Deckard's System Scanner v20071014.68
Run by busya1 on 2008-07-26 21:31:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as busya1.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:31:35, on 26.07.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\DrWeb\spidernt.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ABBYY Lingvo 11 Six Languages\Lvagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\DrWeb\spiderui.exe
C:\Program Files\DrWeb\drwebscd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Punto Switcher\ps.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe
C:\Documents and Settings\busya1\Desktop\dss.exe
C:\DOCUME~1\busya1\Desktop\busya1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 11 Six Languages\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [LingvoTraining] "C:\Program Files\ABBYY Lingvo 11 Six Languages\Tutor.exe" /ND /NW /AS
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SpIDerNT] C:\PROGRA~1\DrWeb\spiderui.exe /agent
O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\drwebscd.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Punto Switcher] C:\Program Files\Punto Switcher\ps.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &  Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with ABBYY &Lingvo - res://C:\Program Files\ABBYY Lingvo 11 Six Languages\Lingvo.exe/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button:   - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) - https://w3s.webmoney.ru/WMAcceptor.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199705772468
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\spidernt.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6312 bytes

-- Files created between 2008-06-26 and 2008-07-26 -----------------------------

2008-07-26 20:19:13         0 dr-h----- C:\Documents and Settings\busya1\Recent
2008-07-26 15:10:28         0 d-------- C:\WINDOWS\CSC
2008-07-24 22:32:07         0 d-------- C:\Program Files\HD Tune Pro
2008-07-24 21:49:08         0 d-------- C:\Program Files\SpeedFan
2008-07-24 21:18:43         0 d-------- C:\WINDOWS\Prefetch
2008-07-24 21:15:02         0 d-------- C:\WINDOWS\system32\scripting
2008-07-24 21:15:01         0 d-------- C:\WINDOWS\system32\en
2008-07-24 21:15:01         0 d-------- C:\WINDOWS\system32\bits
2008-07-24 21:15:01         0 d-------- C:\WINDOWS\l2schemas
2008-07-24 21:13:27         0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-24 21:12:23         0 d-------- C:\WINDOWS\network diagnostic
2008-07-19 01:17:11         0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-19 01:12:41         0 d-------- C:\WINDOWS\system32\NtmsData
2008-07-08 00:40:29         0 d-------- C:\Program Files\Folding@Home
2008-07-06 03:20:25    229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-07-06 03:20:25   8912896 --a------ C:\Documents and Settings\busya1\ntuser.dat
2008-07-06 03:20:21      3972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2008-07-06 03:20:21      5632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys <Not Verified; EnTech Taiwan; EnTech.sys>
2008-07-06 03:20:20         0 d-------- C:\WINDOWS\system32\Futuremark
2008-07-06 03:20:20     21664 --a------ C:\WINDOWS\system32\drivers\Entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
2008-07-06 03:19:22         0 d-------- C:\Program Files\Futuremark
2008-07-05 17:27:06        56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-05 17:27:06         0 d-------- C:\Documents and Settings\busya1\Application Data\skypePM
2008-07-05 17:25:17         0 d-------- C:\Documents and Settings\busya1\Application Data\Skype
2008-07-05 17:25:02         0 d-------- C:\Program Files\Skype
2008-07-05 17:25:02         0 d-------- C:\Program Files\Common Files\Skype
2008-07-05 17:24:53         0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-30 22:13:58         0 d-------- C:\Documents and Settings\busya1\Application Data\Google
2008-06-29 19:59:44         0 d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-06-29 19:59:11         0 d-------- C:\Documents and Settings\busya1\Application Data\GRETECH
2008-06-29 19:58:50         0 d-------- C:\Program Files\GRETECH


