Deckard's System Scanner v20071014.68 Run by Dr.Tilak on 2008-07-01 15:33:30 Computer is in Normal Mode. -------------------------------------------------------------------------------- [color=red]System Drive C: has 1.41 GiB (less than 15%) free.[/color] -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-07-01 15:34:00 Platform: Windows Vista Service Pack 1 (6.00.6001) MSIE: Internet Explorer (7.00.6000.16386) Boot mode: Normal Running processes: C:\Windows\System32\dwm.exe C:\Windows\System32\taskeng.exe C:\Windows\explorer.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Windows\System32\ico.exe C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\CA\eTrust Antivirus\Realmon.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\tsnp2std.exe C:\Windows\vsnp2std.exe C:\Program Files\iZZi driver\izziReminder.exe C:\Program Files\Apoint\Apoint.exe C:\Windows\sttray.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Windows\System32\rundll32.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\iZZi driver\iZZi_UTD_UTU\iBurst_Terminal_UTL.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\ApntEx.exe C:\Program Files\Apoint\hidfind.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\mobsync.exe C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe C:\Windows\System32\wbem\unsecapp.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\utorrent.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Common Files\Skyscape\SmartUpdate.exe C:\Program Files\skyscape\Desktop\smARTalerts\smARTalerts.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Windows\System32\notepad.exe C:\Users\Dr.Tilak\Desktop\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell.com/content/default.aspx?c=my&l=en&s=gen R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = mysklu-dc01:8080 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe O4 - HKLM\..\Run: [izziReminder] C:\Program Files\iZZi driver\izziReminder.exe /background O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [Intense Registry Service] IntEdReg.exe /CHECK O4 - HKLM\..\Run: [5698e9fa] rundll32.exe "C:\Windows\system32\gjpujpbu.dll",b O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user') O4 - Startup: iZZi_UTD_UTU.lnk = C:\Program Files\iZZi driver\iZZi_UTD_UTU\iBurst_Terminal_UTL.exe O4 - Startup: Skyscape SmartUpdate.lnk = C:\Program Files\Common Files\Skyscape\SmartUpdate.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: QuickSet.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O15 - Trusted Zone: http://hychoo (HKCU) O15 - Trusted IP Range: http://192.168.19.56 (HKCU) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: Bluetooth Feature Support (BthFilterHelper) - CSR, plc - C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\System32\IoctlSvc.exe O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\System32\stacsv.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: VMware Converter Service (ufad-p2v) - VMware, Inc. - C:\Program Files\VMware\VMware Converter\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\System32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\System32\vmnat.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe -- End of file - 12023 bytes -- Files created between 2008-06-01 and 2008-07-01 ----------------------------- 2008-06-30 19:38:27 0 d-a------ C:\Users\All Users\TEMP 2008-06-30 13:35:43 0 d-------- C:\Program Files\Lavasoft 2008-06-30 13:35:42 0 d-------- C:\Users\All Users\Lavasoft 2008-06-30 11:51:08 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-06-30 11:50:48 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-06-30 11:50:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-30 03:06:12 68096 --a------ C:\Windows\zip.exe 2008-06-30 03:06:12 161792 --a------ C:\Windows\swreg.exe 2008-06-30 03:06:12 98816 --a------ C:\Windows\sed.exe 2008-06-30 03:06:12 80412 --a------ C:\Windows\grep.exe 2008-06-30 03:06:12 89504 --a------ C:\Windows\fdsv.exe 2008-06-30 03:06:11 49152 --a------ C:\Windows\VFind.exe 2008-06-30 03:06:11 136704 --a------ C:\Windows\swsc.exe 2008-06-30 03:05:35 212480 --a------ C:\Windows\swxcacls.exe 2008-06-29 19:42:21 0 d-------- C:\Program Files\Windows Live Safety Center 2008-06-29 19:32:09 0 d-------- C:\Users\All Users\Nero 2008-06-29 19:32:09 0 d-------- C:\Program Files\Nero 2008-06-29 19:32:08 0 d-------- C:\Program Files\Common Files\Nero 