Deckard's System Scanner v20071014.68 Run by ANDREW on 2008-05-10 09:31:55 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 2 Restore Point(s) -- 2: 2008-05-10 13:32:04 UTC - RP302 - Deckard's System Scanner Restore Point 1: 2008-05-10 03:38:43 UTC - RP301 - System Checkpoint Backed up registry hives. Performed disk cleanup. [color=red]System Drive C: has 0.86 GiB (less than 15%) free.[/color] -- HijackThis (run as ANDREW.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:34:07 AM, on 5/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsCtrls.EXE C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PSHOST.EXE C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe C:\WINDOWS\system32\RegSrvc.exe C:\WINDOWS\System32\SnoopFreeSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\1XConfig.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE C:\WINDOWS\SnoopFreeUI.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\V0350Mon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\ANDREW\Desktop\dss.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AvTask.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\ANDREW.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\avciman.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimreal.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191106967211 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsCtrls.EXE O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 10551 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080404-003355-109 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) backup-20080404-003355-225 O2 - BHO: adzgalore - {994B5FB4-0103-44A6-B6B3-C73572B362BC} - C:\WINDOWS\system32\nss5B.dll backup-20080404-003355-449 O2 - BHO: cpmsky.biz browser optimizer - {BCA95E31-1FBF-4F84-8F23-1BA653007A1E} - C:\WINDOWS\system32\cpmsky.dll backup-20080404-003356-918 O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\cpmsky.dll" DllStart backup-20080429-011756-490 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 backup-20080429-011756-519 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR backup-20080429-011756-522 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR backup-20080429-011756-700 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 backup-20080429-011756-711 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR backup-20080429-011756-789 O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll backup-20080429-011756-886 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 backup-20080501-012225-921 O2 - BHO: adzgalore - {355bce16-8376-8574-8e39-68a3840ebca9} - C:\WINDOWS\system32\nsz40.dll backup-20080505-203729-353 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) backup-20080510-091108-580 O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\PrevxCSI.exe" /bootupreg backup-20080510-091158-819 O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\\PrevxCSI.exe -- File Associations ----------------------------------------------------------- [COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR] [COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR] [COLOR=red].js - JSFile - shell\open\command - C:\PROGRA~1\PANDAS~1\PANDAT~1\PAVSCRIP.EXE "%1" %*[/COLOR] [COLOR=red].scr - scrfile - shell\open\command - "%1" %*[/COLOR] [COLOR=red].vbs - VBSFile - shell\open\command - C:\PROGRA~1\PANDAS~1\PANDAT~1\PAVSCRIP.EXE "%1" %*[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 pxark - c:\windows\system32\drivers\pxark.sys R0 SnoopFree (SnoopFree Driver) - c:\windows\system32\drivers\snopfree.sys R1 ShldDrv (Panda File Shield Driver) - c:\windows\system32\drivers\shldrv51.sys R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys R2 cpoint (Panda CPoint Driver) - c:\windows\system32\drivers\cpoint.sys R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys R3 AvFlt (Antivirus Filter Driver) - c:\windows\system32\drivers\av5flt.sys (file missing) R3 ComFiltr (Panda Anti-Dialer) - c:\windows\system32\drivers\comfiltr.sys R3 PavSRK.sys - c:\windows\system32\pavsrk.sys (file missing) R3 PavTPK.sys - c:\windows\system32\pavtpk.sys (file missing) S3 catchme - c:\docume~1\andrew\locals~1\temp\catchme.sys (file missing) S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CTDevice_Srv (CT Device Query service) - c:\program files\creative\shared files\ctdevsrv.exe R2 RegSrvc - c:\windows\system32\regsrvc.exe R2 SnoopFreeSvc (Snoop Free Service) - system32\snoopfreesvc.exe -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-05-10 08:49:41 450 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job 2008-05-08 00:50:02 364 --a------ C:\WINDOWS\Tasks\XoftSpySE.job -- Files created between 2008-04-10 and 2008-05-10 ----------------------------- 2008-05-10 09:08:22 0 --a------ C:\WINDOWS\system32\drivers\ComFiltr.sys 2008-05-09 23:53:30 0 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys 2008-05-09 23:52:38 10880 --a------ C:\WINDOWS\system32\drivers\pxark.sys 2008-05-09 23:52:37 0 d-------- C:\Program Files\PrevxCSI 2008-05-09 23:52:32 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI 2008-05-09 19:22:55 0 dr-h----- C:\Documents and Settings\ANDREW\Recent 2008-05-09 15:47:29 0 d-------- C:\WINDOWS\Prefetch 2008-05-09 15:36:52 0 d-------- C:\WINDOWS\system32\scripting 2008-05-09 15:36:51 