Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Newbie here. Please Help me with dss.exe log info....

Started by MrKrinkle , Apr 13 2008 09:21 PM

  • Please log in to reply

#1
MrKrinkle
Posted 13 April 2008 - 09:21 PM

MrKrinkle

    New Member

  • Member
  • Pip
  • 1 posts
Hello to anyone that can help me. This is my first DSS scan and I do not
any knowledge of how to decifer what it means. Can you please look it over
and let me know if I have anything I need to fix.

Thanks in advance!

Neal


DSS MAIN.TXT

Deckard's System Scanner v20071014.68
Run by larry on 2008-04-13 22:05:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
21: 2008-04-14 03:05:08 UTC - RP21 - Deckard's System Scanner Restore Point
20: 2008-04-14 02:47:50 UTC - RP20 - Revo Uninstaller's restore point - AMUST Registry Cleaner
19: 2008-04-14 02:36:00 UTC - RP19 - Removed SUPERAntiSpyware Professional
18: 2008-04-14 02:35:44 UTC - RP18 - Revo Uninstaller's restore point - SUPERAntiSpyware Professional
17: 2008-04-14 02:34:06 UTC - RP17 - Revo Uninstaller's restore point - HijackThis 2.0.2


-- First Restore Point --
1: 2008-04-12 18:38:43 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-13 22:08:23
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\larry\Desktop\tempdownload\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://home.microsof...search.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update Protocols] updr32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update Protocols] updr32.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O15 - Trusted Zone: https://listen.com (HKCU)
O15 - Trusted Zone: https://llnwd (HKCU)
O15 - Trusted Zone: https://download.ptc.com (HKCU)
O15 - Trusted Zone: https://www.ptc.com (HKCU)
O15 - Trusted Zone: https://real.com (HKCU)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.micros...cs/i386/fhg.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://protect.micro...b?1097469232250
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124308411578
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...h/ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} () - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} () - https://www-secure.s.../ActiveData.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Groove Installer Service (GrooveInstallerService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe


--
End of file - 12083 bytes

-- File Associations -----------------------------------------------------------

.scr - scrfile - shell\open\command - "%1" %*
.txt - unable to read key
.txt - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - c:\windows\system32\drivers\sfsync03.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R0 Vax347b - c:\windows\system32\drivers\vax347b.sys
R0 Vax347s - c:\windows\system32\drivers\vax347s.sys
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 ISODrive (ISO CD-ROM Device Driver) - c:\program files\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 DS1410D - c:\windows\system32\drivers\ds1410d.sys
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 Vcs (Vcs support) - c:\windows\system32\drivers\vcs.sys
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys <Not Verified; ; Low-Level Driver>
S3 aeaudio - c:\windows\system32\drivers\aeaudio.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 LUMDriver - c:\windows\system32\drivers\lumdriver.sys <Not Verified; IBM; LUM application>
S3 neokdss - c:\windows\system32\drivers\neokdss.sys (file missing)
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; Politecnico di Torino; NPF Driver>
S3 Sntnlusb (Rainbow USB SuperPro) - c:\windows\system32\drivers\sntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S2 PavPrSrv (Panda Process Protection Service) -
S2 SfCtlCom (Trend Micro Central Control Component) -
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 GrooveInstallerService (Groove Installer Service) - c:\program files\groove networks\groove\bin\grooveinstallerservice.exe <Not Verified; Groove Networks, Inc.; Installer Service Module>
S3 TmPfw (Trend Micro Personal Firewall) -
S3 tmproxy (Trend Micro Proxy Service) -
S4 NMIndexingService -
S4 Norman ZANDA -


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0
Service:

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_SCSIVAX&PROD_DVD/CD-ROM&REV_2.7A\2&82095AC&0&000
Manufacturer: (Standard CD-ROM drives)
Name: SCSIVAX DVD/CD-ROM SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_SCSIVAX&PROD_DVD/CD-ROM&REV_2.7A\2&82095AC&0&000
Service: cdrom


-- Scheduled Tasks -------------------------------------------------------------

2008-04-13 22:00:00 486 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-04-12 01:23:21 560 --a------ C:\WINDOWS\Tasks\larry scan and fix.job
2008-04-12 01:02:56 550 --a------ C:\WINDOWS\Tasks\larry backup.job
2008-04-09 22:44:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-13 and 2008-04-13 -----------------------------

