I ran these before I updated Windows.
Deckard's System Scanner v20070708.52
Run by Owner on 2007-07-08 at 20:17:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
15: 2007-07-09 01:17:58 UTC - RP15 - Deckard's System Scanner Restore Point
14: 2007-07-09 01:09:11 UTC - RP14 - Deckard's System Scanner Restore Point
13: 2007-07-07 23:21:01 UTC - RP13 - Restore Operation
12: 2007-07-07 14:01:21 UTC - RP12 - 7607_2
11: 2007-07-07 13:50:06 UTC - RP11 - 7607
-- First Restore Point --
1: 2007-06-27 16:48:55 UTC - RP1 - System Checkpoint
Performed disk cleanup.
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:18:02 PM, on 7/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [2wSysTray] E:\Apps\2PortalMon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=58813O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1182742621984O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------
backup-20070706-104108-301 O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -
http://ipgweb.cce.hp...ads/sysinfo.cabbackup-20070706-104108-438 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://downloads.ewi...oOnlineScan.cabbackup-20070706-104108-453 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://red.clientapp...//www.yahoo.combackup-20070706-104108-485 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
backup-20070706-104108-554 O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
backup-20070706-104108-613 O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
backup-20070706-104108-619 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20070706-104108-662 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapp...//www.yahoo.combackup-20070706-104108-673 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapp...//www.yahoo.combackup-20070706-104108-752 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
backup-20070706-104108-756 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapp.../search/ie.htmlbackup-20070706-104108-848 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapp.../search/ie.htmlbackup-20070706-104108-914 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
backup-20070706-104108-951 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20070706-104109-277 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://www.johannrai...can8/oscan8.cabbackup-20070706-104109-553 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcaf...059/mcfscan.cabbackup-20070706-104109-602 O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
http://photos.yahoo....plorer1_9us.cabbackup-20070706-104109-656 O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
backup-20070706-104109-751 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
http://ax.emsisoft.com/asquared.cabbackup-20070706-104109-774 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
backup-20070706-104109-793 O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) -
http://www.superadbl...ivex/sabspx.cabbackup-20070706-104109-823 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
backup-20070706-104109-951 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
-- File Associations -----------------------------------------------------------
.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-153.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-151.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-152-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>
S3 catchme - c:\docume~1\owner\locals~1\temp\catchme.sys (file missing)
S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)
S3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39>
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
R2 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>
-- Files created between 2007-06-08 and 2007-07-08 -----------------------------
2007-07-08 19:58:53 0 d-------- C:\WINDOWS\LastGood
2007-07-08 19:36:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\Ahead
2007-07-08 19:29:30 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2007-07-08 19:29:29 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2007-07-08 19:18:00 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-07-08 18:59:54 0 d-------- C:\WINDOWS\system32\NtmsData
2007-07-08 18:47:29 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Ahead
2007-07-07 00:55:49 5 --ahs---- C:\WINDOWS\system32\eeaaacc6_d.dll
2007-07-07 00:55:40 0 d-------- C:\Program Files\RegSupreme Pro
2007-07-07 00:13:55 23 --ahs---- C:\WINDOWS\system32\ebfcfeeafcb_r.dll
2007-07-07 00:13:50 0 d-------- C:\Program Files\jv16 PowerTools 2007
2007-07-06 14:47:15 0 d-------- C:\WINDOWS\system32\PreInstall
2007-07-04 19:18:25 0 d-------- C:\WINDOWS\pss
2007-07-04 19:18:06 0 d-------- C:\Program Files\Common Files\ODBC
2007-07-04 19:11:21 0 d-------- C:\WINDOWS\AiOTemp
2007-07-04 13:16:50 0 d-------- C:\VundoFix Backups
2007-06-27 15:32:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-06-27 12:18:28 1310 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-27 12:07:16 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-06-25 14:54:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Jasc