0 d-------- C:\WINDOWS\l2schemas 2008-05-09 15:36:50 0 d-------- C:\WINDOWS\system32\en 2008-05-09 15:36:50 0 d-------- C:\WINDOWS\system32\bits 2008-05-09 15:32:03 0 d-------- C:\WINDOWS\ServicePackFiles 2008-05-09 15:20:59 0 d-------- C:\WINDOWS\EHome 2008-05-09 11:06:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-09 11:03:38 0 d-------- C:\Program Files\SpywareGuard 2008-05-09 10:59:07 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-09 10:58:51 0 d-------- C:\Program Files\SpywareBlaster 2008-05-09 09:45:31 0 d-------- C:\WINDOWS\ERUNT 2008-05-08 00:49:57 0 d-------- C:\Program Files\XoftSpySE 2008-05-07 00:47:15 0 d-------- C:\Documents and Settings\ANDREW\Application Data\Malwarebytes 2008-05-07 00:47:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-07 00:47:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-06 16:34:12 0 d-------- C:\Program Files\SweetIM 2008-05-06 16:34:12 0 d-------- C:\Documents and Settings\All Users\Application Data\SweetIM 2008-05-04 10:52:03 0 d-------- C:\WINDOWS\PaltalkScene 2008-04-12 23:45:50 0 d-------- C:\Live! Cam -- Find3M Report --------------------------------------------------------------- 2008-05-10 01:55:03 0 d-------- C:\Documents and Settings\ANDREW\Application Data\SiteAdvisor 2008-05-09 15:37:24 0 d-------- C:\Program Files\Messenger 2008-05-09 15:36:49 0 d-------- C:\Program Files\Movie Maker 2008-05-09 15:31:32 0 d-------- C:\Program Files\Windows NT 2008-05-05 20:23:09 53873 --a------ C:\WINDOWS\system32\adzgalore-remove.exe 2008-05-04 23:47:18 0 d-------- C:\Program Files\Windows Live 2008-05-04 10:54:13 0 d-------- C:\Documents and Settings\ANDREW\Application Data\Paltalk 2008-05-04 10:52:12 0 d-------- C:\Program Files\Paltalk Messenger 2008-04-30 09:36:01 11336 --a------ C:\WINDOWS\system32\nvModes.dat 2008-04-15 16:20:59 0 d-------- C:\Documents and Settings\ANDREW\Application Data\Real 2008-04-12 23:48:12 0 d-------- C:\Program Files\Creative 2008-04-12 23:47:58 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-05 21:55:16 0 d-------- C:\Program Files\Common Files 2008-04-05 21:55:16 0 d-------- C:\Program Files\Common Files\SWF Studio 2008-04-03 23:45:08 0 d-------- C:\Program Files\Trend Micro 2008-04-03 23:09:06 0 d-------- C:\Program Files\Java 2008-03-19 21:39:29 0 d-------- C:\Documents and Settings\ANDREW\Application Data\Adobe 2008-02-12 19:11:38 90112 --a------ C:\WINDOWS\system32\SnoopFreeSvc.exe 2008-02-12 19:11:38 221184 --a------ C:\WINDOWS\SnoopFreeUI.exe 2008-02-12 19:11:38 45056 --a------ C:\WINDOWS\SnoopFreeDll.dll -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 03/27/2008 02:12 PM 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [03/27/2008 02:12 PM 1164600] [-HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/06/2005 07:52 PM] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [12/19/2005 09:08 AM] "ZCfgSvc.exe"="C:\WINDOWS\system32\ZCfgSvc.exe" [07/05/2005 01:32 AM] "PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [06/27/2005 08:31 AM] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM] "APVXDWIN"="C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.exe" [09/21/2007 11:33 AM] "SnoopFreeUI"="SnoopFreeUI.exe" [02/12/2008 07:11 PM C:\WINDOWS\SnoopFreeUI.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM] "V0350Mon.exe"="C:\WINDOWS\V0350Mon.exe" [08/23/2007 01:03 AM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/09/2008 11:05 AM] "SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [03/27/2008 07:31 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM] C:\Documents and Settings\ANDREW\Start Menu\Programs\Startup\ SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoLowDiskSpaceChecks"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 09/21/2007 11:33 AM 50736 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] C:\WINDOWS\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring] C:\WINDOWS\system32\LgNotify.dll 07/05/2005 01:33 AM 188482 C:\WINDOWS\system32\LgNotify.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalStart.lnk backup=C:\WINDOWS\pss\PalStart.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ANDREW^Start Menu^Programs^Startup^HotSync Manager.lnk] path=C:\Documents and Settings\ANDREW\Start Menu\Programs\Startup\HotSync Manager.lnk backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ANDREW^Start Menu^Programs^Startup^Morpheus.lnk] path=C:\Documents and Settings\ANDREW\Start Menu\Programs\Startup\Morpheus.lnk backup=C:\WINDOWS\pss\Morpheus.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ANDREW^Start Menu^Programs^Startup^VirtuaGirl HD.LNK] path=C:\Documents and Settings\ANDREW\Start Menu\Programs\Startup\VirtuaGirl HD.LNK backup=C:\WINDOWS\pss\VirtuaGirl HD.LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ANDREW^Start Menu^Programs^Startup^Webshots.lnk] path=C:\Documents and Settings\ANDREW\Start Menu\Programs\Startup\Webshots.lnk backup=C:\WINDOWS\pss\Webshots.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG] BCMSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /installquiet [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] eapsvcs eaphost dot3svc dot3svc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs napagent hkmsvc -- End of Deckard's System Scanner: finished at 2008-05-10 09:40:52 ------------