Deckard's System Scanner v20071014.68
Run by Spinal on 2008-02-13 15:57:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
36: 2008-02-13 12:57:29 UTC - RP305 - Deckard's System Scanner Restore Point
35: 2008-02-13 12:25:54 UTC - RP304 -   
34: 2008-02-12 12:15:48 UTC - RP303 -   
33: 2008-02-10 20:23:29 UTC - RP302 -   CSP 2.0   Rutoken
32: 2008-02-10 20:21:11 UTC - RP301 -   CSP 2.0   Rutoken


-- First Restore Point -- 
1: 2008-01-18 13:19:51 UTC - RP270 -   


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Spinal.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:00:10, on 13.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Crypto Pro\CSP\cprmcsp.exe
E:\Program Files\Crypto Pro\CSP\cpinit.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\acs.exe
E:\WINDOWS\system32\CTsvcCDA.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\rtService.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\MsPMSPSv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Logitech\iTouch\iTouch.exe
E:\WINDOWS\system32\CTHELPER.EXE
E:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\WINDOWS\system32\devldr32.exe
E:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\CursorXP\CursorXP.exe
E:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
E:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
E:\Program Files\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.61 V.1.10\WlanCU.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Documents and Settings\Spinal\ \dss.exe
E:\PROGRA~1\Trend Micro\HijackThis\Spinal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nnm.ru/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: 81.177.17.70 u1.eset.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: IE 4.x-6.x BHO for Download Master - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - E:\PROGRA~1\DOWNLO~1\dmiehlp.dll
O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - E:\WINDOWS\AutoLogin\AL2DLL.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - E:\Program Files\ReGet Software\ReGet Deluxe 5.1 DevBuild\IEBar.dll
O4 - HKLM\..\Run: [Outpost Firewall] E:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] E:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] E:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] E:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Updater] winExplore.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\RunServices: [Windows Updater] winExplore.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CursorXP] "E:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "E:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup:  Microsoft Word.lnk = ?
O4 - Startup: .lnk = ?
O4 - Global Startup: Microtek Scanner Finder.lnk = E:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Wireless Configuration Utility HW.61.lnk = E:\Program Files\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.61 V.1.10\WlanCU.exe
O8 - Extra context menu item: &  Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download Using &BitSpirit - E:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item:  &   ReGet Deluxe - E:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item:     Download Master - E:\Program Files\Download Master\dmieall.htm
O8 - Extra context menu item:    Download Master - E:\Program Files\Download Master\dmie.htm
O8 - Extra context menu item:    Re&Get Deluxe - E:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item:   - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item:   - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item:   - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item:  RoboForm - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button:  - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem:   - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button:  - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem:   - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button:   Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - E:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem:  RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - E:\Program Files\Download Master\dmaster.exe
O9 - Extra 'Tools' menuitem: &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - E:\Program Files\Download Master\dmaster.exe
O9 - Extra button:   - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6\ICQ.exe
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {22F5D8C2-F9F9-4B7E-8481-C4B49378D259} (Alfa-Direct Certificate Enrollment Control) - http://www.alfadirect.ru/ADSign/ADCrypto.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{84192981-E049-4721-A4DB-53C7C506694D}: NameServer = 213.234.192.7 195.14.50.21
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - E:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service:   - CSP (cpinit) -  - - E:\Program Files\Crypto Pro\CSP\cpinit.exe
O23 - Service:      - CSP (cprmcsp) -  - - E:\Program Files\Crypto Pro\CSP\cprmcsp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service:   (Eventlog) -   - E:\WINDOWS\system32\services.exe
O23 - Service:  COM  - IMAPI (ImapiService) -   - E:\WINDOWS\system32\imapi.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - E:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Plug and Play (PlugPlay) -   - E:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ruToken Service -  "" - E:\WINDOWS\system32\rtService.exe
O23 - Service: - (SCardSvr) -   - E:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service:    (VSS) -   - E:\WINDOWS\System32\vssvc.exe

--
End of file - 12158 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].reg - regfile - shell\open\command - "regedit.exe" "%1"[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SandBox (Outpost Firewall Sandbox Driver) - e:\program files\agnitum\outpost firewall\kernel\sandbox.sys <Not Verified; Agnitum Ltd.; SandBox AntiSpyWare System>
R1 VD_FileDisk - e:\windows\system32\drivers\vd_filedisk.sys <Not Verified; Flint Incorporation; VD_FileDisk>
R1 VFILT (Outpost Firewall Kernel Driver) - e:\program files\agnitum\outpost firewall\kernel\filtnt.sys <Not Verified; Agnitum Ltd.; Virtual Firewall>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - e:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>

