Deckard's System Scanner v20071014.68 Run by jesse wool on 2008-04-15 12:38:47 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 52: 2008-04-15 16:38:58 UTC - RP52 - Deckard's System Scanner Restore Point 51: 2008-04-15 14:55:19 UTC - RP51 - Installed SUPERAntiSpyware Free Edition 50: 2008-04-15 13:16:26 UTC - RP50 - Installed AVG 7.5 49: 2008-04-15 08:39:15 UTC - RP49 - Installed Windows Media Player 10 KB917734_WMP10. 48: 2008-04-15 08:38:17 UTC - RP48 - Installed Windows XP KB899587. -- First Restore Point -- 1: 2008-04-14 16:26:12 UTC - RP1 - Removed AVG 7.5 Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-04-15 12:40:57 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG7\avgamsvr.exe C:\Program Files\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe C:\WINDOWS\explorer.exe C:\WINDOWS\winself.exe C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe C:\Program Files\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\winsysxz.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Rosetta Stone\SMS v3.1.0hs\wrapper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\java.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\All Users\Application Data\wdkbqdwn\wvezedol.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\jesse wool\Desktop\dss.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wscntfy.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/en-us/srchasst/srchasst.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R3 - Default URLSearchHook is missing F0 - win.ini: load=C:\WINDOWS\system32\vtsqq.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, F3 - REG:win.ini: Load=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: (no name) - {c5af49a2-94f3-42bd-f434-2604812c897d} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll O3 - Toolbar: (no name) - {41B15C1C-2C15-49E4-B6A4-C940F885290E} - (no file) O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe O4 - HKLM\..\Policies\Explorer\Run: [cKHI1O14Xz] C:\Documents and Settings\All Users\Application Data\wdkbqdwn\wvezedol.exe O4 - HKLM\..\Policies\Explorer\Run: [3RDhGzmOOi] C:\Documents and Settings\All Users\Application Data\wdkbqdwn\wvezedol.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [jdgf894jrghoiiskd] C:\WINDOWS\TEMP\winlogan.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Jnskdfmf9eldfd] C:\WINDOWS\TEMP\csrssc.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [jdgf894jrghoiiskd] C:\WINDOWS\TEMP\winlogan.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Jnskdfmf9eldfd] C:\WINDOWS\TEMP\csrssc.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: Wireless Connection Manager Update.lnk = C:\Program Files\Novatel Wireless\WirelessConnectionManager\WiseUpdt.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing) O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Filter: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - AppInit_DLLs: iSecurity.cpl O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: awtqnkhe - C:\WINDOWS\system32\awtqnkhe.dll (file missing) O20 - Winlogon Notify: efccbba - C:\WINDOWS\system32\efccbba.dll (file missing) O20 - Winlogon Notify: mljhiji - C:\WINDOWS\system32\mljhiji.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: KernelPrx - {d1f822ca-1c3a-4a6d-a27b-5e6efe4fb1c9} - C:\WINDOWS\Installer\{d1f822ca-1c3a-4a6d-a27b-5e6efe4fb1c9}\KernelPrx.dll (file missing) O21 - SSODL: VwuteM - {3CCD5AFF-9667-F055-8394-A32E67FCB051} - (no file) O21 - SSODL: pmsoarbf - {7E911AFC-2226-4BF7-A787-90177E86C184} - (no file) O21 - SSODL: omlbpkaw - {329ABE1D-3A7A-4BEB-8991-8C7FF852F728} - (no file) O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - (no file) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (avg7alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (avg7updsvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (avgems) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSSysInterv (mssysinterv1) - Unknown owner - C:\WINDOWS\winself.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Plug and Play (RPC) (plugplayrpc) - Unknown owner - C:\WINDOWS\winsysxz.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe O23 - Service: SMS_v3_1_0 - Unknown owner - C:\Program Files\Rosetta Stone\SMS v3.1.0hs\wrapper.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- End of file - 12554 bytes -- File Associations ----------------------------------------------------------- [COLOR=red].scr - scrfile - shell\open\command - "%1" %*[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 APPDRV - c:\windows\system32\drivers\appdrv.sys R1 nwlnknbb - c:\windows\system32\drivers\nwlnknbb.sys R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys R1 sasdifsv - c:\program files\superantispyware\sasdifsv.sys R1 saskutil - c:\program files\superantispyware\saskutil.sys R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys R2 SprintPort (SprintPort Serial Driver) - c:\program files\novatel wireless\sprintport\winport.sys R3 sasenum - c:\program files\superantispyware\sasenum.sys