Deckard's System Scanner v20071014.68 Run by Steve on 2008-05-15 21:18:41 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 13: 2008-05-15 05:14:32 UTC - RP115 - Windows Update 12: 2008-05-14 22:49:40 UTC - RP114 - Windows Update 11: 2008-05-14 09:25:10 UTC - RP113 - Scheduled Checkpoint 10: 2008-05-12 18:41:11 UTC - RP112 - Windows Update 9: 2008-05-11 01:12:35 UTC - RP111 - Device Driver Package Install: Symantec Network Service -- First Restore Point -- 1: 2008-05-09 04:00:19 UTC - RP101 - Scheduled Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Steve.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:21:27 PM, on 5/15/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Nero\Nero8\InCD\NBHGui.exe C:\Program Files\Nero\Nero8\InCD\InCD.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\mobsync.exe C:\Users\Steve\Desktop\dss.exe C:\Windows\system32\DllHost.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Steve.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {F1AC0C77-606E-4A6E-B377-D31E5DAC9E0F} - C:\Users\Steve\AppData\Local\Temp\yaYsRhGX.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe" O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [BM6da55368] Rundll32.exe "C:\Windows\system32\pwavdgeh.dll",s O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 8525 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080515-211242-212 O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Steve\AppData\Local\Temp\yaYsRhGX.dll,c backup-20080515-211242-421 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - backup-20080515-211242-432 O2 - BHO: {b4e5c276-a9d8-880a-4794-47423e9308db} - {bd8039e3-2474-4974-a088-8d9a672c5e4b} - C:\Windows\system32\flttugpg.dll (file missing) backup-20080515-211242-515 O2 - BHO: (no name) - {29360568-19FB-48F0-B295-C9DC73C7C4B6} - (no file) backup-20080515-211242-607 O4 - HKCU\..\Run: [BM6da55368] Rundll32.exe "C:\Users\Steve\AppData\Local\Temp\jekvodjw.dll",s -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 MDFSYSNT (MacDrive file system driver) - c:\windows\system32\drivers\mdfsysnt.sys R0 MDPMGRNT - c:\windows\system32\drivers\mdpmgrnt.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" R2 MacDriveService - "c:\program files\mediafour\macdrive 7\macdriveservice.exe" R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe -- Device Manager: Disabled ---------------------------------------------------- Class GUID: Description: Mass Storage Controller Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_9015104D&REV_00\4&32B6E616&0&3AF0 Manufacturer: Name: Mass Storage Controller PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_9015104D&REV_00\4&32B6E616&0&3AF0 Service: -- Scheduled Tasks ------------------------------------------------------------- 2008-05-12 23:08:11 480 --a------ C:\Windows\Tasks\Norton AntiVirus - Run Full System Scan - Steve.job -- Files created between 2008-04-15 and 2008-05-15 ----------------------------- 2008-05-15 21:03:45 125952 --a------ C:\Windows\system32\pwavdgeh.dll 2008-05-14 21:56:39 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5 2008-05-13 22:25:36 0 d-------- C:\Program Files\Trend Micro 2008-05-11 03:31:37 125440 --a------ C:\Windows\system32\ifkwwcgn.dll 2008-05-10 21:12:07 0 d-------- C:\Program Files\Norton AntiVirus 2008-05-10 15:24:51 0 d-------- C:\Users\All Users\Mediafour 2008-05-10 15:24:51 0 d-------- C:\Program Files\Common Files\Mediafour 2008-05-10 14:08:06 0 d-------- C:\Program Files\Mediafour 2008-05-10 14:02:33 0 d-------- C:\Windows\system32\appmgmt 2008-04-28 21:20:57 0 d-------- C:\Users\All Users\Office Genuine Advantage 2008-04-28 21:02:49 0 d-------- C:\Program Files\Apple Software Update -- Find3M Report --------------------------------------------------------------- 2008-05-14 21:58:11 0 d-------- C:\Users\Steve\AppData\Roaming\Mozilla 2008-05-14 18:53:29 0 d-------- C:\Program Files\Windows Mail 2008-05-10 21:53:51 0 d-------- C:\Users\Steve\AppData\Roaming\LimeWire 2008-05-10 21:38:16 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-05-10 21:18:23 0 d-------- C:\Program Files\Common Files 2008-05-10 21:15:02 0 d-------- C:\Program Files\Symantec 2008-04-28 21:03:52 0 d-------- C:\Program Files\Safari 2008-04-11 17:23:54 38400 --a------ C:\Windows\system32\SoundSchemes.exe 2008-04-07 03:24:02 0 d-------- C:\Users\Steve\AppData\Roaming\iSerial Reader 2008-04-07 01:03:09 174 --ahs---- C:\Program Files\desktop.ini 2008-04-07 00:51:22 0 d-------- C:\Program Files\Windows Sidebar 2008-04-07 00:51:22 0 d-------- C:\Program Files\Windows Calendar 2008-04-07 00:51:22 0 d-------- C:\Program Files\Movie Maker 2008-04-07 00:51:19 0 d-------- C:\Program Files\Windows Collaboration 2008-04-07 00:51:18 0 d-------- C:\Program Files\Windows Journal 2008-04-07 00:51:17 0 d-------- C:\Program Files\Windows Photo Gallery 2008-04-07 00:51:11 0 d-------- C:\Program Files\Windows Defender 2008-04-06 19:31:17 0 d-------- C:\Program Files\Soulseek 2008-04-06 02:37:37 0 d-------- C:\Program Files\iTunes 2008-04-06 02:37:32 0 