Deckard's System Scanner v20071014.68 Run by Ron on 2008-01-28 22:33:31 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 27: 2008-01-29 03:34:33 UTC - RP717 - Deckard's System Scanner Restore Point 26: 2008-01-29 03:08:30 UTC - RP716 - Installed Java(TM) 6 Update 4 25: 2008-01-29 02:39:16 UTC - RP715 - Installed Java(TM) SE Development Kit 6 Update 4 24: 2008-01-28 21:01:05 UTC - RP714 - System Checkpoint 23: 2008-01-27 20:48:39 UTC - RP713 - Software Distribution Service 3.0 -- First Restore Point -- 1: 2008-01-27 00:23:31 UTC - RP691 - Removed Java(TM) SE Runtime Environment 6 Update 1 Backed up registry hives. Performed disk cleanup. [color=red]Percentage of Memory in Use: 76% (more than 75%).[/color] [color=red]Total Physical Memory: 511 MiB (512 MiB recommended).[/color] -- HijackThis (run as Ron.exe) ------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:43:46 PM, on 1/28/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe d:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Lotus\Notes\ntmulti.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe C:\Program Files\Sony\vaio media integrated server\VMISrv.exe C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe d:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\ATK0100\Hcontrol.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe C:\Program Files\Apoint\Apntex.exe D:\Office12\GrooveMonitor.exe D:\iTunes\iTunesHelper.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YQLTUVNG\VundoFix[1].exe C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\3Q6DWP21\dss[1].exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Ron.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netmail.verizon.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.verizon.com/cgi-bin/getproxy O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: (no name) - {76460D80-480D-40BF-AF0D-3A2D3B8DEF61} - C:\WINDOWS\system32\opnmnll.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Clusty - {5538fb62-f725-4433-a965-91314e8d8e4d} - C:\Program Files\Clusty Toolbar\toolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file) O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" O4 - HKLM\..\Run: [HKSERV.EXE] "C:\Program Files\Sony\HotKey Utility\HKserv.exe" O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install" O4 - HKLM\..\Run: [VMConsole.exe] "C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe" /windowmin O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k O4 - HKLM\..\Run: [GrooveMonitor] "D:\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "D:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {11865A2A-649F-4FA1-8B99-B97DF8070B7C} (IWSystemchecks Control) - http://vcel.interwise.com/class/English/ActiveX/IWsystemchecks.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125271889001 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130605959054 O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: opnmnll - C:\WINDOWS\SYSTEM32\opnmnll.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus\Notes\ntmulti.exe O23 - Service: NICSer_WPC300N - Unknown owner - C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe (file missing) O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe -- End of file - 14350 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080128-215200-314 O2 - BHO: (no name) - {F9BE0F29-64B6-4CCD-9AB2-4167C877B3A2} - C:\WINDOWS\system32\wvwtq.dll (file missing) -- File Associations ----------------------------------------------------------- [COLOR=red].txt - TXT_File - DefaultIcon - unable to read value[/COLOR] [COLOR=red].txt - TXT_File - shell\open\command - notepad.exe %1[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys R2 IOPort - c:\windows\system32\drivers\ioport.sys R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys R3 Eacfilt (Eacfilt Miniport) - c:\windows\system32\drivers\eacfilt.sys R3 IPSECSHM (Nortel IPSECSHM Adapter) - c:\windows\system32\drivers\ipsecw2k.sys S3 CBPSp50 (CBPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\cbpsp50.sys (file missing) S3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\windows\system32\cbtndis5.sys S3 IPSECEXT (Nortel Extranet Access Protocol) - c:\windows\system32\drivers\ipsecw2k.sys S3 Ser2pl (Prolific2 Serial port driver) - c:\windows\system32\drivers\ser2pl.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" R2 Multi-user Cleanup Service - c:\lotus\notes\ntmulti.exe R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe S2 NICSer_WPC300N - c:\program files\linksys\wireless-n network monitor\nicserv.exe (file missing) -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394 Net Adapter Device ID: V1394\NIC1394\1A584C38004603 Manufacturer: Microsoft Name: 1394 Net Adapter PNP Device ID: V1394\NIC1394\1A584C38004603 Service: NIC1394 Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Intel(R) PRO/100 VE Network Connection Device ID: PCI\VEN_8086&DEV_103D&SUBSYS_818D104D&REV_83\4&22270378&0&40F0 Manufacturer: Intel Name: Intel(R) PRO/100 VE Network Connection PNP Device ID: PCI\VEN_8086&DEV_103D&SUBSYS_818D104D&REV_83\4&22270378&0&40F0 Service: E100B -- Scheduled Tasks ------------------------------------------------------------- 2008-01-28 22:10:05 250 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job -- Files created between 2007-12-28 and 2008-01-28 ----------------------------- 2008-01-28 22:17:13 0 d-------- C:\Program Files\Sun 2008-01-28 21:49:47 0 d-------- C:\Program Files\Java 2008-01-28 21:39:54 0 d-------- C:\Program