2007-06-25 04:36:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-06-25 04:36:35 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-06-25 04:36:35 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-06-25 04:35:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-25 02:52:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-06-25 02:51:54 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-06-25 02:51:54 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-06-25 02:51:54 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-06-25 02:51:54 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-06-25 02:51:54 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-06-25 02:51:54 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-06-25 02:51:54 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-06-25 02:51:54 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-06-25 02:51:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-06-25 02:51:54 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-06-25 02:51:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-06-25 02:51:53 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-06-25 02:51:53 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-06-25 02:51:53 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-06-25 02:51:53 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-06-25 02:51:53 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-06-25 02:51:52 1572864 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-06-24 23:19:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-06-24 23:19:16 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-06-24 23:19:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-06-24 22:43:08 0 d-------- C:\Program Files\SpywareGuard
2007-06-24 22:37:47 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-24 22:26:27 0 d-------- C:\Program Files\SpywareBlaster
2007-06-24 17:10:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-06-24 07:05:41 0 d-------- C:\WINDOWS\BDOSCAN8
2007-06-20 04:05:11 0 d-------- C:\Program Files\PSP Thumbnail Handler
2007-06-18 10:12:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Motive
2007-06-18 10:01:56 0 d-------- C:\WINDOWS\Motive
2007-06-18 10:01:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2007-06-18 09:54:17 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:54:16 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:54:15 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:54:15 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-06-18 09:54:14 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2007-06-18 09:53:54 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-06-18 09:53:54 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-06-18 09:53:53 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:53 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:52 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:50 945424 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:50 154896 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:49 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:48 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:47 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:46 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:45 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:43 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-11 03:20:31 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
-- Find3M Report ---------------------------------------------------------------
2007-07-08 17:51:43 0 d-------- C:\Program Files\BladePro
2007-07-04 15:13:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-04 15:11:03 0 d-------- C:\Program Files\Yahoo!
2007-07-04 15:08:25 118784 --a------ C:\WINDOWS\system32\pdfmona.dll
2007-07-04 15:08:25 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2007-07-04 14:19:30 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-07-04 13:37:34 0 d-------- C:\Program Files\Rainlendar
2007-07-01 18:11:37 0 d-------- C:\Documents and Settings\Owner\Application Data\RipIt4Me
2007-06-25 09:09:28 0 d-------- C:\Program Files\Digital Media Reader
2007-06-22 04:19:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2007-06-21 19:09:38 0 d-------- C:\Program Files\Common Files\Caere
2007-06-21 10:24:15 0 d-------- C:\Program Files\TextBridge Pro 98
2007-06-09 07:28:49 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2007-05-15 16:36:07 24851 --a------ C:\Documents and Settings\Owner\Application Data\Comma Separated Values (Windows).ADR
2007-05-14 01:43:39 0 d-------- C:\Program Files\SBC Yahoo!
2007-05-12 04:48:46 0 d-------- C:\Program Files\Microsoft Works
2007-04-27 23:50:09 169984 --a------ C:\WINDOWS\system32\P2D.DLL <Not Verified; Microsoft Corporation; Microsoft® HTML Layout Support Module>
2007-04-27 23:50:09 57344 --a------ C:\WINDOWS\system32\COMMTB32.DLL <Not Verified; Microsoft Corporation; Microsoft Button Editor>
2007-04-27 23:50:09 161552 --a------ C:\WINDOWS\system32\ASYCPICT.DLL <Not Verified; Microsoft Corporation; Microsoft® Forms>
-- Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
"2wSysTray"="E:\\Apps\\2PortalMon.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Uniblue RegistryBooster 2"="C:\\Program Files\\Uniblue\\RegistryBooster 2\\RegistryBooster.exe /S"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
-- End of Deckard's System Scanner: finished at 2007-07-08 at 20:18:32 ---------
Deckard's System Scanner v20070708.52
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Celeron® CPU 2.93GHz
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 1014.73 MiB / 612.67 MiB
Pagefile Memory (total/avail): 2442.09 MiB / 2154.26 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1976.34 MiB
C: is Fixed (NTFS) - 70.94 GiB total, 45.29 GiB free.
