Deckard's System Scanner v20071014.68
Run by user on 2008-05-31 14:11:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-05-31 18:12:01 UTC - RP18 - Deckard's System Scanner Restore Point
2: 2008-05-31 02:05:58 UTC - RP17 - System Checkpoint
1: 2008-05-29 10:40:00 UTC - RP16 - Comodo Backup


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:13:16, on 2008-05-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Hypersight\hypersight.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\My Downloads\dss.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\DOCUME~1\user\Desktop\user.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.emirates.net.ae:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [Hypersight] C:\Program Files\Hypersight\hypersight.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193295166187
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: TosBtNP - C:\WINDOWS\SYSTEM32\TosBtNP.dll
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: WYEOJWPVO - Unknown owner - C:\DOCUME~1\user\LOCALS~1\Temp\WYEOJWPVO.exe (file missing)

--
End of file - 10214 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].txt - txtfile - shell\open\command - C:\WINDOWS\NOTEPAD.EXE %1[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 kernel (Hypersight Kernel) - c:\windows\system32\drivers\kernel.sys <Not Verified; ; Hypersight Rootkit Detector>
R0 TVALZ (TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver) - c:\windows\system32\drivers\tvalz.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Common Modules>
R1 TMEI3E - c:\windows\system32\drivers\tmei3e.sys <Not Verified; Toshiba Corporation; Toshiba Mobile Extension>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R2 FdRedir - c:\program files\common files\protector suite ql\drivers\fdredir.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R2 FileDisk2 (FileDisk Protector Kernel Driver) - c:\program files\common files\protector suite ql\drivers\filedisk.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 smihlp (SMI helper driver) - c:\program files\protector suite ql\smihlp.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 TEchoCan (Toshiba Audio Effect) - c:\windows\system32\drivers\techocan.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Mic Effect>
R3 tosrfec (Bluetooth ACPI from TOSHIBA) - c:\windows\system32\drivers\tosrfec.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth EC Driver>

S3 GoProto (GoProto Protocol Driver) - c:\windows\system32\drivers\goprot51.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics Network Module>
S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\idsdefs\20050901.036\symidsco.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 Tmesbs (Tmesbs32) - "c:\program files\toshiba\tme3\tmesbs32.exe" /service <Not Verified; TOSHIBA Corporation; TOSHIBA Mobile Extension Slim Select Bay Service>
R2 Tmesrv (Tmesrv3) - "c:\program files\toshiba\tme3\tmesrv31.exe" /service <Not Verified; TOSHIBA; TOSHIBA MobileExtension Service>

S2 Thpsrv (TOSHIBA HDD Protection) - c:\windows\system32\thpsrv.exe <Not Verified; TOSHIBA Corporation; TOSHIBA HDD Protection>
S3 WYEOJWPVO - c:\docume~1\user\locals~1\temp\wyeojwpvo.exe (file missing)
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-31 12:00:09       312 --a------ C:\WINDOWS\Tasks\Security Platform Backup Schedule.job
2008-05-31 09:00:00       356 --a------ C:\WINDOWS\Tasks\Clean.job
2008-03-01 02:00:00       354 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-04-30 and 2008-05-31 -----------------------------

