Deckard's System Scanner v20071014.68
Run by mm2.boom on 2008-03-03 21:26:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-03-03 19:26:33 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as mm2.boom.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:33, on 03.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ShadowIM\miranda32.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\mm2.boom\Desktop\dss.exe
C:\DOCUME~1\MM2~1.BOO\Desktop\HIJACK~1\mm2.boom.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ru/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab Tool\setup_7.0.0.180_02.03.2008_11-17.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Download Master] C:\Program Files\Download Master\dmaster.exe -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ShadowIM.lnk = C:\Program Files\ShadowIM\miranda32.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Neverwinter Nights 2 Drivers Auto Removal (pr2ag72b) (pr2ag72b) - Akella - C:\WINDOWS\system32\pr2ag72b.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: setup_7.0.0.180_02.03.2008_11-17 - Kaspersky Lab - C:\Program Files\Kaspersky Lab Tool\setup_7.0.0.180_02.03.2008_11-17.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 5230 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 DgiVecp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; DeviceGuys, Inc.; DeviceGuys, Inc. Team MFP for Windows NT, 9x, and 3.1>

S3 ATIAVAIW (ATI T200 Unified AVStream service) - c:\windows\system32\drivers\atinavt2.sys <Not Verified; ATI Technologies Inc.; ATI AVStream>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module>
S3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Memory Controller
Device ID: PCI\VEN_10DE&DEV_005E&SUBSYS_10101695&REV_A3\3&2411E6FE&0&00
Manufacturer: 
Name: PCI Memory Controller
PNP Device ID: PCI\VEN_10DE&DEV_005E&SUBSYS_10101695&REV_A3\3&2411E6FE&0&00
Service: 

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0052&SUBSYS_10101695&REV_A2\3&2411E6FE&0&09
Manufacturer: 
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0052&SUBSYS_10101695&REV_A2\3&2411E6FE&0&09
Service: 

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Argos Mini II USB
Device ID: USB\VID_0B0C&PID_0009\5&2AD6AF9D&0&1
Manufacturer: 
Name: Argos Mini II USB
PNP Device ID: USB\VID_0B0C&PID_0009\5&2AD6AF9D&0&1
Service: 

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_10DE&DEV_0059&SUBSYS_10101695&REV_A2\3&2411E6FE&0&20
Manufacturer: 
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_10DE&DEV_0059&SUBSYS_10101695&REV_A2\3&2411E6FE&0&20
Service: 

Class GUID: 
Description: Other PCI Bridge Device
Device ID: PCI\VEN_10DE&DEV_0057&SUBSYS_10101695&REV_A3\3&2411E6FE&0&50
Manufacturer: 
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_10DE&DEV_0057&SUBSYS_10101695&REV_A3\3&2411E6FE&0&50
Service: 

Class GUID: 
Description: 
Device ID: DISPLAY\NTATIVRV01\5&86ABB08&2&80000008&05&00
Manufacturer: 
Name: 
PNP Device ID: DISPLAY\NTATIVRV01\5&86ABB08&2&80000008&05&00
Service: 


-- Files created between 2008-02-03 and 2008-03-03 -----------------------------

2008-03-02 18:18:19    856096 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-02 18:18:17         0 d-------- C:\Program Files\Kaspersky Lab Tool
2008-03-02 12:20:48         0 d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-03-02 12:18:38         0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-03-02 12:18:38         0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-03-02 12:18:38         0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-03-02 12:18:38         0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-03-02 12:18:38         0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-03-02 12:18:38    786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-02 12:18:38         0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-02 12:18:38         0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-03-02 12:18:38         0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-02 12:18:38         0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-03-02 12:18:38         0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-03-02 12:18:38         0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-03-02 12:18:38         0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-03-02 12:18:38         0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-01 15:53:09      2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-03-01 15:53:08         0 d-------- C:\Downloads
2008-03-01 15:52:50         0 d-------- C:\Program Files\BitComet
2008-02-29 16:54:43         1 --a------ C:\WINDOWS\system32\SI.bin
2008-02-26 17:48:54         0 d-------- C:\Program Files\DAEMON Tools
2008-02-26 17:44:22         0 d-------- C:\Documents and Settings\mm2.boom\Application Data\DAEMON Tools
2008-02-26 17:40:11         0 d-------- C:\Program Files\OpenAL
2008-02-26 17:39:59    438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; EA.com/On2.com; EAOn2_VP6>
2008-02-26 17:39:59     23040 --a------ C:\WINDOWS\system32\vp6install.exe
2008-02-26 17:39:59       340 --a------ C:\WINDOWS\system32\vp6.reg
2008-02-26 17:39:54     44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-02-26 17:39:49     69632 --a------ C:\WINDOWS\system32\xmltok.dll
2008-02-26 17:39:49     36864 --a------ C:\WINDOWS\system32\xmlparse.dll
2008-02-26 17:39:49    188416 --a------ C:\WINDOWS\system32\eax.dll <Not Verified; Creative Technology Ltd; EAX Unified>
2008-02-26 17:39:49   1496064 --a------ C:\WINDOWS\system32\Cc3250mt.dll <Not Verified; Inprise Corporation; Borland C++ Builder 5.0>
2008-02-26 17:39:49     25600 --a------ C:\WINDOWS\system32\Borlndmm.dll <Not Verified; Inprise Corporation; Borland Memory Manager>
2008-02-20 17:42:21         0 d-------- C:\Program Files\TGTSoft
2008-02-17 01:12:04         0 d-------- C:\ATI
2008-02-14 19:08:44    593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-02-14 19:08:23         0 d-------- C:\Program Files\ATI Technologies
2008-02-14 12:13:01         0 d--h----- C:\WINDOWS\system32\GroupPolicy