D: is Fixed (FAT32) - 3.58 GiB total, 1.66 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before download.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
UpdatesDisableNotify is set.
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EMACHINE1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\EMACHINE1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=EMACHINE1
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Owner
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\SBC Yahoo!\umuninst.exe" /S
--> C:\PROGRA~1\Yahoo!\Common\unybase.exe
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1Click DVD Copy Pro 2.3.1.6 --> "C:\Program Files\LG Software Innovations\1Click DVD Copy Pro\unins000.exe"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Corel Painter IX --> MsiExec.exe /I{A0383B7D-81A2-49D3-BE06-C0FD9EFB9DFC}
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVD43 v3.7.0 --> "C:\Program Files\dvd43\unins000.exe"
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
IsoBuster 1.9 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
jv16 PowerTools 2007 --> "C:\Program Files\jv16 PowerTools 2007\unins000.exe"
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Microsoft Calculator Plus --> MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Nero 7 Ultra Edition --> MsiExec.exe /I{FC98FBE9-E931-494C-8717-497185371033}
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
OmniPage Pro 9.0 --> C:\Program Files\Caere\OmniPagePro90\Deinstall.exe "C:\Program Files\Caere\OmniPagePro90\uninstall.exe -f'C:\Program Files\Caere\OmniPagePro90\DeIsL1.isu'"
Paint Shop Pro 7 --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PSP Thumbnail Handler --> C:\Program Files\PSP Thumbnail Handler\Setup.exe /uninstall
RegSupreme Pro 1.4 --> "C:\Program Files\RegSupreme Pro\unins000.exe"
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TextBridge Pro 98 --> "C:\Program files\TextBridge Pro 98\bin\setup.exe" -funinst.ins
The Print Shop® 6.0 --> C:\WINDOWS\UNINST.EXE -f"C:\THEPRI~1\THEPRI~1.0\DeIsL1.isu" -c"C:\THEPRI~1\THEPRI~1.0\psfinst.dll"
Tube Extractor 1.0 --> "C:\Program Files\TubeEx\unins000.exe"
-- End of Deckard's System Scanner: finished at 2007-07-08 at 20:18:32 ---------
After Updating Windows I ran DSS twice & only got the Main.Txt File -- here it is:
Deckard's System Scanner v20070708.52
Run by Owner on 2007-07-08 at 21:50:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 9:50:24 PM, on 7/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [2wSysTray] E:\Apps\2PortalMon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=58813O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1182742621984O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
-- Files created between 2007-06-08 and 2007-07-08 -----------------------------
2007-07-08 21:23:02 0 d-------- C:\Program Files\MSXML 4.0
2007-07-08 19:36:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\Ahead
2007-07-08 19:29:30 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2007-07-08 19:29:29 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2007-07-08 19:18:00 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-07-08 18:59:54 0 d-------- C:\WINDOWS\system32\NtmsData
2007-07-08 18:47:29 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Ahead
2007-07-07 00:55:49 5 --ahs---- C:\WINDOWS\system32\eeaaacc6_d.dll
2007-07-07 00:55:40 0 d-------- C:\Program Files\RegSupreme Pro
2007-07-07 00:13:55 23 --ahs---- C:\WINDOWS\system32\ebfcfeeafcb_r.dll
2007-07-07 00:13:50 0 d-------- C:\Program Files\jv16 PowerTools 2007
2007-07-06 14:47:15 0 d-------- C:\WINDOWS\system32\PreInstall
2007-07-04 19:18:25 0 d-------- C:\WINDOWS\pss
2007-07-04 19:18:06 0 d-------- C:\Program Files\Common Files\ODBC
2007-07-04 19:11:21 0 d-------- C:\WINDOWS\AiOTemp
2007-07-04 13:16:50 0 d-------- C:\VundoFix Backups
2007-06-27 15:32:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-06-27 12:18:28 1310 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-27 12:07:16 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-06-25 14:54:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Jasc
2007-06-25 04:36:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-06-25 04:36:35 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-06-25 04:36:35 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-06-25 04:35:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-25 02:52:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-06-25 02:51:54 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-06-25 02:51:54 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-06-25 02:51:54 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-06-25 02:51:54 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-06-25 02:51:54 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-06-25 02:51:54 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-06-25 