-- Find3M Report ---------------------------------------------------------------

2008-07-26 21:00:01         0 d-------- C:\Program Files\DrWeb
2008-07-26 19:34:11         0 d-------- C:\Documents and Settings\busya1\Application Data\uTorrent
2008-07-26 00:45:34         0 d-------- C:\Documents and Settings\busya1\Application Data\WebMoney
2008-07-26 00:01:54         0 d-------- C:\Program Files\Steam
2008-07-24 22:09:42         0 d-------- C:\Program Files\HD Tune
2008-07-24 21:15:09         0 d-------- C:\Program Files\Messenger
2008-07-24 21:15:01         0 d-------- C:\Program Files\Movie Maker
2008-07-24 21:13:17         0 d-------- C:\Program Files\Windows NT
2008-07-21 21:20:07         0 d-------- C:\Program Files\Microsoft Silverlight
2008-07-21 21:18:38         0 d-------- C:\Program Files\Java
2008-07-11 22:18:37         0 d-------- C:\Program Files\Google
2008-07-06 03:19:22         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-05 17:25:02         0 d-------- C:\Program Files\Common Files
2008-07-02 01:23:09       280 --a------ C:\WINDOWS\system32\PDBootState
2008-07-01 00:47:36         0 d-------- C:\Program Files\Warcraft III
2008-06-25 01:37:15     20038 --a------ C:\WINDOWS\War3Unin.dat
2008-06-25 01:36:38      2829 --a------ C:\WINDOWS\War3Unin.pif
2008-06-25 01:36:38    126976 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-06-25 00:25:55         0 d-------- C:\Program Files\WarRun
2008-06-21 19:20:48         0 d-------- C:\Program Files\StarCraft - Brood War2
2008-06-21 19:18:39         0 d-------- C:\Program Files\StarCraft - Brood War
2008-06-18 01:34:50         0 d-------- C:\Documents and Settings\busya1\Application Data\Mozilla
2008-06-16 20:01:56         0 d-------- C:\Program Files\ICQ6
2008-06-16 20:01:51         0 d-------- C:\Documents and Settings\busya1\Application Data\ICQ
2008-06-14 18:22:01         0 d-------- C:\Program Files\SequoiaView
2008-06-14 18:03:13         0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-14 17:30:37         0 d-------- C:\Program Files\Raxco
2008-06-14 17:28:00         0 d-------- C:\Program Files\ 
2008-06-14 17:09:23         0 d-------- C:\Program Files\CCleaner
2008-06-05 00:25:37      2273 --a------ C:\WINDOWS\mozver.dat
2008-06-04 19:55:58         0 d-------- C:\Program Files\Com.Media


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [24.10.2007 19:50]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" [24.10.2007 18:32]
"@"="" []
"Lingvo Launcher"="C:\Program Files\ABBYY Lingvo 11 Six Languages\Lvagent.exe" [01.09.2005 01:32]
"LingvoTraining"="C:\Program Files\ABBYY Lingvo 11 Six Languages\Tutor.exe" [01.09.2005 02:33]
"RTHDCPL"="RTHDCPL.EXE" [16.10.2007 19:30 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [03.05.2005 19:43 C:\WINDOWS\Alcmtr.exe]
"SpIDerNT"="C:\PROGRA~1\DrWeb\spiderui.exe" [09.07.2008 13:06]
"DrWebScheduler"="C:\Program Files\DrWeb\drwebscd.exe" [06.05.2008 11:32]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [16.06.2004 06:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16.06.2004 06:03]
"nwiz"="nwiz.exe" [04.10.2007 18:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04.10.2007 18:14]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04.10.2007 18:14]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [03.10.2007 16:44]
"BluetoothAuthenticationAgent"="bthprops.cpl" [14.04.2008 05:42 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [14.04.2008 05:42]
"Punto Switcher"="C:\Program Files\Punto Switcher\ps.exe" [14.11.2007 16:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] 
C:\WINDOWS\System32\dimsntfy.dll 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\progra~1\agnitum\outpos~1\wl_hook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^busya1^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\busya1\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
"c:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVPro]
C:\Program Files\Gigabyte\ET5Pro\ETcall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
"C:\Program Files\ICQ6\ICQ.exe" silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YandexDesktopSearch]
"C:\Program Files\Yandex\Desktop\yandesk.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	BthServ
eapsvcs	eaphost
dot3svc	dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-26 21:31:57 ------------

