------- C:\Program Files\Pure Networks
2008-01-02 18:38:56 0 d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-01-02 18:13:25 0 d-------- C:\Program Files\Pidgin
2008-01-02 11:41:21 0 d-------- C:\Program Files\PowerISO
2008-01-01 18:03:07 0 d-------- C:\Program Files\America's Army
2008-01-01 15:23:11 0 d-------- C:\Documents and Settings\alex\Application Data\Apple Computer
2008-01-01 15:22:26 0 d-------- C:\Program Files\Common Files\Apple
2008-01-01 12:11:37 0 d-------- C:\Documents and Settings\alex\Application Data\WinRAR
-- Find3M Report ---------------------------------------------------------------
2008-01-27 19:33:44 0 d-------- C:\Documents and Settings\alex\Application Data\Azureus
2008-01-27 19:33:38 0 d-------- C:\Program Files\PeerGuardian2
2008-01-27 19:33:32 0 d-------- C:\Documents and Settings\alex\Application Data\.purple
2008-01-27 19:33:15 0 d-------- C:\Program Files\mIRC
2008-01-27 18:26:37 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-01-27 13:48:57 0 d-------- C:\Program Files\Common Files
2008-01-18 23:29:03 0 d-------- C:\Program Files\QuickTime
2008-01-09 16:58:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-06 09:23:20 0 d-------- C:\Program Files\MagicISO
2008-01-06 09:19:31 0 d-------- C:\Program Files\Winamp
2007-12-26 22:43:08 0 d-------- C:\Documents and Settings\alex\Application Data\Adobe
2007-12-26 22:36:16 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-26 22:34:47 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-12-26 22:28:44 0 d-------- C:\Documents and Settings\alex\Application Data\ACD Systems
2007-12-26 20:19:57 0 d-------- C:\Program Files\DFX
2007-12-25 20:10:40 0 d-------- C:\Program Files\TVersity Codec Pack
2007-12-25 20:10:38 0 d-------- C:\Program Files\ffdshow
2007-12-25 20:09:39 0 d-------- C:\Program Files\TVersity
2007-12-24 18:23:33 0 d-------- C:\Program Files\DIFX
2007-12-23 11:36:04 0 d-------- C:\Documents and Settings\alex\Application Data\Flickr
2007-12-23 02:11:47 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL Library>
2007-12-23 02:10:49 0 d-------- C:\Program Files\Futuremark
2007-12-22 18:50:51 0 d-------- C:\Program Files\Azureus
2007-12-20 21:16:04 0 d-------- C:\Program Files\Valvesoftware
2007-12-18 22:42:36 0 dr------- C:\Documents and Settings\alex\Application Data\Brother
2007-12-17 19:35:02 0 d-------- C:\Documents and Settings\alex\Application Data\BSplayer PRO
2007-12-15 15:04:15 0 d-------- C:\Documents and Settings\alex\Application Data\Dr Glitter
2007-12-15 14:26:18 0 d-------- C:\Program Files\Microsoft Bootvis
2007-12-15 13:02:47 0 d-------- C:\Documents and Settings\alex\Application Data\gtk-2.0
2007-12-14 22:25:52 0 d-------- C:\Documents and Settings\alex\Application Data\mIRC
2007-12-13 22:57:22 0 d-------- C:\Program Files\Common Files\ACD Systems
2007-12-13 22:57:13 0 d-------- C:\Program Files\ACD Systems
2007-12-13 22:39:56 0 d-------- C:\Program Files\CCleaner
2007-12-13 22:39:51 0 d-------- C:\Program Files\Yahoo!
