Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ Percentage of Memory in Use: 49% Physical Memory (total/avail): 1023.22 MiB / 517.39 MiB Pagefile Memory (total/avail): 2459.86 MiB / 2069.24 MiB Virtual Memory (total/avail): 2047.88 MiB / 1915.34 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 42.88 GiB total, 16.76 GiB free. D: is Fixed (NTFS) - 190 GiB total, 176.73 GiB free. E: is CDROM (No Media) F: is Fixed (NTFS) - 74.53 GiB total, 31.99 GiB free. \\.\PHYSICALDRIVE0 - ST3250620AS - 232.88 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 42.88 GiB - C: \PARTITION1 - Extended w/Extended Int 13 - 190 GiB - D: \\.\PHYSICALDRIVE1 - Maxtor OneTouch III USB Device - 74.53 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 74.53 GiB - F: -- Security Center ------------------------------------------------------------- AUOptions is set to notify before download. Windows Internal Firewall is disabled. FirstRunDisabled is set. FW: ZoneAlarm Firewall v7.0.362.000 (Check Point, LTD.) AV: AVG 7.5.516 v7.5.516 (Grisoft) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] '%windir%\\system32\\sessmgr.exe'='%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019' '%windir%\\Network Diagnostic\\xpnetdiag.exe'='%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000' 'C:\\Program Files\\MSN Messenger\\msnmsgr.exe'='C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1' 'C:\\Program Files\\MSN Messenger\\livecall.exe'='C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)' [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%windir%\\system32\\sessmgr.exe'='%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019' 'C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe'='C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner' 'C:\\Program Files\\Grisoft\\AVG7\\avginet.exe'='C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe' 'C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe'='C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe' 'C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe'='C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe' 'C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe'='C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe' '%windir%\\Network Diagnostic\\xpnetdiag.exe'='%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000' 'C:\\Program Files\\utorrent161.exe'='C:\\Program Files\\utorrent161.exe:*:Enabled:µTorrent' 'C:\\Program Files\\LimeWire\\LimeWire.exe'='C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire' 'C:\\Program Files\\MSN Messenger\\msnmsgr.exe'='C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1' 'C:\\Program Files\\MSN Messenger\\livecall.exe'='C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)' 'C:\\Program Files\\iTunes\\iTunes.exe'='C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes' -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\User\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=BOX ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\User LOGONSERVER=\\BOX NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=4b02 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\User\LOCALS~1\Temp TMP=C:\DOCUME~1\User\LOCALS~1\Temp tvdumpflags=8 USERDOMAIN=BOX USERNAME=User USERPROFILE=C:\Documents and Settings\User windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- User [I](admin)[/I] Administrator [I](new local, admin)[/I] -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Installshield Installation Information\{08082020-2a50-4196-8196-a6f86d6e8f12}\QBReplace.exe {08082020-2a50-4196-8196-a6f86d6e8f12}#{01288593-26bb-4b3a-a04e-0a4ed28cc937} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01} Adobe Acrobat and Reader 6.0.3 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603} Adobe Acrobat and Reader 6.0.4 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001} Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup 'C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE' -l0x9 ASUS Enhanced Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup 'C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe' -l0x9 -removeonly ASUS nVIDIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1033 Attansic Giga Ethernet Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup 'C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe' -l0x9 AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL Browser Optimizer Dcads --> C:\WINDOWS\system32\dcads-remove.exe Browser Optimizer Superiorads --> C:\WINDOWS\system32\superiorads-uninst.exe Canon MP Navigator 3.0 --> 'C:\Program Files\Canon\MP Navigator 3.0\Maint.exe' /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini Canon MP180 --> 'C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP180\DelDrv.exe' /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP180 /L0x0009 Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini Dcads Games Collection --> C:\Program Files\Dcads Games Collection\uninstall.exe Dual-Core Optimizer --> MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF} DVD Decrypter (Remove Only) --> 