Deckard's System Scanner v20071014.68 Run by Welcome on 2008-08-09 00:19:53 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 13: 2008-08-08 18:49:56 UTC - RP231 - Deckard's System Scanner Restore Point 12: 2008-08-08 18:37:40 UTC - RP230 - Printer Driver Nitro PDF Driver 5 Installed 11: 2008-08-08 18:37:17 UTC - RP229 - Printer Driver Nitro PDF Driver 5 Installed 10: 2008-08-08 18:36:55 UTC - RP228 - Printer Driver Nitro PDF Driver 5 Installed 9: 2008-08-06 15:41:44 UTC - RP227 - System Checkpoint -- First Restore Point -- 1: 2008-08-03 09:10:41 UTC - RP219 - Printer Driver Nitro PDF Driver 5 Installed Backed up registry hives. Performed disk cleanup. [color=red]System Drive C: has 0.81 GiB (less than 15%) free.[/color] -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-08-09 00:24:00 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\eScan\Vista\avpmapp.exe C:\Program Files\eScan\TRAYSSER.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE C:\Program Files\eScan\CONSCTL.EXE C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\DAP\DAP.exe C:\Program Files\eScan\TRAYICOS.EXE C:\Program Files\Common Files\MicroWorld\Agent\MWAGENT.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Tally\tallylicserver.exe C:\Tally\tally72.exe C:\Documents and Settings\Welcome\Application Data\m\flec006.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\eScan\Vista\escanmon.exe C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Welcome\My Documents\My Completed Downloads\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {61D176B3-4AE0-4521-9107-741BF4E34403} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\PROGRA~1\eScan\LAUNCH.EXE" /startup O4 - HKLM\..\Run: [mwavscan_autoscan] "C:\PROGRA~1\eScan\mwavscan.com" /s /AUTORUNBOOT O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - (no file) O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://www.zapak.com/games/87/TriJinx.1.0.0.60.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} () - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211991369343 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} (CPlayFirstSandScriptControl Object) - http://www.zapak.com/games/332/SandScript.1.0.0.21.cab O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{474274AF-BF53-407F-941A-A876A80E07FD}: NameServer = 61.1.96.69,61.1.96.71 O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{FF87A27A-7802-49B4-A223-9638F62C7727}: NameServer = 61.1.96.69,61.1.96.71 O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: eScan Monitor Service - MicroWorld Technologies Inc. - C:\Program Files\eScan\Vista\avpmapp.exe O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\Program Files\eScan\TRAYSSER.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Tally License Server (NT) (Tally License Server) - Unknown owner - C:\Tally\tallylicserver.exe O24 - Desktop Component 0: - http://l.yimg.com/us.js.yimg.com/lib/pim/r/medici/16_11/mail/mailcommonlib.js -- End of file - 12065 bytes -- File Associations ----------------------------------------------------------- [COLOR=red].reg - regfile - shell\open\command - regedit.exe "%1" %*[/COLOR] [COLOR=red].scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\notepad.exe" "%1"[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 srosa (Megadrv3) - c:\windows\system32\drivers\srosa.sys R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys R3 ProcObsrves (Process Creation Monitor) - c:\program files\escan\procobsrves.sys S3 slnt (Silan SC92031 PCI Fast Ethernet Adapter) - c:\windows\system32\drivers\slnt.