Deckard's System Scanner v20071014.68 Run by Drew on 2008-05-02 16:19:13 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 9: 2008-05-02 06:40:46 UTC - RP127 - Windows Update 8: 2008-04-30 18:26:22 UTC - RP126 - Installed Ad-Aware 2007 7: 2008-04-30 18:13:18 UTC - RP125 - Installed Ad-Aware 2008 6: 2008-04-30 18:05:07 UTC - RP124 - Installed Ad-Aware 2008 5: 2008-04-30 07:00:49 UTC - RP123 - Windows Update -- First Restore Point -- 1: 2008-04-28 05:43:14 UTC - RP119 - Removed Stranglehold Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Drew.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:20:05 PM, on 5/2/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\tsnp2std.exe C:\Windows\vsnp2std.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\AIM6\aolsoftware.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Drew\Desktop\dss.exe C:\Windows\system32\conime.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Drew.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 8286 bytes -- File Associations ----------------------------------------------------------- [COLOR=red].ini - inifile - DefaultIcon - C:\Users\Drew\Documents\Icons\iVista\ICO\Files\Settings File.ico,0[/COLOR] [COLOR=red].js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2[/COLOR] [COLOR=red].reg - regfile - shell\open\command - regedit.exe "%1" %*[/COLOR] [COLOR=red].scr - scrfile - shell\open\command - "%1" %*[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 SNP2STD (USB2.0 PC Camera (SNP2STD)) - c:\windows\system32\drivers\snp2sxp.sys S3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-05-02 09:39:55 304 --a------ C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job -- Files created between 2008-04-02 and 2008-05-02 ----------------------------- 2008-05-16 23:06:13 0 d-------- C:\Windows\Panther 2008-05-16 22:12:07 0 d-------- C:\Windows\SoftwareDistribution 2008-05-16 22:10:24 0 d-------- C:\Windows\Debug 2008-05-16 22:07:23 0 d-------- C:\Windows\Prefetch 2008-05-16 20:46:38 0 d-------- C:\Users\All Users\NVIDIA 2008-05-16 20:40:35 0 d-------- C:\Program Files\Common Files\InstallShield 2008-05-16 20:39:50 0 d-------- C:\Windows\system32\Macromed 2008-05-16 20:36:35 0 d-------- C:\Program Files\Microsoft Silverlight 2008-05-16 20:36:29 0 d--hs---- C:\Windows\Installer 2008-05-16 20:35:16 0 dr------- C:\Users\Drew\Searches 2008-05-16 20:34:47 0 dr------- C:\Users\Drew\Contacts 2008-05-16 20:34:38 0 d--hs---- C:\Users\Drew\Templates 2008-05-16 20:34:38 0 d--hs---- C:\Users\Drew\Start Menu 2008-05-16 20:34:38 0 d--hs---- C:\Users\Drew\SendTo 2008-05-16 20:34:38 0 d--hs---- C:\Users\Drew\Recent 2008-05-16 20:34:38 0 d--hs---- C:\Users\Drew\PrintHood 2008-05-16 20:34:38 0 d--hs---- C:\Users\Drew\NetHood 2008-05-16 20:34:38 0 d--hs---- C:\Users\Drew\My Documents 2008-05-16 20:34:38 0 d--hs---- C:\Users\Drew\Local Settings 2008-05-16 20:34:38 0 d--hs---- C:\Users\Drew\Cookies 2008-05-16 20:34:38 0 d--hs---- C:\Users\Drew\Application Data 2008-05-16 20:34:34 0 dr------- C:\Users\Drew\Videos 2008-05-16 20:34:34 0 dr------- C:\Users\Drew\Saved Games 2008-05-16 20:34:34 0 dr------- C:\Users\Drew\Pictures 2008-05-16 20:34:34 0 dr------- C:\Users\Drew\Music 2008-05-16 20:34:34 0 dr------- C:\Users\Drew\Links 2008-05-16 20:34:34 0 dr------- C:\Users\Drew\Favorites 2008-05-16 20:34:34 0 dr------- C:\Users\Drew\Downloads 2008-05-16 20:34:34 0 dr------- C:\Users\Drew\Documents 2008-05-16 20:34:34 0 dr------- C:\Users\Drew\Desktop 2008-05-16 20:34:34 0 d--h----- C:\Users\Drew\AppData 2008-05-16 20:34:33 3932160 --ahs---- C:\Users\Drew\NTUSER.DAT 2008-05-16 13:49:05 0 d--hs---- C:\Boot 2008-05-02 15:05:36 0 d-------- C:\Program Files\Trend Micro 2008-05-01 22:54:21 0 d-------- C:\Program Files\Panda Security 2008-04-30 13:27:58 0 d-------- C:\Program Files\Lavasoft 2008-04-30 13:21:59 0 --a------ C:\Windows\nsreg.dat 2008-04-30 