Files\Common Files\Java 2008-01-28 21:30:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-01-28 21:30:28 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-28 21:24:25 0 d-------- C:\Program Files\Trend Micro 2008-01-27 21:59:00 0 d-------- C:\WINDOWS\LastGood 2008-01-27 21:54:12 208896 -----n--- C:\WINDOWS\alcupd.exe 2008-01-27 21:54:12 139264 -----n--- C:\WINDOWS\alcrmv.exe 2008-01-27 16:09:55 0 d------c- C:\VundoFix Backups 2008-01-27 13:16:11 0 d-------- C:\Documents and Settings\Marsha\Application Data\WinRAR 2008-01-27 02:34:14 0 d-------- C:\Program Files\Common Files\The Shield Firewall 2008-01-27 02:17:45 0 d-------- C:\Program Files\PCSecurityShield 2008-01-27 00:06:53 7981 --ahs---- C:\WINDOWS\system32\qtwvw.ini2 2008-01-26 23:04:54 0 d-------- C:\Program Files\Microsoft Silverlight 2008-01-26 22:46:08 0 d-------- C:\Program Files\BitDefender 2008-01-26 22:22:25 36352 --a------ C:\WINDOWS\system32\nnnljjk.dll 2008-01-26 21:55:30 262144 --a------ C:\Documents and Settings\Owner\NTUSER.DAT 2008-01-26 21:30:24 74703 --a------ C:\WINDOWS\system32\mfc45.dll 2008-01-26 21:24:22 0 d-------- C:\Documents and Settings\Ron\Application Data\iolo 2008-01-26 21:24:22 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo 2008-01-26 19:16:05 36352 --a------ C:\WINDOWS\system32\opnmnll.dll 2008-01-23 21:23:04 528384 --a------ C:\WINDOWS\system32\VZWDownManager.exe 2008-01-23 21:23:02 49152 --a------ C:\WINDOWS\system32\VZWDLManager.dll 2008-01-23 19:16:07 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-23 19:15:29 0 d-------- C:\Program Files\Windows Live 2008-01-23 19:14:20 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-22 21:58:36 0 d-------- C:\Documents and Settings\Ron\Application Data\McAfee 2008-01-08 22:26:14 0 d-------- C:\Program Files\Common Files\Motorola Shared 2008-01-02 21:53:09 0 d-------- C:\Program Files\iPod 2008-01-02 21:47:59 0 d-------- C:\Program Files\QuickTime 2008-01-02 21:47:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-01-02 21:44:03 0 d-------- C:\Program Files\Common Files\Apple 2008-01-02 21:43:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple -- Find3M Report --------------------------------------------------------------- 2008-01-28 21:39:54 0 d-------- C:\Program Files\Common Files 2008-01-28 20:10:58 0 d-------- C:\Program Files\Movie Maker 2008-01-27 21:54:11 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-01-27 21:16:49 0 d-------- C:\Documents and Settings\Ron\Application Data\DAEMON Tools 2008-01-27 03:18:40 0 d-------- C:\Documents and Settings\Ron\Application Data\Azureus 2008-01-26 22:10:07 0 d-------- C:\Program Files\Common Files\McAfee 2008-01-23 23:03:44 0 d-------- C:\Program Files\MoodLogic 2008-01-23 22:33:40 0 d-------- C:\Program Files\Common Files\Adobe 2008-01-05 12:37:09 0 d-------- C:\Program Files\PeerGuardian2 2007-12-24 00:28:48 0 d-------- C:\Program Files\Microsoft Expression 2007-12-24 00:03:52 0 d-------- C:\Program Files\DAEMON Tools Lite 2007-12-23 18:02:36 0 d-------- C:\Program Files\Microsoft Works 2007-12-23 18:01:06 0 d-------- C:\Program Files\MSBuild 2007-12-23 17:56:18 0 d-------- C:\Program Files\Microsoft.NET 2007-12-23 17:46:06 0 d-------- C:\Program Files\Microsoft Visual Studio 8 2007-11-30 18:12:48 0 d-------- C:\Program Files\Windows Live Toolbar -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76460D80-480D-40BF-AF0D-3A2D3B8DEF61}] 01/26/2008 07:16 PM 36352 --a------ C:\WINDOWS\system32\opnmnll.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [09/19/2003 08:42 PM] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [11/07/2003 08:21 PM] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/26/2004 09:00 PM] "BluetoothAuthenticationAgent"="rundll32.exe" [08/04/2004 02:56 AM C:\WINDOWS\system32\rundll32.exe] "SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [12/12/2003 01:03 AM] "HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [02/13/2004 01:01 AM] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [02/20/2004 04:12 PM] "ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 01:29 PM] "VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [01/17/2004 05:36 AM] "VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 12:08 AM] "HP OfficeJet T Series"="C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe" [] "VMConsole.exe"="C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe" [02/25/2004 08:08 AM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 10:56 AM] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] "GrooveMonitor"="D:\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM] "iTunesHelper"="D:\iTunes\iTunesHelper.exe" [12/11/2007 12:10 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM] "BitDefender Antiphishing Helper"="D:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [10/09/2007 03:46 PM] "avast!"="d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 08:00 AM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 03:42 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [11/02/2006 01:43 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{76460D80-480D-40BF-AF0D-3A2D3B8DEF61}"= C:\WINDOWS\system32\opnmnll.dll [01/26/2008 07:16 PM 36352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmnll] opnmnll.dll 01/26/2008 07:16 PM 36352 C:\WINDOWS\system32\opnmnll.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\wvwtq [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx scan -- End of Deckard's System Scanner: finished at 2008-01-28 22:53:46 ------------