02:51:54 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-06-25 02:51:54 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-06-25 02:51:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-06-25 02:51:54 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-06-25 02:51:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-06-25 02:51:53 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-06-25 02:51:53 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-06-25 02:51:53 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-06-25 02:51:53 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-06-25 02:51:53 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-06-25 02:51:52 1572864 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-06-24 23:19:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-06-24 23:19:16 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-06-24 23:19:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-06-24 22:43:08 0 d-------- C:\Program Files\SpywareGuard
2007-06-24 22:37:47 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-24 22:26:27 0 d-------- C:\Program Files\SpywareBlaster
2007-06-24 17:10:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-06-24 07:05:41 0 d-------- C:\WINDOWS\BDOSCAN8
2007-06-20 04:05:11 0 d-------- C:\Program Files\PSP Thumbnail Handler
2007-06-18 10:12:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Motive
2007-06-18 10:01:56 0 d-------- C:\WINDOWS\Motive
2007-06-18 10:01:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2007-06-18 09:54:17 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:54:16 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:54:15 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:54:15 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-06-18 09:54:14 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2007-06-18 09:53:54 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-06-18 09:53:54 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-06-18 09:53:53 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:53 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:52 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:50 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:50 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:49 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:48 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:47 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:46 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:45 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:43 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-11 03:20:31 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
-- Find3M Report ---------------------------------------------------------------
2007-07-08 21:13:48 0 d-------- C:\Program Files\Messenger
2007-07-08 17:51:43 0 d-------- C:\Program Files\BladePro
2007-07-04 15:13:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-04 15:11:03 0 d-------- C:\Program Files\Yahoo!
2007-07-04 15:08:25 118784 --a------ C:\WINDOWS\system32\pdfmona.dll
2007-07-04 15:08:25 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2007-07-04 14:19:30 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-07-04 13:37:34 0 d-------- C:\Program Files\Rainlendar
2007-07-01 18:11:37 0 d-------- C:\Documents and Settings\Owner\Application Data\RipIt4Me
2007-06-25 09:09:28 0 d-------- C:\Program Files\Digital Media Reader
2007-06-22 04:19:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2007-06-21 19:09:38 0 d-------- C:\Program Files\Common Files\Caere
2007-06-21 10:24:15 0 d-------- C:\Program Files\TextBridge Pro 98
2007-06-09 07:28:49 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2007-05-15 16:36:07 24851 --a------ C:\Documents and Settings\Owner\Application Data\Comma Separated Values (Windows).ADR
2007-05-14 01:43:39 0 d-------- C:\Program Files\SBC Yahoo!
2007-05-12 04:48:46 0 d-------- C:\Program Files\Microsoft Works
2007-04-27 23:50:09 169984 --a------ C:\WINDOWS\system32\P2D.DLL <Not Verified; Microsoft Corporation; Microsoft® HTML Layout Support Module>
2007-04-27 23:50:09 57344 --a------ C:\WINDOWS\system32\COMMTB32.DLL <Not Verified; Microsoft Corporation; Microsoft Button Editor>
2007-04-27 23:50:09 161552 --a------ C:\WINDOWS\system32\ASYCPICT.DLL <Not Verified; Microsoft Corporation; Microsoft® Forms>
-- Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
"2wSysTray"="E:\\Apps\\2PortalMon.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Uniblue RegistryBooster 2"="C:\\Program Files\\Uniblue\\RegistryBooster 2\\RegistryBooster.exe /S"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
-- End of Deckard's System Scanner: finished at 2007-07-08 at 21:50:53 ---------
My computer is now running super slow. Windows Updates said it would take 7 min. it took 40 min.
Thanks for your help,
Lmommy