13:21:59 0 d-a------ C:\Users\All Users\TEMP 2008-04-30 13:21:59 2 -rahs---- C:\$drvmig$ 2008-04-30 11:38:53 0 d-------- C:\Users\Drew\Incomplete 2008-04-29 17:56:47 0 d-------- C:\Users\All Users\Malwarebytes 2008-04-29 17:56:47 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-29 00:41:38 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-04-29 00:41:21 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-04-29 00:40:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-28 23:53:01 0 d-------- C:\Program Files\CCleaner 2008-04-27 11:59:49 0 d-------- C:\Users\All Users\Lavasoft 2008-04-26 21:07:16 0 d-------- C:\Program Files\Aspyr 2008-04-11 23:03:31 0 d-------- C:\Users\All Users\FLEXnet 2008-04-11 22:32:42 0 d-------- C:\Users\All Users\Adobe 2008-04-11 22:25:14 0 d-------- C:\Program Files\Common Files\Macrovision Shared 2008-04-11 17:41:34 40713 --a------ C:\Windows\system32\cpmsky-uninst.exe 2008-04-11 17:41:34 80121 --a------ C:\Windows\system32\adzgalore-remove.exe 2008-04-11 17:33:43 0 d-------- C:\Program Files\Common Files\Macromedia 2008-04-11 17:18:34 0 d-------- C:\Users\Drew\Shared 2008-04-11 17:16:00 0 d-------- C:\Program Files\Java 2008-04-11 17:15:46 0 d-------- C:\Program Files\Common Files\Java 2008-04-11 17:14:13 0 d-------- C:\Program Files\FrostWire 2008-04-09 22:26:36 0 d-------- C:\Users\All Users\Ubisoft 2008-04-07 23:54:40 0 d-------- C:\Program Files\iPod 2008-04-07 23:52:41 0 d-------- C:\Program Files\QuickTime -- Find3M Report --------------------------------------------------------------- 2008-05-16 20:41:40 0 d-------- C:\Users\Drew\AppData\Roaming\Mozilla 2008-05-16 20:34:56 0 d-------- C:\Users\Drew\AppData\Roaming\Identities 2008-05-02 04:00:05 0 d-------- C:\Users\Drew\AppData\Roaming\AVG7 2008-04-30 13:20:49 0 d-------- C:\Users\Drew\AppData\Roaming\Download Manager 2008-04-30 11:43:57 0 d-------- C:\Users\Drew\AppData\Roaming\uTorrent 2008-04-29 20:15:43 0 d-------- C:\Users\Drew\AppData\Roaming\dvdcss 2008-04-29 17:56:52 0 d-------- C:\Users\Drew\AppData\Roaming\Malwarebytes 2008-04-29 00:41:21 0 d-------- C:\Users\Drew\AppData\Roaming\SUPERAntiSpyware.com 2008-04-29 00:40:56 0 d-------- C:\Program Files\Common Files 2008-04-28 22:09:47 580 --a------ C:\Users\Drew\AppData\Roaming\AutoGK.ini 2008-04-28 00:43:54 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-28 00:36:34 0 d-------- C:\Program Files\Elaborate Bytes 2008-04-26 15:49:17 0 d-------- C:\Program Files\Steam 2008-04-22 18:27:17 0 d-------- C:\Users\Drew\AppData\Roaming\Bioshock 2008-04-14 23:22:06 0 d-------- C:\Users\Drew\AppData\Roaming\Adobe 2008-04-14 16:41:12 0 d-------- C:\Users\Drew\AppData\Roaming\FrostWire 2008-04-11 23:16:00 0 d-------- C:\Program Files\Common Files\Adobe 2008-04-11 21:53:57 0 d-------- C:\Users\Drew\AppData\Roaming\Macromedia 2008-04-11 17:33:43 0 d-------- C:\Program Files\Macromedia 2008-04-09 22:27:39 0 d-------- C:\Users\Drew\AppData\Roaming\Ubisoft 2008-04-09 03:11:04 0 d-------- C:\Program Files\Windows Mail 2008-04-07 23:54:47 0 d-------- C:\Program Files\iTunes 2008-04-07 22:29:33 0 d-------- C:\Program Files\Common Files\Ahead 2008-04-03 11:42:47 0 d-------- C:\Program Files\Common Files\Steam 2008-03-28 19:56:34 0 d-------- C:\Program Files\Common Files\snp2std 2008-03-27 22:19:21 0 d-------- C:\Program Files\Audacity 2008-03-24 22:33:42 669184 --a------ C:\Windows\system32\pbsvc.exe 2008-03-24 22:19:07 0 d-------- C:\Program Files\Electronic Arts 2008-03-19 13:06:39 0 d-------- C:\Users\Drew\AppData\Roaming\Elaborate Bytes 2008-03-18 23:46:43 0 d-------- C:\Program Files\uTorrent 2008-03-18 23:35:10 0 dr-h----- C:\Users\Drew\AppData\Roaming\SecuROM 2008-03-18 22:57:42 0 d-------- C:\Program Files\2K Games 2008-03-18 22:51:52 0 d-------- C:\Program Files\DAEMON Tools Lite 2008-03-18 22:51:49 0 d-------- C:\Users\Drew\AppData\Roaming\DAEMON Tools 2008-03-18 18:27:00 