Deckard's System Scanner v20071014.68 Run by SEverett on 2008-03-23 23:23:50 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 39: 2008-03-23 23:23:57 UTC - RP627 - Deckard's System Scanner Restore Point 38: 2008-03-23 23:07:21 UTC - RP626 - 23march 37: 2008-03-23 12:36:54 UTC - RP625 - Restore Operation 36: 2008-03-23 11:57:08 UTC - RP624 - Installed DirectX 35: 2008-03-23 11:44:31 UTC - RP623 - Restore Operation -- First Restore Point -- 1: 2008-02-17 12:51:49 UTC - RP589 - Installed Tom Clancy's Rainbow Six Vegas Backed up registry hives. Performed disk cleanup. -- HijackThis (run as SEverett.exe) -------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:27:33, on 23/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe C:\Program Files\MagicTune Premium\MagicTuneEngine.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\Mixer.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Saitek\Software\ProfilerU.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\MarkAny\ContentSafer\MAAgent.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\USB Disk Win98 Driver\Res.EXE C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe C:\Program Files\Aqua Dock\Aqua Dock.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SEC\Natural Color Pro\NCProTray.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\SEverett\My Documents\My Received Files\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\SEverett.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1391FD63-1B87-4E25-8759-BA05AAE5DA2F} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Aqua Dock] C:\Program Files\Aqua Dock\Aqua Dock.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: GammaTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NCProTray.lnk = ? O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {D27CDC6B-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0481151D-9022-4B2F-8B18-231FDC3ACF4F}: NameServer = 195.92.195.94 195.92.195.95 O17 - HKLM\System\CS1\Services\Tcpip\..\{0481151D-9022-4B2F-8B18-231FDC3ACF4F}: NameServer = 195.92.195.95 195.92.195.94 O17 - HKLM\System\CS2\Services\Tcpip\..\{0481151D-9022-4B2F-8B18-231FDC3ACF4F}: NameServer = 195.92.195.94 195.92.195.95 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - F:\Program Files\Ares\chatServer.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 11991 bytes -- File Associations ----------------------------------------------------------- [COLOR=red].bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71[/COLOR] [COLOR=red].hlp - hlpfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,23[/COLOR] [COLOR=red].inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69[/COLOR] [COLOR=red].ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69[/COLOR] [COLOR=red].js - JSFile - DefaultIcon - unable to read value[/COLOR] [COLOR=red].js - JSFile - shell\open\command - unable to read value[/COLOR] [COLOR=red].reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1[/COLOR] [COLOR=red].txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-152[/COLOR] [COLOR=red].vbs - VBSFile - DefaultIcon - C:\WINDOWS\system32\WScript.exe,2[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 BsStor (InCD Storage Helper Driver) - c:\windows\system32\drivers\bsstor.sys R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys R0 sfsync04 (StarForce Protection Synchronization Driver (version 4.x)) - c:\windows\system32\drivers\sfsync04.sys R1 NCPro - c:\windows\system32\drivers\mtictwl.sys R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys R3 SaiMini - c:\windows\system32\drivers\saimini.sys R3 SaiNtBus - c:\windows\system32\drivers\saibus.sys S0 szkg - c:\windows\system32\drivers\szkg.sys (file missing) S3 cmpci (C-Media PCI Audio Driver (WDM)) - c:\windows\system32\drivers\cmaudio.sys S3 cmuda (C-Media WDM Audio Interface) - c:\windows\system32\drivers\cmuda.sys S3 ewdmaudn - c:\docume~1\severett\locals~1\temp\ewdmaudn.sys (file missing) S3 MagicTune - c:\windows\system32\drivers\mtictwl.sys S3 NPF (Netgroup Packet Filter) - c:\windows\system32\drivers\npf.sys S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing) S3 SASENUM - c:\program files\superantispyware\sasenum.sys S3 SE27bus (Sony Ericsson Device 039 Driver driver (WDM)) - c:\windows\system32\drivers\se27bus.sys S3 SE27mdfl (Sony Ericsson Device 039 USB WMC Modem Filter) - c:\windows\system32\drivers\se27mdfl.sys S3 SE27mdm (Sony Ericsson Device 039 USB WMC Modem Driver) - c:\windows\system32\drivers\se27mdm.sys S3 SE27mgmt (Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\se27mgmt.sys S3 se27nd5 (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)) - c:\windows\system32\drivers\se27nd5.sys S3 SE27obex (Sony Ericsson Device 039 USB WMC OBEX Interface) - c:\windows\system32\drivers\se27obex.sys S3 se27unic (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)) - c:\windows\system32\drivers\se27unic.sys S4 BsUDF (InCD UDF Driver) - c:\windows\system32\drivers\bsudf.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Diskeeper - "c:\program files\executive software\diskeeper\dkservice.exe" R2 EpsonBidirectionalService - c:\program files\common files\epson\eebapi\eebsvc.exe R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\eebapi\sagent2.exe R2 MagicTuneEngine - c:\program files\magictune premium\magictuneengine.exe S3 AresChatServer (Ares Chatroom server) - f:\program files\ares\chatserver.exe -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-03-23 23:11:00 260 --a----c- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job 2008-03-23 12:39:35 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job 2008-03-22 18:35:01 284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2008-03-18 18:00:00 412 --a----c- C:\WINDOWS\Tasks\Pareto UNS.job 2006-12-17 18:32:59 306 --a----c- C:\WINDOWS\Tasks\XoftSpy.job -- Files created between 2008-02-23 and 2008-03-23 ----------------------------- 2008-03-23 23:27:16 0 d-------- C:\Program Files\Trend Micro 2008-03-23 12:22:06 159319 --a------ C:\WINDOWS\Imperium Romanum Uninstaller.exe 2008-03-22 22:10:49 0 d-------- C:\Documents and Settings\SEverett\Application Data\Imperium Romanum 2008-03-22 20:58:40 0 d-------- C:\Program Files\DAEMON Tools Lite 2008-03-08 16:16:07 0 d-------- C:\Documents and Settings\SEverett\Application Data\DAEMON Tools Pro 2008-03-08 12:12:08 0 d-------- C:\Program Files\ProtectDisc Driver Installer 2008-03-05 21:26:29 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-03-05 21:26:20 0 d-------- C:\Documents and Settings\SEverett\Application Data\DAEMON Tools -- Find3M Report --------------------------------------------------------------- 2008-03-23 17:07:56 0 d-------- C:\Documents and Settings\SEverett\Application Data\uTorrent 2008-03-22 21:00:55 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-03-16 10:01:39 0 d-------- C:\Documents and Settings\SEverett\Application Data\MyPhoneExplorer 2008-03-13 18:49:41 0 d-------- C:\Program Files\LIVEUPDATE 2008-03-05 21:07:08 0 d-------- C:\Program Files\Java 2008-02-19 18:31:15 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2008-02-16 13:31:36 0 d-------- C:\Program Files\FS2002 2008-02-10 12:14:27 0 d-------- C:\Documents and Settings\SEverett\Application Data\Adobe 2008-02-08 19:23:16 0 d-------- C:\Program Files\Common Files\Adobe 2008-02-02 19:43:01 0 d-------- C:\Program Files\X Plugin Manager 2008-01-18 18:19:23 71064 --a----c- C:\Documents and Settings\SEverett\Application Data\GDIPFONTCACHEV1.DAT 2008-01-07 22:01:10 5 --a----c- C:\WINDOWS\system32\SySVid.dat 2008-01-07 21:59:20 3082 --a----c- C:\WINDOWS\system32\affv11300p4now.sys -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1391FD63-1B87-4E25-8759-BA05AAE5DA2F}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86C510E9-97EF-4749-914F-0280247BE3A6}] C:\WINDOWS\VirtualDNS.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [24/01/2008 18:02] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [31/10/2003 18:42] "C-Media Mixer"="Mixer.exe" [12/07/2002 16:33 C:\WINDOWS\mixer.exe] "DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [04/10/2004 19:53] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50] "DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [07/06/2005 10:31] "Profiler"="C:\Program Files\Saitek\Software\ProfilerU.exe" [18/10/2005 13:34] "SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [03/11/2005 10:09] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 18:20] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [19/04/2007 12:26] "nwiz"="nwiz.exe" [19/04/2007 12:26 C:\WINDOWS\system32\nwiz.exe] "MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [31/01/2007 06:16] "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [14/09/2005 19:44] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [19/04/2007 12:26] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25] "Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [26/04/2007 15:54] "Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [26/04/2007 16:22] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 05:24] "Openwares LiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" [13/12/2003 17:17] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16] "Aqua Dock"="C:\Program Files\Aqua Dock\Aqua Dock.exe" [01/11/2003 12:58] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:00] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [03/02/2004 21:42] "STManager"="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" [16/10/2003 13:25] "PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [17/03/2005 11:10] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/04/2007 11:26] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [21/03/2008 08:30] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe [30/10/2007 19:12:06] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 00:01:04] NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [30/10/2007 19:10:49] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [05/02/2007 14:40:46] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSaveSettings"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [18/01/2007 18:32 77824] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/02/2007 14:39 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 27/04/2007 17:15 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 31/01/2005 14:13 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^SEverett^Start Menu^Programs^Startup^Adobe Gamma.lnk] backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^SEverett^Start Menu^Programs^Startup^ubisoft register.lnk] backup=C:\WINDOWS\pss\ubisoft register.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Miro] C:\Program Files\Participatory Culture Foundation\Miro\Miro.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "F:\Program Files\Steam\Steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] "f:\Program Files\TomTom HOME 2\HOMERunner.exe" -s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dd57143-a068-11d8-9ed6-806d6172696f}] AutoRun\command- E:\bob2.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61e5f684-0498-11db-b372-806d6172696f}] AutoRun\command- E:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7360007d-a533-11da-9f94-806d6172696f}] AutoRun\command- D:\Autorun.exe -- Hosts ----------------------------------------------------------------------- 127.0.0.1 localhost #***Inserted By STOPzilla*** 127.0.0.1 localmachine # ***Inserted By STOPzilla*** 127.0.0.1 2005-search.com # ***Inserted By STOPzilla*** 127.0.0.1 600pics.com # ***Inserted By STOPzilla*** 127.0.0.1 a1.interclick.com # ***Inserted By STOPzilla*** 127.0.0.1 absolutepics.net # ***Inserted By STOPzilla*** 127.0.0.1 ad.yieldmanager.com # ***Inserted By STOPzilla*** 127.0.0.1 alex.fileburst.com # ***Inserted By STOPzilla*** 127.0.0.1 all-tgp.org # ***Inserted By STOPzilla*** 127.0.0.1 all-websearch.com # ***Inserted By STOPzilla*** 12 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-03-23 23:28:22 ------------