R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys S1 Tosrfcom - c:\windows\system32\drivers\tosrfcom.sys S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" R2 mssysinterv1 (MSSysInterv) - c:\windows\winself.exe service R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe R2 plugplayrpc (Plug and Play (RPC)) - c:\windows\winsysxz.exe service R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe R2 SMS_v3_1_0 - "c:\program files\rosetta stone\sms v3.1.0hs\wrapper.exe" -s "c:\program files\rosetta stone\sms v3.1.0hs\service\wrapper.conf" R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe S2 ICF - c:\windows\system32\svchost.exe:exe.exe (file missing) S2 Schedule (Task Scheduler) - c:\windows\system32\drivers\spools.exe (file missing) -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394 Net Adapter Device ID: V1394\NIC1394\2DA54501344FC000 Manufacturer: Microsoft Name: 1394 Net Adapter PNP Device ID: V1394\NIC1394\2DA54501344FC000 Service: NIC1394 -- Scheduled Tasks ------------------------------------------------------------- 2008-03-25 19:31:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2007-01-26 07:59:27 352 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1161214978.job -- Files created between 2008-03-15 and 2008-04-15 ----------------------------- 2008-04-15 12:36:26 0 dr-h----- C:\Documents and Settings\jesse wool\Recent 2008-04-15 10:55:36 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-04-15 10:55:21 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-04-15 10:55:21 0 d-------- C:\Documents and Settings\jesse wool\Application Data\SUPERAntiSpyware.com 2008-04-15 09:17:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-15 08:26:34 0 d-------- C:\WINDOWS\system32\spool 2008-04-15 02:08:36 0 d-------- C:\Program Files\cjb 2008-04-14 17:07:00 0 d-------- C:\Documents and Settings\jesse wool\Application Data\TmpRecentIcons 2008-04-14 16:38:47 0 d-------- C:\WINDOWS\ServicePackFiles 2008-04-14 15:24:50 0 d-------- C:\Documents and Settings\All Users\Application Data\wdkbqdwn 2008-04-14 15:23:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia 2008-04-14 15:23:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe 2008-04-14 14:27:34 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Macromedia 2008-04-14 14:26:27 0 d---s---- C:\Documents and Settings\ADMIN\UserData 2008-04-14 14:25:53 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Adobe 2008-04-14 14:23:44 0 d--hs---- C:\Documents and Settings\ADMIN\Application Data\wsnpoem 2008-04-14 14:20:36 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Identities 2008-04-14 14:20:36 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Gtek 2008-04-14 14:20:35 0 d--h----- C:\Documents and Settings\ADMIN\Templates 2008-04-14 14:20:35 0 dr------- C:\Documents and Settings\ADMIN\Start Menu 2008-04-14 14:20:35 0 dr-h----- C:\Documents and Settings\ADMIN\SendTo 2008-04-14 14:20:35 0 dr-h----- C:\Documents and Settings\ADMIN\Recent 2008-04-14 14:20:35 0 d--h----- C:\Documents and Settings\ADMIN\PrintHood 2008-04-14 14:20:35 786432 --ah----- C:\Documents and Settings\ADMIN\NTUSER.DAT 2008-04-14 14:20:35 0 d--h----- C:\Documents and Settings\ADMIN\NetHood 2008-04-14 14:20:35 0 dr------- C:\Documents and Settings\ADMIN\My Documents 2008-04-14 14:20:35 0 d--h----- C:\Documents and Settings\ADMIN\Local Settings 2008-04-14 14:20:35 0 dr------- C:\Documents and Settings\ADMIN\Favorites 2008-04-14 14:20:35 0 dr------- C:\Documents and Settings\ADMIN\Desktop 2008-04-14 14:20:35 0 d---s---- C:\Documents and Settings\ADMIN\Cookies 2008-04-14 14:20:35 0 dr-h----- C:\Documents and Settings\ADMIN\Application Data 2008-04-14 14:20:35 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Sun 2008-04-14 14:20:35 0 d---s---- C:\Documents and Settings\ADMIN\Application Data\Microsoft 2008-04-14 14:20:35 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Jasc Software Inc 2008-04-14 14:20:35 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Intel 2008-04-14 14:16:42 0 d-------- C:\WINDOWS\system32\bits 2008-04-14 13:45:08 96320 --a------ C:\WINDOWS\system32\ucifuqwh.dll 2008-04-14 12:37:23 0 d-------- C:\Program Files\??sks 2008-04-14 12:04:35 0 d--h----- C:\WINDOWS\system32\GroupPolicy 2008-04-14 11:31:54 0 d-------- C:\Program Files\iSecurity 2008-04-14 11:31:39 346112 --a------ C:\WINDOWS\system32\ssqomnm.dll 2008-04-14 11:31:31 0 d-------- C:\Program Files\IE Extensions 2008-04-14 11:30:30 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-14 11:30:11 0 d-------- C:\WINDOWS\system32\403445 2008-04-14 11:29:55 2 --a------ C:\1020091134 2008-04-14 11:29:51 55218 --a------ C:\WINDOWS\qaszpurn.sys 2008-04-14 11:29:50 61952 --a------ C:\icjamlp.exe 2008-04-14 11:29:28 28160 --a------ C:\WINDOWS\winself.exe 2008-04-14 11:29:27 35336 --a------ C:\WINDOWS\antispl.exe 2008-04-14 11:29:22 55808 --a------ C:\WINDOWS\winsysxz.exe 2008-04-14 11:08:05 0 d-------- C:\WINDOWS\system32\4847 2008-04-14 10:49:17 