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe R2 eScan Monitor Service - c:\progra~1\escan\vista\avpmapp.exe R2 eScan-trayicos (eScan Server-Updater) - c:\progra~1\escan\traysser.exe R2 MWAgent - c:\program files\common files\microworld\agent\mwaser.exe R2 Tally License Server (Tally License Server (NT)) - c:\tally\tallylicserver.exe -s S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: System Interrupt Controller Device ID: PCI\VEN_1106&DEV_5364&SUBSYS_00000000&REV_00\3&2411E6FE&0&05 Manufacturer: Name: System Interrupt Controller PNP Device ID: PCI\VEN_1106&DEV_5364&SUBSYS_00000000&REV_00\3&2411E6FE&0&05 Service: -- Scheduled Tasks ------------------------------------------------------------- 2008-08-03 20:00:02 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job 2008-06-18 00:12:58 346 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1204915249.job -- Files created between 2008-07-09 and 2008-08-09 ----------------------------- 2008-08-08 23:36:41 0 d-------- C:\Program Files\Trend Micro 2008-08-08 22:50:56 0 d-------- C:\327882R2FWJFW 2008-08-08 22:49:31 0 d-------- C:\Combo-Fix 2008-08-08 22:45:56 68349 --a------ C:\WINDOWS\system32\mdelk.exe 2008-08-08 22:37:47 21312 --a------ C:\WINDOWS\choice.exe 2008-08-08 22:37:26 0 d-------- C:\ie-spyad 2008-08-08 22:24:15 0 dr-h----- C:\Documents and Settings\Welcome\Recent 2008-08-07 23:34:14 0 d-------- C:\Documents and Settings\Welcome\Application Data\Malwarebytes 2008-08-07 23:34:10 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-07 23:34:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-03 21:33:45 0 d-------- C:\Program Files\CDisplay 2008-08-03 14:45:16 0 d-------- C:\WINDOWS\LastGood.Tmp 2008-08-03 14:26:02 0 d-------- C:\PUB 2008-08-03 14:24:50 136730 --a------ C:\WINDOWS\winsbak2.reg 2008-08-03 14:24:50 14936 --a------ C:\WINDOWS\winsbak.reg 2008-08-03 14:24:49 0 d-------- C:\Documents and Settings\remoteservice\Templates 2008-08-03 14:24:49 0 d-------- C:\Documents and Settings\remoteservice\Start Menu 2008-08-03 14:24:49 0 d-------- C:\Documents and Settings\remoteservice\Favorites 2008-08-03 14:24:49 0 d-------- C:\Documents and Settings\remoteservice\Documents 2008-08-03 14:24:49 0 d-------- C:\Documents and Settings\remoteservice\Desktop 2008-08-03 14:24:49 0 d-------- C:\Documents and Settings\remoteservice\Application Data 2008-08-03 14:24:49 0 d-------- C:\Documents and Settings\LocalService\Templates 2008-08-03 14:24:49 0 d-------- C:\Documents and Settings\LocalService\Start Menu 2008-08-03 14:24:49 0 d-------- C:\Documents and Settings\LocalService\Favorites 2008-08-03 14:24:49 0 d-------- C:\Documents and Settings\LocalService\Documents 2008-08-03 14:24:49 0 d-------- C:\Documents and Settings\LocalService\Desktop 2008-08-03 14:24:48 0 d-------- C:\Documents and Settings\NetworkService\Desktop 2008-08-03 14:24:47 0 d-------- C:\Program Files\Common Files\MicroWorld 2008-08-03 14:24:20 49152 --a------ C:\WINDOWS\killproc.exe 2008-08-03 14:24:14 509952 --a------ C:\WINDOWS\system32\eInstall.exe 2008-08-03 14:24:13 155648 --a------ C:\WINDOWS\system32\mwnsp.dll 2008-08-03 14:24:13 1540096 --a------ C:\WINDOWS\system32\contfilt.dll 2008-08-03 14:24:12 130560 --a------ C:\WINDOWS\system32\ZIPDLL.DLL 2008-08-03 14:24:12 125440 --a------ C:\WINDOWS\system32\UNZDLL.DLL 2008-08-03 14:24:12 8464 --a------ C:\WINDOWS\system32\sporder.dll 2008-08-03 14:24:12 425984 --a------ C:\WINDOWS\system32\mwtsp.dll 2008-08-03 14:24:12 32768 --a------ C:\WINDOWS\system32\esmxlog.dll 2008-08-03 14:24:12 8192 --a------ C:\WINDOWS\sporder.exe 2008-08-03 14:24:12 8464 --a------ C:\WINDOWS\sporder.dll 2008-08-03 14:24:12 97280 --a------ C:\WINDOWS\inst_tspx.exe 2008-08-03 14:24:12 57344 --a------ C:\WINDOWS\inst_tsp.exe 2008-08-03 14:24:10 0 d-------- C:\WINDOWS\system32\FLCSS.EXE 