2007-12-13 22:12:15 0 d-------- C:\Documents and Settings\alex\Application Data\Thinstall
2007-12-13 22:01:31 0 d-------- C:\Program Files\Apple Software Update
2007-12-13 21:52:12 0 d-------- C:\Program Files\Ahead
2007-12-13 21:52:10 0 d-------- C:\Program Files\Common Files\Ahead
2007-12-11 17:02:59 0 d-------- C:\Program Files\Activision
2007-12-10 23:59:35 0 d-------- C:\Program Files\DAEMON Tools
2007-12-10 23:25:47 0 d-------- C:\Program Files\Webteh
2007-12-10 23:20:03 34 --a------ C:\WINDOWS\system32\BD2070N.DAT
2007-12-10 23:18:18 0 d-------- C:\Program Files\Brownie
2007-12-10 23:18:13 0 d-------- C:\Program Files\Brother
2007-12-10 23:18:07 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-10 23:14:22 0 d-------- C:\Documents and Settings\alex\Application Data\Macromedia
2007-12-10 23:13:07 0 d-------- C:\Program Files\Intel
2007-12-10 23:10:40 0 d-------- C:\Program Files\Intel Desktop Board Audio Driver
2007-12-10 23:09:42 0 d-------- C:\Program Files\Realtek
2007-12-10 23:09:37 0 d-------- C:\Documents and Settings\alex\Application Data\InstallShield
2007-12-10 23:08:53 0 d-------- C:\Program Files\Creative
2007-12-10 23:08:18 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-12-10 23:08:17 0 d-------- C:\Documents and Settings\alex\Application Data\Creative
2007-12-10 23:07:21 0 d-------- C:\Program Files\NVIDIA Corporation
2007-12-10 23:06:57 0 d-------- C:\Program Files\NVIDIA nTune Performance Application
2007-12-10 23:06:17 0 d-------- C:\Program Files\WinAce
2007-12-10 23:05:12 0 d-------- C:\Program Files\Flickr Uploadr
2007-12-10 23:05:02 0 d-------- C:\Program Files\Common Files\GTK
2007-12-10 22:58:41 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-10 22:58:39 0 d-------- C:\Documents and Settings\alex\Application Data\Mozilla
2007-12-10 22:55:40 0 d-------- C:\Documents and Settings\alex\Application Data\Help
2007-12-10 22:46:05 0 d-------- C:\Program Files\Alwil Software
2007-12-10 22:40:42 0 d-------- C:\Documents and Settings\alex\Application Data\Identities
2007-12-10 22:37:05 0 d-------- C:\Program Files\microsoft frontpage
2007-12-10 22:36:49 0 -rahs---- C:\MSDOS.SYS
2007-12-10 22:36:49 0 -rahs---- C:\IO.SYS
2007-12-10 22:36:49 0 --a------ C:\CONFIG.SYS
2007-12-10 22:36:49 0 --a------ C:\AUTOEXEC.BAT
2007-12-10 22:35:37 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-10 22:34:57 0 d-------- C:\Program Files\Common Files\MSSoap
2007-12-10 22:34:51 0 d-------- C:\Program Files\Movie Maker
2007-12-10 22:34:06 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-10 22:33:48 0 d-------- C:\Program Files\Online Services
2007-12-10 22:33:39 0 d-------- C:\Program Files\Windows Media Connect 2
2007-12-10 22:33:36 0 d-------- C:\Program Files\Messenger
2007-12-10 22:33:32 0 d-------- C:\Program Files\MSN Gaming Zone
2007-12-10 22:33:26 0 d-------- C:\Program Files\Windows NT
2007-12-10 17:19:02 0 d-------- C:\Program Files\Common Files\ODBC
2007-12-10 17:19:00 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-12-10 17:18:43 62 --ahs---- C:\Documents and Settings\alex\Application Data\desktop.ini
2007-12-05 01:41:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-12-05 01:41:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-12-05 01:41:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 01:41:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-12-05 01:41:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-12-05 01:41:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 01:41:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-12-05 01:41:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [10/01/2007 08:08 PM]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [10/29/2007 10:04 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 06:56 PM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [12/06/2007 07:06 AM]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [09/04/2007 07:25 PM]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [09/18/2005 06:40 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^alex^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\alex\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
"C:\Program Files\AdVantage\AdVantage.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
*Newly Created Service* - NSCTOP
*Newly Created Service* - REPORTING
-- End of Deckard's System Scanner: finished at 2008-01-27 19:34:11 ------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 27, 2008 8:19:52 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/01/2008
Kaspersky Anti-Virus database records: 534290
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\alex\LOCALS~1\Temp\
Scan Statistics
Total number of scanned objects 11946
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 00:05:08
Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_618.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_718.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000004-00000000-00000004-00001102-00000004-20021102}.CDF Object is locked skipped
C:\DOCUME~1\alex\LOCALS~1\Temp\etilqs_7NdiBaBbRNtcq8L Object is locked skipped
C:\DOCUME~1\alex\LOCALS~1\Temp\~DF5309.tmp Object is locked skipped
Scan process completed.