24576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe 2008-04-10 15:47:16 0 d-------- C:\WINDOWS\system32\3541 2008-04-10 15:46:55 55218 --a------ C:\WINDOWS\zeqbqwp.sys 2008-04-10 15:46:45 25088 --a------ C:\WINDOWS\gavurjjf.exe 2008-04-10 15:46:45 1086376 --a------ C:\Documents and Settings\jesse wool\Application Data\Install.dat 2008-04-10 15:46:44 25088 --a------ C:\gavurjjf.exe 2008-04-10 15:43:43 31 --a------ C:\smp.bat 2008-04-10 15:42:49 0 d-------- C:\Documents and Settings\jesse wool\Application Data\Anti-Virus-Pro.com 2008-04-10 15:42:43 0 d-------- C:\Program Files\AntiVirusPro 2008-04-10 12:33:10 0 d-------- C:\Documents and Settings\jesse wool\Application Data\Viewpoint 2008-03-28 12:44:06 0 d-------- C:\Program Files\Bonjour 2008-03-28 11:41:51 173563 --a------ C:\WINDOWS\system32\msram.dll -- Find3M Report --------------------------------------------------------------- 2008-04-15 10:54:01 0 d-------- C:\Program Files\QuickTime 2008-04-15 10:53:56 0 d-------- C:\Program Files\Common Files 2008-04-15 10:53:45 0 d-------- C:\Program Files\iTunes 2008-04-15 10:53:44 0 d-------- C:\Program Files\??sks 2008-04-15 10:53:44 0 d-------- C:\Program Files\?ecurity 2008-04-15 09:52:37 0 d-------- C:\Documents and Settings\jesse wool\Application Data\AVG7 2008-04-15 09:34:58 280204 --ahs---- C:\WINDOWS\system32\qqstv.ini2 2008-04-15 08:00:24 0 d-------- C:\Program Files\Dell Support 2008-04-14 16:37:51 0 d-------- C:\Program Files\Movie Maker 2008-04-14 16:37:35 0 d-------- C:\Program Files\Windows NT 2008-04-14 16:34:28 23268 --a------ C:\WINDOWS\system32\nvModes.dat 2008-04-14 15:50:07 0 d-------- C:\Documents and Settings\jesse wool\Application Data\Starware316 2008-04-14 12:22:54 0 d--h----- C:\Program Files\WindowsUpdate 2008-04-14 11:45:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-14 10:41:35 23428 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-03-28 12:56:49 0 d-------- C:\Documents and Settings\jesse wool\Application Data\Apple Computer 2008-03-26 10:25:14 0 d-------- C:\Program Files\WB06D2SE 2008-02-23 11:18:26 513 --a------ C:\logfile.dat 2008-02-23 11:00:04 0 d-------- C:\Program Files\DIFX 2008-02-23 10:58:46 0 d-------- C:\Program Files\LeapFrog -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af49a2-94f3-42bd-f434-2604812c897d}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "@"="" [] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/15/2008 09:17 AM] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/20/2005 04:34 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 12:39 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe "jdgf894jrghoiiskd"=C:\WINDOWS\TEMP\winlogan.exe "Jnskdfmf9eldfd"=C:\WINDOWS\TEMP\csrssc.exe C:\Documents and Settings\jesse wool\Start Menu\Programs\Startup\ Wireless Connection Manager Update.lnk - C:\Program Files\Novatel Wireless\WirelessConnectionManager\WiseUpdt.exe [10/30/2005 2:20:20 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [9/26/2005 3:38:19 PM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=0 (0x0) "Wallpaper"=C:\WINDOWS\desktop.html [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "start"=C:\Program Files\NetProject\sbmntr.exe "cKHI1O14Xz"=C:\Documents and Settings\All Users\Application Data\wdkbqdwn\wvezedol.exe "3RDhGzmOOi"=C:\Documents and Settings\All Users\Application Data\wdkbqdwn\wvezedol.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktop"=0 (0x0) "ForceActiveDesktopOn"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoFolderOptions"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "KernelPrx"= {d1f822ca-1c3a-4a6d-a27b-5e6efe4fb1c9} - C:\WINDOWS\Installer\{d1f822ca-1c3a-4a6d-a27b-5e6efe4fb1c9}\KernelPrx.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 12:39 PM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqnkhe] awtqnkhe.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbba] efccbba.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 05:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhiji] mljhiji.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=iSecurity.cpl [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtsqq [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533c5b84-ec70-11d2-9505-00c04f79deaf}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3ccd5a51] rundll32.exe "C:\WINDOWS\System32\ugtjhtao.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bm3ffe69cd] Rundll32.exe "C:\WINDOWS\System32\ucifuqwh.dll",s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drivesystem] C:\WINDOWS\System32\maxpaynowti1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\myspaceim] C:\Program Files\MySpace\IM\MySpaceIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntuser] C:\WINDOWS\system32\drivers\spools.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcpldaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /installquiet [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet -- End of Deckard's System Scanner: finished at 2008-04-15 12:41:38 ------------