0 d-------- C:\Program Files\Foxit Software 2008-03-16 22:37:13 0 d-------- C:\Program Files\Activision 2008-03-16 21:57:12 233472 --a------ C:\Windows\system32\wrap_oal.dll 2008-03-16 21:53:24 174 --ahs---- C:\Program Files\desktop.ini 2008-03-16 21:48:48 0 d-------- C:\Program Files\Windows Calendar 2008-03-16 21:48:38 0 d-------- C:\Program Files\Windows Defender 2008-03-16 21:48:27 0 d-------- C:\Program Files\Windows Sidebar 2008-03-16 21:40:21 0 d-------- C:\Program Files\Common Files\LightScribe 2008-03-16 21:36:45 0 d-------- C:\Program Files\Nero 2008-03-16 21:17:01 0 d-------- C:\Program Files\Microsoft Works 2008-03-16 21:16:37 0 d-------- C:\Program Files\MSBuild 2008-03-16 21:14:14 0 d-------- C:\Program Files\Microsoft.NET 2008-03-16 21:11:20 0 d-------- C:\Program Files\Microsoft Visual Studio 8 2008-03-16 21:02:29 0 d-------- C:\Users\Drew\AppData\Roaming\Apple Computer 2008-03-16 21:01:53 0 d-------- C:\Program Files\Bonjour 2008-03-16 21:00:43 0 d-------- C:\Program Files\Apple Software Update 2008-03-16 21:00:11 0 d-------- C:\Program Files\Common Files\Apple 2008-03-16 20:51:11 0 d-------- C:\Program Files\AutoGK 2008-03-16 20:51:10 43698 --a------ C:\Windows\system32\xvid-uninstall.exe 2008-03-16 20:50:39 0 d-------- C:\Program Files\AviSynth 2.5 2008-03-16 20:50:32 0 d-------- C:\Program Files\Gabest 2008-03-16 20:48:56 0 d-------- C:\Program Files\DVD Decrypter 2008-03-16 20:46:36 0 d-------- C:\Users\Drew\AppData\Roaming\vlc 2008-03-16 20:46:18 0 d-------- C:\Program Files\VideoLAN 2008-03-16 20:45:54 0 d-------- C:\Program Files\Windows Live 2008-03-16 20:45:38 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-16 20:44:05 0 d-------- C:\Users\Drew\AppData\Roaming\acccore 2008-03-16 20:43:47 0 d-------- C:\Program Files\AIM6 2008-03-16 20:43:41 0 d-------- C:\Program Files\Viewpoint 2008-03-16 20:43:18 0 d-------- C:\Program Files\Common Files\AOL 2008-03-16 20:41:56 0 d-------- C:\Users\Drew\AppData\Roaming\Logitech 2008-03-16 20:40:05 0 d-------- C:\Program Files\Common Files\Logishrd 2008-03-16 20:39:47 0 d-------- C:\Program Files\Logitech 2008-03-16 20:39:45 0 d-------- C:\Users\Drew\AppData\Roaming\InstallShield 2008-03-16 20:28:46 0 d-------- C:\Program Files\Common Files\Stardock 2008-03-16 20:26:27 0 d-------- C:\Program Files\Stardock 2008-03-16 20:25:56 18420224 --a------ C:\Windows\system32\imageres.dll 2008-03-16 20:19:16 0 d-------- C:\Users\Drew\AppData\Roaming\WinRAR 2008-03-16 20:13:03 240640 --a------ C:\Windows\system32\uxtheme.dll 2008-03-16 20:13:03 615424 --a------ C:\Windows\system32\themeui.dll 2008-03-16 20:10:25 0 d-------- C:\Program Files\CodeGazer -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/16/2008 09:36 PM] "NvSvc"="C:\Windows\system32\nvsvc.dll" [12/11/2007 05:06 PM] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [12/11/2007 05:06 PM] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [12/11/2007 05:06 PM] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/15/2008 09:44 AM] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11/29/2007 02:17 AM C:\Windows\KHALMNPR.Exe] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM] "tsnp2std"="C:\Windows\tsnp2std.exe" [06/19/2006 01:37 PM] "snp2std"="C:\Windows\vsnp2std.exe" [05/15/2006 03:52 PM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [03/16/2008 09:24 PM] "Aim6"="C:\Program Files\AIM6\aim6.exe" [03/06/2008 03:50 PM] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [07/04/2007 02:01 PM] C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [3/16/2008 8:26:28 PM] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [3/16/2008 8:39:55 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 03/16/2008 08:28 PM 9216 C:\Windows\System32\avgwlntf.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 8325 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-05-02 16:21:13 ------------