2008-08-03 14:24:10 0 d-------- C:\WINDOWS\system32\ES_SETUP 2008-08-03 14:24:10 0 d-------- C:\Program Files\eScan 2008-08-03 14:24:10 0 d-------- C:\AVPDOS 2008-07-26 00:10:24 0 d-------- C:\Program Files\mIRC 2008-07-18 23:15:52 0 d-------- C:\Documents and Settings\Welcome\.housecall6.6 2008-07-16 00:39:27 0 d-------- C:\Documents and Settings\Welcome\Application Data\Nitro PDF 2008-07-16 00:37:45 0 d-------- C:\Program Files\Nitro PDF 2008-07-16 00:37:45 0 d-------- C:\Program Files\Common Files\Nitro PDF 2008-07-16 00:37:45 0 d-------- C:\Program Files\Common Files\BCL Technologies 2008-07-16 00:37:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Nitro PDF 2008-07-15 22:56:44 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-15 22:56:20 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll 2008-07-15 22:56:17 0 d-------- C:\Program Files\DAP 2008-07-15 21:46:11 0 d-------- C:\pdfedit2 2008-07-15 21:41:14 0 d-------- C:\pdfedit 2008-07-12 23:39:16 30720 --a------ C:\WINDOWS\system32\rrr.EXE 2008-07-12 22:28:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-07-12 22:22:52 0 d-------- C:\temp 2008-07-12 21:31:58 0 d-------- C:\WINDOWS\system32\Adobe 2008-07-11 21:55:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-07-11 21:55:55 0 d-------- C:\WINDOWS\system32\Kaspersky Lab -- Find3M Report --------------------------------------------------------------- 2008-07-26 00:19:16 90876 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-07-05 23:07:24 0 d-------- C:\Program Files\Common Files\Ahead 2008-06-23 23:54:38 0 d-------- C:\Program Files\TheLearningPit 2008-06-19 23:37:22 0 d-------- C:\Program Files\Ahead 2008-06-19 22:40:52 1220 --a------ C:\WINDOWS\system32\yybdgMoq.ini2 2008-05-22 21:26:04 0 --a------ C:\WINDOWS\nsreg.dat 2008-05-12 15:23:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61D176B3-4AE0-4521-9107-741BF4E34403}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [09/21/2006 04:36 PM C:\WINDOWS\system32\VTTimer.exe] "S3Trayp"="S3trayp.exe" [02/06/2007 07:30 AM C:\WINDOWS\system32\S3Trayp.exe] "HDAudDeck"="C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe" [05/11/2007 03:47 PM] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/02/2007 02:52 AM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/31/2008 11:13 PM] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/24/2008 10:00 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM] "SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [05/15/2007 03:55 PM] "InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [05/15/2007 03:55 PM] "DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [07/15/2008 10:56 PM] "Nitro PDF Printer Monitor"="C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [07/10/2008 01:59 PM] "eScan Updater"="C:\PROGRA~1\eScan\TRAYICOS.exe" [07/11/2008 04:35 PM] "MailScan Dispatcher"="C:\PROGRA~1\eScan\LAUNCH.exe" [07/16/2008 04:10 PM] "mwavscan_autoscan"="C:\PROGRA~1\eScan\mwavscan.com /s /AUTORUNBOOT" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:54 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 12:00 PM] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [5/13/2008 11:54:58 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ClearRecentDocsOnExit"=1 (0x1) "NoRecentDocsMenu"=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 nwprovau C:\WINDOWS\system32\qoMgdbyy [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ade6824-b6e7-11dc-8001-00e0206049c4}] AutoRun\command- I:\ explore\Command- I:\RECYCLER\autorun.exe -ExploreCurDir open\Command- I:\RECYCLER\autorun.exe -OpenCurDir -- End of Deckard's System Scanner: finished at 2008-08-09 00:24:49 ------------