'C:\Program Files\DVD Decrypter\uninstall.exe' DVD Shrink 3.2 --> 'C:\Program Files\DVD Shrink\unins000.exe' Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f'C:\Program Files\Canon\Easy-WebPrint\Uninst.isu' eMule --> 'C:\Program Files\eMule\Uninstall.exe' Google Toolbar for Internet Explorer --> regsvr32 /u /s 'c:\program files\google\googletoolbar2.dll' High Definition Audio Driver Package - KB888111 --> 'C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe' Hijackthis 1.99.1 --> 'C:\Program Files\Hijackthis\unins000.exe' HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91} Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} K-Lite Codec Pack 3.1.5 Full --> 'C:\Program Files\K-Lite Codec Pack\unins000.exe' LimeWire PRO 4.12.3 --> 'C:\Program Files\LimeWire\uninstall.exe' Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9} Microsoft Publisher 2002 --> MsiExec.exe /I{90190409-6000-11D3-8CFE-0050048383C9} Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8} MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MySidesearch Search Assistant --> C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL Nokia Connectivity Cable Driver --> MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3} Nokia PC Connectivity Solution --> MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D} Nokia PC Suite --> MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375} NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI QuickBooks EasyStart: First Business 2007/08 --> C:\Program Files\Installshield Installation Information\{2b02f820-a9b9-458c-80e5-3ea8c0de8471}\QBReplace.exe {2b02f820-a9b9-458c-80e5-3ea8c0de8471}#{9058A930-BC63-4FA9-A35B-D74BE4054F40} QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335} Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup 'C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe' -l0x9 -removeonly ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184} Search Assistant Dcads --> C:\WINDOWS\system32\dcads_sidebar_uninstall.exe Socialnetworking Helper Dcads --> C:\WINDOWS\system32\DcadsSocial-uninstall.exe Spybot - Search & Destroy --> 'C:\Program Files\Spybot - Search & Destroy\unins001.exe' Spybot - Search & Destroy 1.5.2.20 --> 'C:\WINDOWS\unins000.exe' Spyware Doctor 5.0 --> C:\Program Files\Spyware Doctor\unins000.exe VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type5603 / Success Event Submitted/Written: 02/27/2008 02:49:03 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type5582 / Error Event Submitted/Written: 02/26/2008 05:13:11 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type5581 / Error Event Submitted/Written: 02/26/2008 05:12:36 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type5580 / Error Event Submitted/Written: 02/26/2008 04:12:56 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application launch~1.exe, version 6.81.61.4, faulting module rpcrt4.dll, version 5.1.2600.3173, fault address 0x0000b3d4. Processing media-specific event for [launch~1.exe!ws!] Event Record #/Type5558 / Success Event Submitted/Written: 02/26/2008 11:56:18 AM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type13487 / Warning Event Submitted/Written: 02/27/2008 02:17:21 PM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Event Record #/Type13484 / Warning Event Submitted/Written: 02/27/2008 02:03:36 PM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Event Record #/Type13461 / Warning Event Submitted/Written: 02/27/2008 01:40:12 PM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Event Record #/Type13460 / Warning Event Submitted/Written: 02/27/2008 01:26:28 PM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Event Record #/Type13435 / Warning Event Submitted/Written: 02/27/2008 00:14:13 PM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. -- End of Deckard's System Scanner: finished at 2008-02-27 15:06:03 ------------ main.txt : Deckard's System Scanner v20071014.68 Run by User on 2008-02-27 15:03:05 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 137: 2008-02-27 04:03:17 UTC - RP182 - Deckard's System Scanner Restore Point 136: 2008-02-27 02:41:59 UTC - RP181 - System Checkpoint 135: 2008-02-26 01:45:11 UTC - RP180 - System Checkpoint 134: 2008-02-24 10:44:20 UTC - RP179 - Software Distribution Service 3.0 133: 2008-02-24 10:05:45 UTC - RP178 - System Checkpoint -- First Restore Point -- 1: 2007-12-06 01:11:09 UTC - RP46 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as User.exe) ------------------------------------------------ Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-02-27 15:05:05 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Grisoft\AVG7\avgamsvr.exe C:\Program Files\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Documents and Settings\User\Desktop\dss.exe C:\Program Files\Hijackthis\User.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=42467 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: MySidesearch Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\mysidesearch_sidebar.dll O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32\nsf4F.