S3 ADBLOCK.DLL (Outpost Firewall PlugIn (ADBLOCK.DLL)) - e:\program files\agnitum\outpost firewall\kernel\adblock.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
S3 AR5211 (Wireless Network Adapter Service) - e:\windows\system32\drivers\ar5211.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter>
S3 ARP.DLL (Outpost Firewall PlugIn (ARP.DLL)) - e:\program files\agnitum\outpost firewall\kernel\arp.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
S3 BioNT_BS - e:\program files\7tools\partition manager\bluescrn\biont_bs.sys
S3 blockpst.dll (Outpost Firewall PlugIn (blockpst.dll)) - e:\program files\agnitum\outpost firewall\kernel\blockpst.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
S3 CONTENT.DLL (Outpost Firewall PlugIn (CONTENT.DLL)) - e:\program files\agnitum\outpost firewall\kernel\content.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
S3 DNSCACHE.DLL (Outpost Firewall PlugIn (DNSCACHE.DLL)) - e:\program files\agnitum\outpost firewall\kernel\dnscache.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
S3 emupia (E-mu Plug-in Architecture Driver) - e:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>
S3 EverestDriver (Lavalys EVEREST Kernel Driver) - e:\program files\everest platinum\everest platinum\kerneld.wnt
S3 FTPFILT.DLL (Outpost Firewall PlugIn (FTPFILT.DLL)) - e:\program files\agnitum\outpost firewall\kernel\ftpfilt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
S3 HTMLFILT.DLL (Outpost Firewall PlugIn (HTMLFILT.DLL)) - e:\program files\agnitum\outpost firewall\kernel\htmlfilt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
S3 HTTPFILT.DLL (Outpost Firewall PlugIn (HTTPFILT.DLL)) - e:\program files\agnitum\outpost firewall\kernel\httpfilt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
S3 IMAPFILT.DLL (Outpost Firewall PlugIn (IMAPFILT.DLL)) - e:\program files\agnitum\outpost firewall\kernel\imapfilt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
S3 MAILFILT.DLL (Outpost Firewall PlugIn (MAILFILT.DLL)) - e:\program files\agnitum\outpost firewall\kernel\mailfilt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
S3 NNTPFILT.DLL (Outpost Firewall PlugIn (NNTPFILT.DLL)) - e:\program files\agnitum\outpost firewall\kernel\nntpfilt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
S3 POP3FILT.DLL (Outpost Firewall PlugIn (POP3FILT.DLL)) - e:\program files\agnitum\outpost firewall\kernel\pop3filt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
S3 PRODIGY - e:\windows\system32\drivers\prodigy.sys <Not Verified; B-phreaks; >
S3 PROTECT.DLL (Outpost Firewall PlugIn (PROTECT.DLL)) - e:\program files\agnitum\outpost firewall\kernel\protect.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
S3 RTUSB (Rutoken) - e:\windows\system32\drivers\rtusb.sys (file missing)
S3 SECRET.DLL (Outpost Firewall PlugIn (SECRET.DLL)) - e:\program files\agnitum\outpost firewall\kernel\secret.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
S3 VirtualFD - e:\documents and settings\spinal\ \-\vfd21-050404\vfd.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - e:\windows\system32\acs.exe
R2 cpinit (  - CSP) - e:\program files\crypto pro\csp\cpinit.exe <Not Verified;  -;  CSP>
R2 cprmcsp (     - CSP) - e:\program files\crypto pro\csp\cprmcsp.exe <Not Verified;  -;  CSP>
R2 ruToken Service - e:\windows\system32\rtservice.exe <Not Verified;  ""; Rutoken Service>
R3 ServiceLayer - "e:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S2 OutpostFirewall (Outpost Firewall Service) - e:\program files\agnitum\outpost firewall\outpost.exe /service <Not Verified; Agnitum Ltd.; Outpost Firewall>
S3 NBService - e:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 Ati HotKey Poller - e:\windows\system32\ati2evxx.exe (file missing)
S4 MySql - c:/mysql/bin/mysqld-nt.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E967-E325-11CE-BFC1-08002BE10318}
Description:  
Device ID: USBSTOR\DISK&VEN_FOXCONN&PROD_CF__USB2.0_READE&REV_9144\000000000162&0
Manufacturer: (  )
Name: Foxconn CF  USB2.0 Reade USB Device
PNP Device ID: USBSTOR\DISK&VEN_FOXCONN&PROD_CF__USB2.0_READE&REV_9144\000000000162&0
Service: disk

