Deckard's System Scanner v20071014.68 Run by cristi_b on 2008-02-24 17:44:10 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 14: 2008-02-24 15:44:16 UTC - RP445 - Deckard's System Scanner Restore Point 13: 2008-02-23 21:08:11 UTC - RP444 - Software Distribution Service 3.0 12: 2008-02-23 08:46:43 UTC - RP443 - Software Distribution Service 3.0 11: 2008-02-22 20:27:52 UTC - RP442 - Software Distribution Service 3.0 10: 2008-02-22 18:30:12 UTC - RP441 - Software Distribution Service 3.0 -- First Restore Point -- 1: 2008-02-21 16:35:33 UTC - RP432 - RegCure Backup Backed up registry hives. Performed disk cleanup. [color=red]System Drive C: has 1.13 GiB (less than 15%) free.[/color] -- HijackThis (run as cristi_b.exe) -------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:45:53 PM, on 2/24/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Mixer.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\cristi_b\Desktop\dss.exe C:\DOCUME~1\cristi_b\Desktop\cristi_b.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Amen Win] C:\DOCUME~1\cristi_b\APPLIC~1\FOURST~1\locks load.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Cercetare - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181893040171 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CCS\Services\Tcpip\..\{79535192-E34E-48A5-8436-A0483240A644}: NameServer = 81.196.170.20 194.102.233.1 O20 - Winlogon Notify: winpsa32 - winpsa32.dll (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- End of file - 7352 bytes -- File Associations ----------------------------------------------------------- [COLOR=red].bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71[/COLOR] [COLOR=red].inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69[/COLOR] [COLOR=red].ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69[/COLOR] [COLOR=red].txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- S1 SAVRTPEL - c:\program files\norton internet security\norton antivirus\savrtpel.sys (file missing) S1 SPBBCDrv - c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys (file missing) S2 BDRSDRV - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing) S3 BDFSDRV - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing) S3 lmimirr - c:\windows\system32\drivers\lmimirr.sys (file missing) S3 NAVENG - c:\progra~1\common~1\symant~1\virusd~1\20070627.016\naveng.sys (file missing) S3 NAVEX15 - c:\progra~1\common~1\symant~1\virusd~1\20070627.016\navex15.sys (file missing) S3 neokdss - c:\windows\system32\drivers\neokdss.sys (file missing) S3 Revolution1 - c:\documents and settings\cristi_b\desktop\workin uce\shak3.sys (file missing) S3 SAVRT - c:\program files\norton internet security\norton antivirus\savrt.sys (file missing) S3 scrcap - c:\windows\system32\drivers\scrcap.sys (file missing) S3 SymEvent - c:\program files\symantec\symevent.sys (file missing) S3 XDva019 - c:\windows\system32\xdva019.sys (file missing) S3 xp1 - h:\documente\other\gunz hax\gunz hax\xpengine\xp.sys S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing) S3 zenos1 - h:\documente\zeons\zenosengine2.5\zenos.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S4 ISSVC - -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Multimedia Audio Controller Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_41611106&REV_50\3&61AAA01&0&8D Manufacturer: Name: Multimedia Audio Controller PNP Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_41611106&REV_50\3&61AAA01&0&8D Service: -- Scheduled Tasks ------------------------------------------------------------- 2008-02-24 17:37:41 428 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job 2008-02-24 16:00:00 276 --ah----- C:\WINDOWS\Tasks\AA6C76A1918BF0F1.job 2008-02-24 15:50:01 260 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job 2008-02-22 19:04:30 362 --a------ C:\WINDOWS\Tasks\RegCure.job 2008-02-22 17:15:01 358 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job -- Files created between 2008-01-24 and 2008-02-24 ----------------------------- 2008-02-24 10:50:06 0 dr-h----- C:\Documents and Settings\cristi_b\Recent 2008-02-23 21:24:26 0 d-------- C:\Program Files\Common Files\Stardock 2008-02-23 11:06:20 0 d-------- C:\Program Files\Restorer2000 Pro 2008-02-23 11:03:59 263231 --a------ C:\Documents and Settings\cristi_b\scan.dat 2008-02-22 19:09:40 0 d-------- C:\WINDOWS\system32\QVJGTGljZW5zZUluZm8= 2008-02-22 19:01:41 0 d-------- C:\Documents and Settings\cristi_b\Application Data\errclean 2008-02-22 18:59:11 0 d-------- C:\Program Files\uTorrent 