2008-06-26 11:36:59 0 d-------- C:\Program Files\AviSynth 2.5 2008-06-26 11:36:31 0 d-------- C:\Program Files\Avi2Dvd 2008-06-25 15:28:16 0 d-------- C:\Users\All Users\vsosdk 2008-06-24 15:51:08 0 d-------- C:\Program Files\uTorrent 2008-06-24 15:29:29 217127 --a------ C:\Windows\system32\drv43260.dll 2008-06-24 15:29:29 208935 --a------ C:\Windows\system32\drv33260.dll 2008-06-24 15:29:29 176165 --a------ C:\Windows\system32\drv23260.dll 2008-06-24 15:29:29 65602 --a------ C:\Windows\system32\cook3260.dll 2008-06-24 15:29:28 626688 --a------ C:\Windows\system32\vp7vfw.dll 2008-06-24 15:29:27 0 d-------- C:\Program Files\VSO 2008-06-24 14:09:43 0 d-------- C:\Program Files\AC3Filter 2008-06-24 14:01:49 0 d-------- C:\Program Files\VistaCodecPack 2008-06-24 14:01:04 0 d-------- C:\Users\All Users\VistaCodecs 2008-06-23 16:46:05 368912 --a------ C:\Windows\system32\vbar332.dll 2008-06-23 16:46:04 0 d-------- C:\Program Files\EasyDVDConverter 2008-06-23 10:58:22 0 d-------- C:\Program Files\Common Files\PX Storage Engine 2008-06-23 10:58:20 0 d-------- C:\Program Files\DivX 2008-06-23 10:27:41 0 d-------- C:\Users\All Users\DFX 2008-06-23 10:27:40 0 d-------- C:\Program Files\Common Files\DFX 2008-06-23 10:19:30 40960 --a------ C:\Windows\system32\MMAVILNG.exe 2008-06-23 10:19:30 0 d-------- C:\Program Files\Morgan 2008-06-20 10:32:02 0 d-------- C:\Users\All Users\Bomgar-SCC-485B16A2 2008-06-17 14:17:00 0 d-------- C:\Users\All Users\Bomgar-SCC-485756DC 2008-06-16 16:05:44 176235 --a------ C:\Windows\system32\Primomonnt.dll 2008-06-16 16:05:42 0 d-------- C:\Windows\PrimoPDF4 2008-06-16 16:05:42 0 d-------- C:\Program Files\activePDF 2008-06-12 21:45:49 0 d-------- C:\Users\All Users\eMule 2008-06-12 21:45:29 0 d-------- C:\Program Files\eMule 2008-06-12 20:36:38 7680 --a------ C:\Windows\system32\ff_vfw.dll 2008-06-12 19:25:06 966656 --a------ C:\Windows\system32\VSFilter.dll 2008-06-12 11:42:26 0 d-------- C:\Users\All Users\Applications -- Find3M Report --------------------------------------------------------------- 2008-07-01 15:33:54 0 d-------- C:\Users\Dr.Tilak\AppData\Roaming\uTorrent 2008-07-01 15:27:16 0 d-------- C:\Users\Dr.Tilak\AppData\Roaming\Skype 2008-07-01 15:02:01 0 d-------- C:\Users\Dr.Tilak\AppData\Roaming\skypePM 2008-07-01 14:57:42 229460 --a------ C:\Users\Dr.Tilak\AppData\Roaming\nvModes.dat 2008-07-01 14:57:42 229460 --a------ C:\Users\Dr.Tilak\AppData\Roaming\nvModes.001 2008-07-01 06:37:47 0 d-------- C:\Program Files\Common Files\Skyscape 2008-06-30 14:40:51 12 --a------ C:\Windows\bthservsdp.dat 2008-06-30 11:50:48 0 d-------- C:\Users\Dr.Tilak\AppData\Roaming\SUPERAntiSpyware.com 2008-06-30 11:50:20 0 d-------- C:\Program Files\Common Files 2008-06-29 20:09:21 0 d-------- C:\Program Files\Amazing CD & DVD Burner 2008-06-29 19:37:17 0 d-------- C:\Users\Dr.Tilak\AppData\Roaming\Nero 2008-06-26 17:23:46 0 d-------- C:\Users\Dr.Tilak\AppData\Roaming\VMware 2008-06-25 15:43:01 668 --a------ C:\Users\Dr.Tilak\AppData\Roaming\vso_ts_preview.xml 2008-06-25 15:43:01 0 d-------- C:\Users\Dr.Tilak\AppData\Roaming\Vso 2008-06-24 15:30:20 34 --a------ C:\Users\Dr.Tilak\AppData\Roaming\pcouffin.log 2008-06-24 15:29:33 7887 --a------ C:\Users\Dr.Tilak\AppData\Roaming\pcouffin.cat 2008-06-24 14:44:00 0 d-------- C:\Users\Dr.Tilak\AppData\Roaming\DivX 2008-06-19 14:30:36 724992 --a------ C:\Windows\iun6002.exe 2008-06-16 16:43:33 5644 --a------ C:\Users\Dr.Tilak\AppData\Roaming\PrimoPDFSet.xml 2008-06-16 16:42:38 310 --a------ C:\Users\Dr.Tilak\AppData\Roaming\APUSet.xml 2008-06-13 15:02:46 9370 --a------ C:\Users\Dr.Tilak\AppData\Roaming\Tab Separated Values (Windows).EML 2008-06-13 15:02:46 9352 --a------ C:\Users\Dr.Tilak\AppData\Roaming\Microsoft Excel.EML 2008-06-12 17:05:45 0 d-------- C:\Program Files\Yahoo! 