2008-05-31 13:18:16      2454 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-31 13:11:36     53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-31 13:08:44     86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-31 13:08:44     82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-31 13:08:43     25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-31 13:08:43    289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-31 13:08:43    288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-31 13:08:43     82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-31 13:08:43     51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-31 10:58:32         0 dr-hs---- C:\cmdcons
2008-05-31 10:58:30         0 d-------- C:\WINDOWS\setup.pss
2008-05-31 10:58:14         0 d-------- C:\WINDOWS\setupupd
2008-05-31 09:24:56     98816 --a------ C:\WINDOWS\sed.exe
2008-05-30 15:43:03     46592 --a------ C:\WINDOWS\system32\drivers\kernel.sys <Not Verified; ; Hypersight Rootkit Detector>
2008-05-30 15:43:03         0 d-------- C:\Program Files\Hypersight
2008-05-30 15:23:25         0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-05-30 15:23:21         0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-05-30 15:15:57         0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-30 14:51:17         0 dr-h----- C:\Documents and Settings\user\Recent
2008-05-30 14:49:57         0 d-------- C:\Program Files\Yahoo!
2008-05-29 19:24:41         0 d-------- C:\Documents and Settings\user\Application Data\McAfee
2008-05-29 14:15:02         0 d-------- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor
2008-05-29 14:14:57         0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-05-29 14:14:31         0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-29 13:48:45         0 d-------- C:\Documents and Settings\Administrator\Application Data\ACD Systems
2008-05-29 13:15:42         0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-29 13:00:23         0 d-------- C:\WINDOWS\CSC
2008-05-29 06:37:58         0 d-------- C:\temp_phw
2008-05-28 12:54:46         0 d-------- C:\Security Platform
2008-05-28 12:29:55         0 d-------- C:\Documents and Settings\All Users\Application Data\BOC426
2008-05-28 12:29:47         0 d-------- C:\Program Files\Comodo
2008-05-27 10:16:41         0 d-------- C:\Documents and Settings\All Users\Application Data\Transparent
2008-05-27 10:16:39         0 d-------- C:\Program Files\Transparent
2008-05-24 08:43:04         0 d-------- C:\Documents and Settings\user\Application Data\Logitech
2008-05-24 08:34:23     69632 --a------ C:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-05-24 08:34:23    110592 --a------ C:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-05-24 08:34:23    135168 --a------ C:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-05-24 08:34:23    163840 --a------ C:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-05-24 08:33:54         0 d-------- C:\Program Files\Common Files\Logitech
2008-05-23 19:25:49         0 d-------- C:\Program Files\Windows Resource Kits
2008-05-23 18:25:00         0 d-------- C:\WINDOWS\system32\Adobe
2008-05-23 09:37:45         0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-23 09:37:45         0 d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-05-23 09:37:35     21419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
2008-05-23 09:36:54         0 d-------- C:\Documents and Settings\Default User\Application Data\Intel
2008-05-23 09:36:54         0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-23 09:36:54         0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-23 09:35:40         0 d-------- C:\Documents and Settings\user\Application Data\Intel
2008-05-23 09:34:34         0 d-------- C:\inteltemp
2008-05-23 09:29:55         0 d-------- C:\TOSHIBA
2008-05-23 09:17:52         0 d-------- C:\HDD Protection.temp
2008-05-23 08:53:00         0 d-------- C:\Documents and Settings\Administrator\Application Data\Infineon
2008-05-23 08:52:59         0 d-------- C:\Documents and Settings\user\Application Data\Infineon
2008-05-23 08:52:59         0 d-------- C:\Documents and Settings\All Users\Application Data\Infineon
2008-05-23 08:51:54         0 d-------- C:\Program Files\Infineon
2008-05-23 08:27:37         0 d-------- C:\tm51v360
2008-05-23 08:18:10         0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-05-23 08:18:10         0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-05-23 08:14:46         0 d-------- C:\Program Files\IObit
2008-05-23 08:01:30         0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-23 08:01:24         0 d-------- C:\Program Files\SpywareBlaster
2008-05-22 20:40:15         0 d-------- C:\Program Files\ewido anti-spyware 4.0
2008-05-22 15:06:23     68096 --a------ C:\WINDOWS\zip.exe
2008-05-22 15:06:23     49152 --a------ C:\WINDOWS\VFind.exe
2008-05-22 15:06:23    212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-22 15:06:23    136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-22 15:06:23    161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-22 15:06:23     80412 --a------ C:\WINDOWS\grep.exe
2008-05-22 15:06:23     89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-22 15:06:23     98816 --a------ C:\WINDOWS\_sed.exe
2008-05-22 13:38:18         0 d-------- C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-05-22 13:38:10         0 d-------- C:\Documents and Settings\user\Application Data\SiteAdvisor
2008-05-22 13:16:46         0 d--h----- C:\Documents and Settings\All Users\Application Data\GTek
2008-05-22 13:16:30         0 d-------- C:\Program Files\Recuva
2008-05-22 13:12:35         0 d-------- C:\Downloads
2008-05-22 13:10:21         0 d-------- C:\Documents and Settings\user\Application Data\Software Informer
2008-05-22 13:10:15         0 d-------- C:\Program Files\Software Informer
2008-05-22 13:10:12         0 d-------- C:\Documents and Settings\user\Application Data\Free Download Manager
2008-05-22 13:10:04         0 d-------- C:\Program Files\Free Download Manager
2008-05-22 13:10:04         0 d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-05-22 13:01:06         0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-22 12:59:45         0 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-05-22 07:26:28     11254 --a------ C:\WINDOWS\system32\locate.com
2008-05-22 07:24:51         0 d-------- C:\MGtools
2008-05-20 06:51:58       664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-16 14:14:48         0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-13 11:13:50         0 d-------- C:\Program Files\Microsoft Research
2008-05-11 16:20:12         0 d-------- C:\Program Files\CCleaner
2008-05-11 15:58:54         0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-11 14:39:05         0 d-------- C:\Documents and Settings\user\.housecall6.6
2008-05-11 13:36:03         0 d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-05-11 13:35:57         0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-11 13:35:56         0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-11 12:50:14         0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-11 10:53:13         0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-11 10:53:01         0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-11 10:53:01         0 d-------- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2008-05-11 10:49:40   1239551 --a------ C:\MGtools.exe


