Deckard's System Scanner v20071014.68
Run by EDW on 2007-10-24 18:24:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 3 Restore Point(s) --
3: 2007-10-24 23:25:03 UTC - RP289 - Deckard's System Scanner Restore Point
2: 2007-10-24 01:07:11 UTC - RP288 - System Checkpoint
1: 2007-10-21 04:49:54 UTC - RP287 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 83% (more than 75%).-- HijackThis (run as EDW.exe) -------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:27:57 PM, on 10/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
c:\program files\common files\aol\1129821629\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MessengerSkinner\MessengerSkinner.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\AOL\1129821629\ee\aolsoftware.exe
c:\program files\common files\aol\1129821629\ee\aolsoftware.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Documents and Settings\EDW\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\EDW.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dellnet.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.microsoft....k/?LinkId=74005R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129821629\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: &Search -
http://edits.mywebse...?p=ZJxdm035MHUSO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Geocode in MapPoint - {38F898AC-AE46-40C4-9310-BEDCC98C32F4} - C:\Program Files\ACTMap\actmap.exe (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - {F3CE921D-D6DC-4257-8E01-3A7D914AF924} - C:\Program Files\ACTMap\actmap.exe (file missing)
O9 - Extra 'Tools' menuitem: GeoCode in MapPoint - {F3CE921D-D6DC-4257-8E01-3A7D914AF924} - C:\Program Files\ACTMap\actmap.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone:
http://*.camperconnection.netO16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} -
http://www.symantec....trl/tgctlsi.cabO16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} -
http://www.symantec....trl/tgctlsr.cabO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.exe.imgfar...p1.0.0.15-3.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
http://www.symantec....rl/LSSupCtl.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1105802905089O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://javadl-esd.su...ows-i586-jc.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
https://h17000.www1....loadManager.ocxO16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) -
http://www.nullsoft....ayx_vp3_mp3.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
https://www-secure.s...ta/SymAData.dllO16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} -
http://us2-scripts.d..._1073_em_XP.cabO16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -
https://www-secure.s.../ActiveData.cabO16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
http://pdl.stream.ao.../ampx_en_dl.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{16C852E6-1DC2-4ABC-B64D-74E28FF8967A}: NameServer = 66.174.95.44 69.78.96.14
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R0 GBDevice - c:\windows\system32\drivers\gbdevice.sys <Not Verified; Symantec Corporation; Norton GoBack>
R0 GoBack2K - c:\windows\system32\drivers\goback2k.sys <Not Verified; Symantec Corporation; Norton GoBack>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 SDdriver - c:\windows\system32\drivers\sddriver.sys <Not Verified; Symantec Corporation; Norton Speed Disk>
R3 SMNDIS5 (SMNDIS5 NDIS Protocol Driver) - c:\program files\verizon wireless\vzaccess manager\smndis5.sys <Not Verified; Smith Micro Software, Inc.; QuickLink Wi-Fi>
S2 GBFSHook - c:\windows\system32\drivers\gbfshook.sys <Not Verified; Symantec Corporation; Norton GoBack>
S3 AWINDIS5 (AWINDIS5 Protocol Driver) - c:\windows\system32\awindis5.sys <Not Verified; AMBIT Microsystems Corporation.; AMBIT WinDis32 Protocol Driver for Windows>
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 EraserUtilDrv10501 - c:\program files\common files\symantec shared\eengine\eraserutildrv10501.sys (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 NETGEAR_WG511_SERVICE (NETGEAR WG511T Wireless Adapter Service) - c:\windows\system32\drivers\wg511nd5.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter>
S3 PRISM_ICB (NETGEAR WG511 Wireless LAN Driver) - c:\windows\system32\drivers\wg511icb.sys <Not Verified; LAN-Express; >
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Speed Disk service - c:\progra~1\norton~2\norton~3\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: NEC PCI to USB Open Host Controller
Device ID: PCI\VEN_1033&DEV_0035&SUBSYS_444B5143&REV_43\5&220A2582&0&0120F0
Manufacturer: NEC
Name: NEC PCI to USB Open Host Controller
PNP Device ID: PCI\VEN_1033&DEV_0035&SUBSYS_444B5143&REV_43\5&220A2582&0&0120F0
Service: usbohci
-- Scheduled Tasks -------------------------------------------------------------
2007-10-24 00:00:00 312 --a------ C:\WINDOWS\Tasks\Symantec Drmc.job
2007-10-19 20:00:00 552 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Michael.job
2007-08-13 12:00:00 296 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
2007-07-13 04:30:01 304 --a------ C:\WINDOWS\Tasks\WEEKLY.job
-- Files created between 2007-09-24 and 2007-10-24 -----------------------------