2008-06-11 14:22:34 0 d-------- C:\Program Files\Windows Mail 2008-06-10 13:07:06 38475 --a------ C:\Users\Dr.Tilak\AppData\Roaming\Microsoft Excel.ADR 2008-05-25 12:43:50 0 d-------- C:\Program Files\FPDFC 2008-05-16 18:17:20 0 d-------- C:\Program Files\skyscape 2008-05-07 13:33:27 0 d-------- C:\Program Files\Common Files\VMware 2008-05-07 13:33:23 0 d-------- C:\Program Files\VMware 2008-05-05 15:16:44 0 d-------- C:\Program Files\ABC DVD Copy 2008-05-04 22:33:05 0 d-------- C:\Program Files\AVS4YOU 2008-05-04 22:08:30 0 d-------- C:\Program Files\Common Files\AVSMedia 2008-04-10 15:41:32 174 --ahs---- C:\Program Files\desktop.ini 2008-04-10 14:52:29 152576 --a------ C:\Windows\system32\SPWizUI.dll 2008-04-10 14:40:14 1263 --a------ C:\reset.cmd -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [23/08/2007 09:26 AM] "PMX Daemon"="ICO.EXE" [08/11/2006 03:01 PM C:\Windows\System32\ico.exe] "WavXMgr"="C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [15/02/2007 05:31 PM] "SecureUpgrade"="C:\Program Files\Wave Systems Corp\SecureUpgrade.exe" [08/03/2007 04:43 PM] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [12/02/2007 01:37 PM] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [27/07/2004 04:50 PM] "PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [20/10/2006 05:23 PM] "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [06/04/2004 05:14 PM] "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [] "tsnp2std"="C:\Windows\tsnp2std.exe" [22/05/2006 10:37 AM] "snp2std"="C:\Windows\vsnp2std.exe" [15/05/2006 03:52 PM] "izziReminder"="C:\Program Files\iZZi driver\izziReminder.exe" [26/06/2007 05:11 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 10:16 PM] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [16/04/2007 08:49 PM] "SigmatelSysTrayApp"="sttray.exe" [17/04/2007 10:02 PM C:\Windows\sttray.exe] "NvSvc"="C:\Windows\system32\nvsvc.dll" [04/10/2007 09:24 PM] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [04/10/2007 09:24 PM] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [04/10/2007 09:24 PM] "NVHotkey"="C:\Windows\system32\nvHotkey.dll" [04/10/2007 09:24 PM] "Intense Registry Service"="IntEdReg.exe" [10/08/2000 10:32 AM C:\Windows\System32\intedreg.exe] "5698e9fa"="C:\Windows\system32\gjpujpbu.dll" [] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [18/02/2008 05:29 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [18/01/2008 11:33 PM] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [28/02/2008 06:07 PM] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33 AM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" C:\Users\Dr.Tilak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ iZZi_UTD_UTU.lnk - C:\Program Files\iZZi driver\iZZi_UTD_UTU\iBurst_Terminal_UTL.exe [3/29/2006 3:25:00 AM] Skyscape SmartUpdate.lnk - C:\Program Files\Common Files\Skyscape\SmartUpdate.exe [6/17/2008 5:33:26 AM] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/23/2007 9:30:33 AM] QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [8/23/2007 9:28:49 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableLUA"=0 (0x0) "FilterAdministratorToken"=1 (0x1) "EnableUIADesktopToggle"=0 (0x0) "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{0CCB7673-04D5-4DE7-916B-384A3642BAF4}"= C:\Windows\system32\ddcDwWpP.dll [ ] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 AM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Shell"="Explorer.exe C:\WINDOWS\Config\csrss.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 wvauth [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient SstpSvc LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt LocalServiceNoNetwork PLA DPS BFE mpssvc LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg bthsvcs BthServ WindowsMobile wcescomm rapimgr LocalServiceRestricted WcesComm RapiMgr GPSvcGroup GPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1df635de-664e-11dc-b7f7-001a6b8ad1b3}] Auto\command- F:\pagefile.exe AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\pagefile.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28a4a650-076c-11dd-ba1b-ecccb8b46851}] Auto\command- F:\MicrosoftPowerPoint.exe AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\MicrosoftPowerPoint.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49ea95f2-eb1f-11dc-8f2c-c97056e35489}] Auto\command- pagefile.exe AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{670758cf-1a49-11dd-8508-d5f661c492fe}] AutoRun\command- F:\loader.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d47d5204-6991-11dc-b6a3-001c23909133}] AutoRun\command- WScript.exe Iexplore.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec087d7b-2c5b-11dd-ad90-942f06cf93f2}] AutoRun\command- F:\ie.exe explore\Command- F:\ie.exe open\Command- F:\ie.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3d3a5ac-e5d2-11dc-a9d4-808eb8346552}] Auto\command- pagefile.exe AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-07-01 15:35:13 ------------