-- Find3M Report ---------------------------------------------------------------

2008-05-31 13:56:59         0 d-------- C:\Documents and Settings\user\Application Data\Skype
2008-05-29 19:46:06         0 d-------- C:\Documents and Settings\user\Application Data\SI Swimsuit Calendar
2008-05-29 19:42:57         0 d-------- C:\Program Files\SiteAdvisor
2008-05-29 15:03:20         0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-05-27 10:16:39         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-24 08:36:11         0 d-------- C:\Program Files\Logitech
2008-05-24 08:33:54         0 d-------- C:\Program Files\Common Files
2008-05-23 18:26:18         0 d-------- C:\Documents and Settings\user\Application Data\Adobe
2008-05-22 13:16:54         0 d--h----- C:\Documents and Settings\user\Application Data\GTek
2008-05-22 08:33:23         0 d-------- C:\Program Files\Windows Live
2008-05-22 08:26:43         0 d-------- C:\Program Files\Trackmaker
2008-05-22 08:24:59         0 d-------- C:\Program Files\Google
2008-05-22 08:21:33         0 d-------- C:\Program Files\Toshiba
2008-05-15 14:40:28     36632 --a------ C:\Documents and Settings\user\Application Data\Comma Separated Values (Windows).ADR
2008-05-11 10:52:26         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-11 09:19:20         0 d-------- C:\Program Files\Plaxo
2008-05-11 09:18:54         0 d-------- C:\Program Files\PC Inspector File Recovery
2008-05-11 09:16:28         0 d-------- C:\Program Files\Runtime Software
2008-05-11 08:10:11         0 d-------- C:\Program Files\ComcastToolbar
2008-05-05 08:14:19         0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-04 18:08:14         0 d-------- C:\Program Files\Recovery
2008-04-22 07:11:26    102262 --a------ C:\WINDOWS\hpoins05.dat
2008-04-21 22:36:11         0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-21 21:16:35         0 d-------- C:\Program Files\HP
2008-04-21 20:22:11         0 d-------- C:\Documents and Settings\user\Application Data\eFax Messenger
2008-04-21 20:13:10         0 --a------ C:\WINDOWS\system32\eFax_4_3_Port
2008-04-18 12:57:29         0 d-------- C:\Program Files\QuickTime
2008-04-18 12:53:35         0 d-------- C:\Program Files\Apple Software Update
2008-04-17 23:05:33         0 d-------- C:\Program Files\Linksys EasyLink Advisor
2008-04-17 11:22:50         0 d-------- C:\Program Files\PayPal
2008-04-16 10:14:58         0 d-------- C:\Program Files\HP Photosmart 11
2008-04-11 10:09:45    102364 --a------ C:\WINDOWS\hpqins13.dat
2008-04-02 07:22:14         0 d-------- C:\Program Files\McAfee


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 09:02]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32]
"BOC-426"="C:\PROGRA~1\Comodo\CBOClean\BOC426.exe" [2008-04-10 11:08]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2006-07-24 16:28]
"Hypersight"="C:\Program Files\Hypersight\hypersight.exe" [2008-04-16 01:10]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-16 15:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 07:26]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-21 05:43]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-01-17 11:10]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-05-24 08:46:37]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-24 08:45:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 08:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-21 05:43 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 
psqlpwd.dll 2005-12-21 14:42 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TosBtNP] 
TosBtNP.dll 2006-01-28 07:49 61440 C:\WINDOWS\system32\TosBtNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" -autorun
"fsm"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
"IFXSPMGT"=C:\WINDOWS\system32\IFXSPMGT.exe /NotifyLogon
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
"T-Mobile Connection Manager"="C:\Program Files\T-Mobile\Connection Manager\TMobileCM.exe" -a
"!ewido"="C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized




-- End of Deckard's System Scanner: finished at 2008-05-31 14:14:42 ------------