2007-10-17 20:37:48 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-17 12:26:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-10-17 12:24:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-10-17 12:24:15 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-10-17 12:24:15 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-10-17 12:24:15 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-10-17 12:24:15 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-10-17 12:24:15 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-10-17 12:24:15 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-10-17 12:24:15 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-10-17 12:24:15 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-10-17 12:24:15 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-10-17 12:24:15 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-10-17 12:24:15 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-10-17 12:24:15 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-10-17 12:24:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-10-17 12:24:15 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-10-17 12:24:14 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-10-17 11:51:47 0 d-------- C:\Documents and Settings\EDW\Application Data\Grisoft
2007-10-17 11:51:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-17 11:38:15 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-17 11:38:05 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-10-17 11:38:05 0 d-------- C:\Documents and Settings\EDW\Application Data\SUPERAntiSpyware.com
2007-10-17 11:37:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-08 11:10:36 0 d-------- C:\Documents and Settings\EDW\Application Data\MessengerSkinner
2007-10-08 11:10:28 0 d-------- C:\Program Files\MessengerSkinner
2007-10-08 11:07:27 0 d-------- C:\Program Files\Macrogaming
2007-10-07 19:20:27 28672 --a------ C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2007-10-07 19:20:22 0 d-------- C:\Program Files\MyWebSearch
2007-10-07 19:19:21 0 d-------- C:\Program Files\FunWebProducts
2007-10-07 17:49:03 0 d-------- C:\Documents and Settings\EDW\Application Data\AOL
-- Find3M Report ---------------------------------------------------------------
2007-10-24 18:27:44 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-24 18:09:15 0 d-------- C:\Program Files\Norton Internet Security
2007-10-20 16:34:49 0 d-------- C:\Program Files\Norton SystemWorks
2007-10-17 21:08:23 0 d-------- C:\Documents and Settings\EDW\Application Data\Symantec
2007-10-17 20:59:38 0 d-------- C:\Program Files\Common Files\Pure Networks Shared
2007-10-17 20:58:41 0 d-------- C:\Program Files\QUICKENW
2007-10-17 20:58:25 0 d-------- C:\Program Files\Common Files\Scanner
2007-10-17 20:58:07 0 d-------- C:\Program Files\Google
2007-10-17 20:57:49 0 d-------- C:\Program Files\Messenger
2007-10-17 11:37:25 0 d-------- C:\Program Files\Common Files
2007-10-06 21:28:44 0 d-------- C:\Program Files\Symantec
2007-09-01 20:48:47 0 d-------- C:\Documents and Settings\EDW\Application Data\Real
2007-07-29 20:30:27 135150 --a------ C:\WINDOWS\hpwins10.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/19/2005 08:59 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/19/2005 08:59 AM]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [07/17/2002 10:18 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/19/2003 11:06 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1129821629\ee\AOLSoftware.exe" [09/25/2006 07:52 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/22/2007 10:19 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/10/2006 09:52 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [08/12/2007 11:02 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/15/2007 11:43 AM]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [08/12/2007 11:02 AM]
"messengerskinner"="C:\Program Files\MessengerSkinner\MessengerSkinner.exe" [05/30/2007 04:33 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]
"fbrmulxrz"="c:\documents and settings\edw\local settings\application data\fbrmulxrz.exe" [10/18/2007 06:32 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
C:\Documents and Settings\EDW\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 9:00:00 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Billminder.lnk - C:\Program Files\QUICKENW\BILLMIND.EXE [7/13/2007 12:11:46 PM]
DESKTOP.INI [9/3/2002 9:00:00 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [1/2/2007 9:40:10 PM]
Quicken Startup.lnk - C:\Program Files\QUICKENW\QWDLLS.EXE [7/13/2007 12:12:04 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton GoBack.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk
backup=C:\WINDOWS\pss\Norton GoBack.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AS00_Gear511]
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
carpserv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DadApp]
C:\Program Files\Dell\AccessDirect\dadapp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1129821629\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
"C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WG511WLU]
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
*Newly Created Service* - COMHOST
-- Hosts -----------------------------------------------------------------------
192.168.0.101 HP000D9D19D930
-- End of Deckard's System Scanner: finished at 2007-10-24 18:30:22 ------------