2008-02-22 18:59:08 0 d-------- C:\Documents and Settings\cristi_b\Application Data\uTorrent 2008-02-22 18:56:47 0 dr------- C:\Documents and Settings\All Users\Application Data\errclean 2008-02-22 18:56:19 0 d-------- C:\Program Files\Common Files\ErrClean 2008-02-22 18:56:17 0 d-------- C:\Program Files\ErrClean 2008-02-22 15:32:07 0 d-------- C:\Program Files\CCleaner 2008-02-21 21:30:04 0 d-------- C:\Program Files\Enigma Software Group 2008-02-21 19:34:01 0 d-------- C:\WINDOWS\5888428E699C4E71BF7194EE06B497DA.TMP 2008-02-21 19:33:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-21 19:27:24 0 d-------- C:\Program Files\PC Optimizer Pro 2008-02-21 19:08:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-21 19:08:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo! 2008-02-21 19:08:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google 2008-02-21 19:08:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe 2008-02-21 17:24:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-21 16:07:17 3066 --a------ C:\WINDOWS\system32\tmp.reg 2008-02-21 16:06:10 85504 --a------ C:\WINDOWS\system32\VACFix.exe 2008-02-21 16:06:09 82432 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-02-21 16:06:08 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-02-21 16:06:07 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-02-21 16:06:07 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-02-21 16:06:06 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-02-21 16:06:06 53248 --a------ C:\WINDOWS\system32\Process.exe 2008-02-20 21:56:04 0 dr------- C:\Documents and Settings\LocalService\Favorites 2008-02-20 21:53:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-20 21:11:43 0 d-------- C:\Program Files\Spyware Doctor 2008-02-17 16:53:25 0 d-------- C:\Documents and Settings\cristi_b\Application Data\AltrixSoft 2008-02-16 10:52:05 0 d-------- C:\Documents and Settings\cristi_b\Application Data\gtk-2.0 2008-02-16 10:50:20 0 d-------- C:\Documents and Settings\cristi_b\deluge 2008-02-16 09:00:00 0 d-------- C:\Documents and Settings\cristi_b\Application Data\.BitTornado 2008-02-10 15:28:35 0 d-------- C:\Program Files\VisualTooltip 2008-02-10 15:28:35 0 d-------- C:\Program Files\Vista Sidebar 2008-02-10 15:28:18 0 d-------- C:\WINDOWS\system32\VIRepair 2008-02-10 15:01:33 0 d-------- C:\Program Files\Stardock 2008-02-10 14:48:04 0 d-------- C:\WINDOWS\system32\VITrans 2008-02-10 10:47:04 8912896 --a------ C:\Documents and Settings\cristi_b\ntuser.dat 2008-02-09 11:22:31 0 d-------- C:\Program Files\Webteh 2008-02-08 10:50:32 0 d-------- C:\Documents and Settings\cristi_b\Application Data\BSplayer PRO 2008-02-06 13:06:01 89184 -----n--- C:\WINDOWS\system32\drivers\imagedrv.sys 2008-02-06 13:05:44 38912 --a------ C:\WINDOWS\system32\picn20.dll 2008-02-06 13:05:42 544768 --a------ C:\WINDOWS\system32\imagx5.dll 2008-02-06 13:05:42 569344 --a------ C:\WINDOWS\system32\imagr5.dll 2008-02-06 13:05:40 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-02-06 13:05:40 0 d-------- C:\Program Files\Common Files\Ahead 2008-02-06 13:01:20 0 d-------- C:\WINDOWS\RegisteredPackages 2008-02-05 10:08:52 0 d-------- C:\Documents and Settings\cristi_b\Application Data\Media Player Classic 2008-02-05 10:07:12 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2008-02-05 10:07:01 1559040 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-02-05 10:07:00 282624 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-02-05 10:06:57 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-02-05 10:06:57 81920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-02-05 10:06:46 682496 --a------ C:\WINDOWS\system32\divx.dll 2008-02-05 10:06:43 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-02-05 10:06:38 0 d-------- C:\Documents and Settings\cristi_b\Application Data\Real 2008-02-05 10:06:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Real 2008-01-31 15:11:31 0 d-------- C:\Program Files\Common Files\INCA Shared 2008-01-26 20:21:04 0 d-------- C:\WINDOWS\Replay Media Catcher 2008-01-26 20:20:53 0 d-------- C:\Program Files\Replay Media Catcher 2008-01-26 20:19:44 0 d-------- C:\WINDOWS\Applian FLV Player 2008-01-26 13:45:21 0 d-------- C:\ijji 2008-01-25 18:01:48 0 d-------- C:\Documents and Settings\cristi_b\Application Data\IDM 2008-01-24 19:36:30 679936 --a------ C:\WINDOWS\system32\ijjiSetup.exe 2008-01-24 19:36:30 0 d-------- C:\Program Files\NHN USA 2008-01-24 12:53:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus! -- Find3M Report --------------------------------------------------------------- 2087-04-23 08:15:02 4358144 --a------ C:\WINDOWS\uncsetup.exe 2008-02-23 21:24:26 0 d-------- C:\Program Files\Common Files 2008-02-22 20:29:45 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-02-20 20:24:54 0 d-------- C:\Documents and Settings\cristi_b\Application Data\FourStartDefault 2008-02-15 14:20:08 6512171 --a------ C:\WINDOWS\system32\##rofl## 2008-02-14 22:21:49 0 d-------- C:\Documents and Settings\cristi_b\Application Data\Adobe 2008-02-07 10:01:16 709116 --a------ C:\WINDOWS\system32\iexplorer 2008-02-05 12:08:59 0 d-------- C:\Documents and Settings\cristi_b\Application Data\LimeWire 2008-02-02 13:36:38 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-01-31 14:17:09 0 d-------- C:\Program Files\Common Files\InstallShield 2008-01-29 19:05:17 0 d-------- C:\Program Files\DivX 2008-01-29 15:33:06 0 d-------- C:\Program Files\Common Files\Adobe 2008-01-26 14:46:14 0 d--h----- C:\Documents and Settings\cristi_b\Application Data\ijjigame 2008-01-25 18:04:15 0 d-------- C:\Documents and Settings\cristi_b\Application Data\DMCache 2008-01-23 18:22:56 0 d-------- C:\Program Files\Circle Developement 2008-01-23 18:22:50 0 d-------- C:\Program Files\Messenger Plus! Live 2008-01-23 18:22:49 0 d-------- C:\Program Files\MSN Messenger 2008-01-12 09:46:48 0 d-------- C:\Documents and Settings\cristi_b\Application Data\Hamachi 2008-01-05 15:08:05 0 d-------- C:\Documents and Settings\cristi_b\Application Data\Yahoo! 2008-01-02 23:13:06 0 d-------- C:\Program Files\Windows Live Safety Center 2008-01-02 19:51:03 0 d-------- C:\Documents and Settings\cristi_b\Application Data\NeroVision 2007-12-30 18:46:06 0 d-------- C:\Documents and Settings\cristi_b\Application Data\Help 2007-12-29 17:11:17 0 d-------- C:\Documents and Settings\cristi_b\Application Data\Opera 2007-12-29 16:24:12 0 dr-h----- C:\Documents and Settings\cristi_b\Application Data\SecuROM 2007-12-28 22:46:10 0 d-------- C:\Program Files\IVT Corporation 2007-12-28 22:38:42 32 --a------ C:\WINDOWS\0 2007-12-28 20:55:51 0 --a------ C:\WINDOWS\system32\0 2007-12-28 12:30:09 0 d-------- C:\Program Files\Common Files\logishrd 2007-12-24 17:34:53 0 d-------- C:\Program Files\Electronic Arts -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [10/22/2006 11:22 AM] "nwiz"="nwiz.exe" [10/22/2006 11:22 AM C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [10/22/2006 11:22 AM] "C-Media Mixer"="Mixer.exe" [10/15/2002 05:00 PM C:\WINDOWS\mixer.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [08/23/2007 08:30 PM] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 04:59 PM] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/13/2003 02:49 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 09:56 AM] "Amen Win"="C:\DOCUME~1\cristi_b\APPLIC~1\FOURST~1\locks load.exe" [02/14/2008 10:01 PM] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] H:\Documente\ThemeManager\fastload.dll 12/20/2001 11:34 PM 24576 H:\Documente\ThemeManager\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpsa32] winpsa32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=wbsys.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^cristi_b^Start Menu^Programs^Startup^hamachi.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "Symantec Core LC"=2 (0x2) "SPBBCSvc"=2 (0x2) "SNDSrvc"=2 (0x2) "SBService"=2 (0x2) "SAVScan"=3 (0x3) "ose"=3 (0x3) "navapsvc"=2 (0x2) "MDM"=2 (0x2) "LiveUpdate"=3 (0x3) "ISSVC"=2 (0x2) "ccSetMgr"=2 (0x2) "ccPwdSvc"=3 (0x3) "ccProxy"=2 (0x2) "ccEvtMgr"=2 (0x2) "Automatic LiveUpdate Scheduler"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled] "cookw"="C:\PROGRA~1\COMMON~1\ErrClean\cookw.exe" -start [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{234ff90c-c84f-11dc-8864-00116799779a}] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc6490f5-7270-11dc-8793-00e04cb8139e}] - autorun.pif -- Hosts ----------------------------------------------------------------------- 127.0.0.1 bin.errorprotector.com ## added by CiD 127.0.0.1 br.errorsafe.com ## added by CiD 127.0.0.1 br.winantivirus.com ## added by CiD 127.0.0.1 br.winfixer.com ## added by CiD 127.0.0.1 cdn.drivecleaner.com ## added by CiD 127.0.0.1 cdn.errorsafe.com ## added by CiD 127.0.0.1 cdn.winsoftware.com ## added by CiD 127.0.0.1 de.errorsafe.com ## added by CiD 127.0.0.1 de.winantivirus.com ## added by CiD 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD 7905 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-02-24 17:46:28 ------------