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ZoneAlarm Client] 'C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe' O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [iTunesHelper] 'C:\Program Files\iTunes\iTunesHelper.exe' O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_01) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9406 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys R2 EIO - c:\windows\system32\drivers\eio.sys S3 autorun - c:\huadio.tmp (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - 'c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe' R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe R3 ServiceLayer - 'c:\program files\common files\pcsuite\services\servicelayer.exe' -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-02-22 22:04:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-01-27 and 2008-02-27 ----------------------------- 2008-02-22 21:31:43 691545 --a------ C:\WINDOWS\unins000.exe 2008-02-22 21:31:43 2537 --a------ C:\WINDOWS\unins000.dat 2008-02-18 19:12:57 0 d-------- C:\Program Files\AMT 2008-02-09 04:53:02 233472 --a------ C:\WINDOWS\system32\nsf4F.dll 2008-02-09 01:52:36 335872 --a------ C:\WINDOWS\system32\mysidesearch_sidebar.dll 2008-01-28 18:55:09 0 d-------- C:\Program Files\Windows Journal Viewer -- Find3M Report --------------------------------------------------------------- 2008-02-27 14:43:45 0 d-------- C:\Documents and Settings\User\Application Data\uTorrent 2008-02-27 11:32:01 209 --a------ C:\Documents and Settings\User\Application Data\urlredir.cfg 2008-02-24 18:49:29 0 d-------- C:\Documents and Settings\User\Application Data\AVG7 2008-02-23 18:37:38 0 d-------- C:\Documents and Settings\User\Application Data\LimeWire 2008-02-17 16:45:56 0 d-------- C:\Documents and Settings\User\Application Data\AdobeUM 2008-02-11 08:14:03 80112 --a------ C:\WINDOWS\system32\dcads-remove.exe 2008-02-09 19:22:03 84729 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe 2008-02-06 20:18:29 0 d-------- C:\Program Files\LimeWire 2008-01-25 15:01:01 46300 --a------ C:\WINDOWS\system32\DcadsSocial-uninstall.exe 2008-01-18 21:06:18 294912 --a------ C:\WINDOWS\system32\iebrowserc.dll 2008-01-02 16:03:21 77360 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe 2008-01-02 11:40:37 40731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe 2008-01-02 11:40:18 0 d-------- C:\Program Files\Dcads Games Collection 2007-12-28 15:16:56 0 d-------- C:\Program Files\iTunes 2007-12-28 15:16:48 0 d-------- C:\Program Files\iPod 2007-12-28 15:14:53 0 d-------- C:\Program Files\QuickTime 2007-12-28 15:13:14 0 d-------- C:\Program Files\Apple Software Update 2007-12-25 00:07:08 319488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll 2007-12-24 13:03:42 1714327 --a------ C:\Documents and Settings\User\Application Data\NMM-MetaData.db -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}] 09/02/2008 01:52 AM 335872 --a------ C:\WINDOWS\system32\mysidesearch_sidebar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D8282E6-BC4F-469B-AAED-7E4FF077AD93}] 18/01/2008 09:06 PM 294912 --a------ C:\WINDOWS\system32\iebrowserc.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{733716E1-76D2-4003-AC39-845281C0EF85}] 09/02/2008 04:53 AM 233472 --a------ C:\WINDOWS\system32\nsf4F.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'NvCplDaemon'='C:\WINDOWS\system32\NvCpl.dll' [14/12/2005 05:51 PM] 'ZoneAlarm Client'='C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe' [21/06/2007 10:54 PM] 'AVG7_CC'='C:\PROGRA~1\Grisoft\AVG7\avgcc.exe' [21/12/2007 04:49 PM] 'amd_dc_opt'='C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe' [17/11/2006 05:49 PM] 'PCSuiteTrayApplication'='C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe' [15/06/2006 12:36 PM] 'QuickTime Task'='C:\Program Files\QuickTime\qttask.exe' [11/12/2007 10:56 AM] 'iTunesHelper'='C:\Program Files\iTunes\iTunesHelper.exe' [11/12/2007 12:10 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ctfmon.exe'='C:\WINDOWS\system32\ctfmon.exe' [04/08/2004 11:00 PM] 'swg'='C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe' [26/08/2007 07:41 PM] 'PcSync'='C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe' [27/06/2006 04:21 PM] 'SpybotSD TeaTimer'='C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe' [28/01/2008 11:43 AM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] 'DisableRegistryTools'=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice' [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice' [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] 'C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe' [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] SkyTel.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 'C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe' -Embedding -boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 'C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe' -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 7966 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-02-27 15:06:03 ------------