Class GUID: {4D36E967-E325-11CE-BFC1-08002BE10318}
Description:  
Device ID: USBSTOR\DISK&VEN_FOXCONN&PROD_SM__USB2.0_READE&REV_9144\000000000162&1
Manufacturer: (  )
Name: Foxconn SM  USB2.0 Reade USB Device
PNP Device ID: USBSTOR\DISK&VEN_FOXCONN&PROD_SM__USB2.0_READE&REV_9144\000000000162&1
Service: disk

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: IEEE 802.11g Wireless CardBus & PCI Adapter HW.61
Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_2051168C&REV_01\4&2E98101C&0&50F0
Manufacturer: OEM
Name: IEEE 802.11g Wireless CardBus & PCI Adapter HW.61
PNP Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_2051168C&REV_01\4&2E98101C&0&50F0
Service: AR5211

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&2E98101C&0&68F0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&2E98101C&0&68F0
Service: RTL8023xp

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: N93
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: N93
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Files created between 2008-01-13 and 2008-02-13 -----------------------------

2008-02-13 16:00:04         0 d-------- E:\Program Files\Trend Micro
2008-02-11 18:32:47         0 d-------- E:\Documents and Settings\\QIP
2008-02-11 18:16:12         0 d-------- E:\Documents and Settings\\QIP Infium
2008-02-11 18:15:23   4322387 --a------ E:\Documents and Settings\\qipinfium.exe
2008-02-10 23:24:15         0 d-------- E:\Program Files\Crypto Pro
2008-02-07 21:36:24         0 d-------- E:\WINDOWS\CSC
2008-02-07 21:18:28         0 d-------- E:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2008-02-02 23:39:05         0 d-------- E:\Documents and Settings\\Application Data\Sun
2008-02-02 22:30:09         0 dr-h----- E:\Documents and Settings\LocalService\Recent
2008-02-01 01:28:36         0 d-------- E:\Documents and Settings\Spinal\Iie aieoiaiou
2008-01-29 19:59:59         0 d-------- E:\Program Files\ImTOO
2008-01-27 00:12:07         0 d-------- E:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2008-01-24 21:15:45         0 d-------- E:\Program Files\Corbina Telecom
2008-01-22 04:30:17         0 d-------- E:\Program Files\AlfaDirect
2008-01-22 04:27:42         0 d-------- E:\WINDOWS\system32\Aktiv Co
2008-01-18 00:34:40         0 d-------- E:\Program Files\WinPcap
2008-01-18 00:34:23         0 d-------- E:\Program Files\Cain
2008-01-17 15:50:34         0 d-------- E:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2008-01-17 15:50:24         0 d-------- E:\Program Files\Common Files\Adobe Systems Shared
2008-01-17 05:34:31         0 d-------- E:\Program Files\HTV
2008-01-17 04:51:02         0 d-------- E:\Documents and Settings\All Users.WINDOWS\Application Data\winsyscfg
2008-01-14 17:56:01         0 d-------- E:\Program Files\Common Files\Blizzard Entertainment
2008-01-14 01:53:48         0 d-------- E:\Documents and Settings\Spinal\Application Data\GlobalSCAPE
2008-01-14 01:48:46         0 d-------- E:\Program Files\GlobalSCAPE
2008-01-13 21:37:44         0 d-------- E:\skin
2008-01-13 21:37:43         0 d-------- E:\Documents and Settings\Spinal\Application Data\Mra