d-------- C:\Program Files\iPod 2008-04-06 02:35:15 0 d-------- C:\Program Files\QuickTime 2008-04-05 14:05:29 0 d-------- C:\Program Files\Microsoft Silverlight 2008-04-04 18:22:51 0 d-------- C:\Users\Steve\AppData\Roaming\acccore 2008-04-04 18:22:22 0 d-------- C:\Program Files\AIM6 2008-04-04 18:19:50 0 d-------- C:\Program Files\Common Files\AOL 2008-04-04 14:42:27 0 d-------- C:\Program Files\MixMeister 2008-04-04 02:24:43 0 d-------- C:\Users\Steve\AppData\Roaming\Talkback 2008-04-03 00:21:33 0 d-------- C:\Program Files\Common Files\InstallShield 2008-04-02 22:39:49 0 d-------- C:\Users\Steve\AppData\Roaming\Apple Computer 2008-04-02 20:09:03 0 d-------- C:\Program Files\MixMeister Fusion 2008-04-01 00:55:43 0 d-------- C:\Program Files\Synaptics 2008-03-31 23:27:47 0 d-------- C:\Users\Steve\AppData\Roaming\OPHD 2008-03-31 23:17:18 171136 -rahs---- C:\grldr 2008-03-31 23:13:09 0 d-------- C:\Users\Steve\AppData\Roaming\WinRAR 2008-03-31 21:53:51 0 d-------- C:\Program Files\Intel 2008-03-31 19:36:13 0 d-------- C:\Users\Steve\AppData\Roaming\Adobe 2008-03-31 19:31:48 0 d-------- C:\Program Files\Common Files\Adobe 2008-03-31 18:35:54 0 d-------- C:\Program Files\BitLocker 2008-03-31 15:09:33 0 d-------- C:\Users\Steve\AppData\Roaming\Symantec 2008-03-30 21:45:39 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-03-30 21:45:02 0 d-------- C:\Users\Steve\AppData\Roaming\InstallShield 2008-03-30 21:29:21 0 d-------- C:\Program Files\Java 2008-03-30 21:14:07 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-03-30 21:13:39 0 d-------- C:\Program Files\MSXML 4.0 2008-03-30 20:42:29 0 d-------- C:\Program Files\Microsoft Works 2008-03-30 20:41:34 0 d-------- C:\Program Files\MSBuild 2008-03-30 20:39:52 0 d-------- C:\Users\Steve\AppData\Roaming\MixMeister Technology 2008-03-30 20:39:24 0 d-------- C:\Program Files\Microsoft.NET 2008-03-30 20:36:28 0 d-------- C:\Program Files\Microsoft Visual Studio 8 2008-03-30 20:14:38 0 d-------- C:\Program Files\NeroInstall.bak 2008-03-30 20:12:42 0 d-------- C:\Users\Steve\AppData\Roaming\Nero 2008-03-30 20:11:27 0 d-------- C:\Program Files\Common Files\Nero 2008-03-30 20:09:49 0 d-------- C:\Program Files\Nero 2008-03-30 19:49:37 0 d-------- C:\Program Files\MixMeister BPM Analyzer 2008-03-30 19:47:35 0 d-------- C:\Users\Steve\AppData\Roaming\Macromedia 2008-03-30 19:26:11 0 d-------- C:\Program Files\Filetopia3 2008-03-30 18:56:36 0 d-------- C:\Program Files\Bonjour 2008-03-30 18:53:45 0 d-------- C:\Program Files\Common Files\Apple 2008-03-30 18:51:07 0 d-------- C:\Program Files\LimeWire 2008-03-30 18:50:14 0 d-------- C:\Program Files\Common Files\Java 2008-03-29 20:22:17 0 d-------- C:\Program Files\Microsoft Games 2008-03-29 17:29:02 0 d-------- C:\Program Files\Sony 2008-03-29 17:19:46 0 d-------- C:\Users\Steve\AppData\Roaming\Identities -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 05/10/2008 09:18 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1AC0C77-606E-4A6E-B377-D31E5DAC9E0F}] 05/10/2008 03:28 PM 372736 --a------ C:\Users\Steve\AppData\Local\Temp\yaYsRhGX.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 03:38 AM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM] "SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [02/28/2008 01:04 PM] "InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe" [02/28/2008 01:03 PM] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/03/2007 01:26 PM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [02/11/2008 08:13 PM] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [02/11/2008 08:13 PM] "Persistence"="C:\Windows\system32\igfxpers.exe" [02/11/2008 08:13 PM] "{B179023B-6238-4499-8F26-CD73E9D90E0A}"="C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe" [07/12/2007 10:57 AM] "MDGetStarted.exe"="C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" [06/13/2007 01:23 PM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 09:47 PM] "BM6da55368"="C:\Windows\system32\pwavdgeh.dll" [05/15/2008 09:03 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" [] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 05:07 PM] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [01/19/2008 03:33 AM] "Aim6"="" [] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/19/2008 03:33 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableLUA"=0 (0x0) "EnableUIADesktopToggle"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5C060FE2-B3CA-47DD-B68E-BD1A6E297226}"= C:\Windows\system32\ddcaAPFx.dll [ ] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\Users\Steve\AppData\Local\Temp\yaYsRhGX [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc GPSvcGroup GPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8fe6613-045e-11dd-a24a-0013a9f08e31}] AutoRun\command- E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b98e15ea-215b-11dd-8078-0013a9f08e31}] AutoRun\command- F:\PortableVault.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 8381 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-05-15 21:24:29 ------------