-- Find3M Report ---------------------------------------------------------------

2008-03-03 21:13:21         0 d-------- C:\Documents and Settings\mm2.boom\Application Data\uTorrent
2008-02-29 17:00:56         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-16 23:18:37      1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-14 19:00:02         0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-30 01:50:22         0 d-------- C:\Documents and Settings\mm2.boom\Application Data\Real
2008-01-22 19:35:30         0 d-------- C:\Program Files\eMule
2008-01-22 18:29:54    669184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-01-21 17:24:55         0 d-------- C:\Program Files\Common Files\Olsena Shared
2008-01-21 17:24:54         0 d-------- C:\Program Files\Olsena
2008-01-21 17:24:54         0 d-------- C:\Program Files\Common Files
2008-01-19 17:14:40         0 d-------- C:\Documents and Settings\mm2.boom\Application Data\Winamp
2008-01-18 19:12:33         0 d-------- C:\Documents and Settings\mm2.boom\Application Data\Ableton
2008-01-18 19:11:22         0 d-------- C:\Program Files\Ableton
2008-01-17 22:42:03         0 d-------- C:\Program Files\LizardTech
2008-01-10 18:50:05         0 d-------- C:\Program Files\Nokia
2008-01-10 00:48:57         0 d-------- C:\Documents and Settings\mm2.boom\Application Data\Adobe
2008-01-10 00:34:31         0 d-------- C:\Program Files\Yahoo!
2008-01-09 19:42:01         0 d-------- C:\Documents and Settings\mm2.boom\Application Data\Nokia
2008-01-09 19:38:34         0 d-------- C:\Program Files\DIFX
2008-01-09 19:38:13         0 d-------- C:\Program Files\Common Files\PCSuite
2008-01-09 19:38:13         0 d-------- C:\Program Files\Common Files\Nokia
2008-01-09 19:37:51         0 d-------- C:\Documents and Settings\mm2.boom\Application Data\PC Suite
2007-12-07 18:28:42      7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-12-04 02:33:16    682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 11:50]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [14.03.2007 21:01]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [14.03.2007 21:01]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [15.06.2006 12:36]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"AVP"="C:\Program Files\Kaspersky Lab Tool\setup_7.0.0.180_02.03.2008_11-17.exe" [12.10.2007 15:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 03:07]
"Download Master"="C:\Program Files\Download Master\dmaster.exe" []
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [08.12.2006 04:28]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [24.05.2006 20:31]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [14.12.2007 15:18]

C:\Documents and Settings\mm2.boom\Start Menu\Programs\Startup\
ShadowIM.lnk - C:\Program Files\ShadowIM\miranda32.exe [12.11.2007 21:02:18]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [12.12.2007 0:34:48]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{181354d3-947c-11dc-b9a8-000244980a64}]
AutoRun\command- K:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cbc1782-93a7-11dc-b9a1-000244980a64}]
AutoRun\command- I:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0450f4f-93bf-11dc-b9a7-000244980a64}]
AutoRun\command- I:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0450f58-93bf-11dc-b9a7-000244980a64}]
AutoRun\command- I:\Setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Windows Sidebar]
C:\WINDOWS\system32\hidec /W C:\VAIO\Tools\REGTLIB.EXE "C:\Program Files\Windows Sidebar\sidebar.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
"C:\Program Files\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
"C:\Program Files\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BADA65A0-86B7-462B-B720-CE66655C73F5}]
regsvr32 /s C:\VAIO\.\vshellext.dll



-- Hosts -----------------------------------------------------------------------

127.0.0.1 cohlive-1.quazal.net
127.0.0.1 cohlive.quazal.net


-- End of Deckard's System Scanner: finished at 2008-03-03 21:28:05 ------------