-- Find3M Report ---------------------------------------------------------------

2008-02-10 23:43:02    445412 --a------ E:\WINDOWS\system32\perfh019.dat
2008-02-10 23:43:02     75526 --a------ E:\WINDOWS\system32\perfc019.dat
2008-02-10 23:24:15         0 d--h----- E:\Program Files\InstallShield Installation Information
2008-02-01 16:47:29         0 d-------- E:\Program Files\Miranda IM K&S Pack 7.0
2008-01-17 19:44:29         0 d-------- E:\Program Files\Winamp
2008-01-17 15:57:20         0 d-------- E:\Documents and Settings\Spinal\Application Data\Adobe
2008-01-17 15:54:17         0 d-------- E:\Program Files\Common Files\Adobe
2008-01-17 15:50:24         0 d-------- E:\Program Files\Common Files
2008-01-14 04:45:40         0 d-------- E:\Documents and Settings\Spinal\Application Data\ReGet Software
2008-01-09 23:41:34         0 d-------- E:\Program Files\CureROM
2008-01-09 23:19:23         0 d-------- E:\Documents and Settings\Spinal\Application Data\Leadertech
2008-01-07 20:26:58         0 d-------- E:\Documents and Settings\Spinal\Application Data\Macromedia
2008-01-07 15:49:56         0 d-------- E:\Documents and Settings\Spinal\Application Data\Notepad++
2008-01-07 15:49:16         0 d-------- E:\Program Files\Notepad++
2008-01-07 15:39:46         0 d-------- E:\Program Files\DNA-drivers
2008-01-07 15:37:03         0 d-------- E:\Documents and Settings\Spinal\Application Data\atitray
2008-01-07 13:05:09         0 d-------- E:\Program Files\MSXML 6.0
2008-01-07 12:52:29         0 d-------- E:\Program Files\MSXML 4.0
2007-12-20 09:06:00         0 d-------- E:\Documents and Settings\Spinal\Application Data\ICQ
2007-12-20 09:05:58         0 d-------- E:\Program Files\ICQ6


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Outpost Firewall"="E:\Program Files\Agnitum\Outpost Firewall\outpost.exe" [30.08.2006 09:46]
"OutpostFeedBack"="E:\Program Files\Agnitum\Outpost Firewall\feedback.exe" [26.09.2006 18:36]
"NeroFilterCheck"="E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12.01.2006 15:40]
"zBrowser Launcher"="E:\Program Files\Logitech\iTouch\iTouch.exe" [29.05.2002 00:59]
"Logitech Utility"="Logi_MwX.Exe" [11.12.2003 08:50 E:\WINDOWS\LOGI_MWX.EXE]
"WINDVDPatch"="CTHELPER.EXE" [07.02.2002 21:01 E:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="E:\WINDOWS\UpdReg.EXE" [11.05.2000 00:00]
"Jet Detection"="E:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [04.10.2001 00:00]
"Device Detector"="DevDetect.exe" []
"RemoteControl"="E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [08.12.2003 17:35]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 01:11]
"Windows Updater"="winExplore.exe" []
"PCSuiteTrayApplication"="E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23.01.2007 11:19]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10.10.2007 19:51]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [22.10.2006 12:22]
"nwiz"="nwiz.exe" [22.10.2006 12:22 E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [22.10.2006 12:22 E:\WINDOWS\system32\nvmctray.dll]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [22.08.2006 08:52]
"CursorXP"="E:\Program Files\CursorXP\CursorXP.exe" [19.01.2005 16:44]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [18.08.2004 16:00]
"RoboForm"="E:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [25.09.2007 18:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Updater"=winExplore.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

E:\Documents and Settings\Spinal\ \ணࠬ\⮧㧪\
Adobe Gamma.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16.03.2005 19:16:50]
㬥 Microsoft Word.lnk - E:\Documents and Settings\Spinal\稩 ⮫\㬥 Microsoft Word.rar [27.10.2007 16:55:40]
.lnk - E:\Documents and Settings\Spinal\ 㬥\.txt [15.10.2007 3:38:13]

E:\Documents and Settings\All Users.WINDOWS\ \ணࠬ\⮧㧪\
Microtek Scanner Finder.lnk - E:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [25.06.2007 23:13:40]
Wireless Configuration Utility HW.61.lnk - E:\Program Files\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.61 V.1.10\WlanCU.exe [11.10.2005 16:01:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=E:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=E:\WINDOWS\Resources\Themes\Royale.theme
"RunStartupScriptSync"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
"NoRemoteRecursiveEvents"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)
"NoClose"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=1 (0x1)
"NoSaveSettings"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoClose"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoStartBanner"=01000000
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiTrayTools]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\ctrun\start.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

62 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-02-13 16:01:20 ------------