2008-04-13 21:43:33 0 d-------- C:\Program Files\Avant Browser
2008-04-12 14:06:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-04-12 14:06:20 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-04-12 14:01:26 0 d-------- C:\Program Files\Roxio
2008-04-12 13:27:05 0 d-------- C:\WINDOWS\Prefetch
2008-04-12 12:21:25 0 d-------- C:\Program Files\msn gaming zone
2008-04-12 12:20:30 0 --a------ C:\AUTOEXEC.BAT
2008-04-12 11:45:34 0 d-------- C:\WINDOWS\setup.pss
2008-04-12 06:48:51 0 d-------- C:\WINDOWS\dell
2008-04-11 13:11:46 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-11 12:55:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-11 12:50:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-10 22:25:50 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-04-08 15:49:19 0 dr-h----- C:\Documents and Settings\larry\Recent
2008-04-05 21:11:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-05 21:01:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
2008-04-02 17:50:52 0 d-------- C:\PROEPICTURES
2008-04-02 12:57:37 0 d-------- C:\Program Files\Right Hemisphere
2008-04-02 12:27:23 0 d-------- C:\proetutorials
2008-03-31 18:16:23 0 d-------- C:\Program Files\ptc_distributed_services
2008-03-31 15:48:19 0 d-------- C:\WILDFIRE4.0STARTUPDIR
2008-03-31 15:46:26 0 d-------- C:\WILDFIRE4.0LICENCE
2008-03-29 14:00:31 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-29 12:40:52 0 d-------- C:\Documents and Settings\larry\Application Data\TuneUp Software
2008-03-28 10:18:00 0 d-------- C:\C4D_TEST_RENDERS
2008-03-28 10:17:06 0 d-------- C:\C4D_TESTPROJECTS
2008-03-28 08:05:47 0 d-------- C:\Program Files\QuickTime
2008-03-27 10:56:15 53248 --a------ C:\WINDOWS\system32\zlib.dll <Not Verified; ; ZLib.DLL>
2008-03-27 10:56:15 22528 --a------ C:\WINDOWS\system32\wnaspi32.DLL <Not Verified; Adaptec; EZ-SCSI>
2008-03-27 10:56:15 85504 --a------ C:\WINDOWS\system32\HTMLWH.DLL <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic>
2008-03-27 10:55:16 0 d-------- C:\Program Files\polytrans
2008-03-26 22:27:02 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-26 22:27:02 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-26 22:27:02 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-26 22:27:02 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-26 22:27:02 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-26 22:27:02 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-26 22:27:02 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-26 22:11:12 0 d-------- C:\Documents and Settings\larry\Application Data\polytrans
2008-03-26 21:25:25 0 d-------- C:\Program Files\cebas
2008-03-26 19:14:33 0 d-------- C:\Program Files\CINEMA 4D R10
2008-03-26 17:32:37 0 d-------- C:\Documents and Settings\larry\Application Data\Malwarebytes
2008-03-26 17:32:29 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-26 17:32:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-26 17:32:08 0 d-------- C:\Program Files\Common Files\Download Manager
2008-03-26 16:33:45 3850 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-26 13:42:46 0 d-------- C:\3DCAD&RENDERING
2008-03-26 12:43:01 2304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-03-26 12:43:01 15840 --a------ C:\WINDOWS\system32\Machnm1.exe
2008-03-25 21:17:09 0 d-------- C:\Program Files\Apple Software Update
2008-03-25 19:58:19 264704 --a------ C:\WINDOWS\system32\hlvdd.dll <Not Verified; Aladdin Knowledge Systems; Hardlock Win32 DLL>
2008-03-25 19:58:19 6656 --a------ C:\WINDOWS\system32\haspvdd.dll <Not Verified; Aladdin Knowledge Systems.; Windows NT HASP Virtual Device Driver>
2008-03-25 19:58:19 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-03-25 19:58:19 47616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
2008-03-25 19:58:10 20032 -ra------ C:\WINDOWS\system32\drivers\SNTNLUSB.SYS <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>
2008-03-25 19:58:00 0 d-------- C:\WINDOWS\system32\RNBOSENT
2008-03-25 19:57:55 7328 --a------ C:\WINDOWS\system32\drivers\ds1410d.sys
2008-03-25 19:57:52 0 d-------- C:\Program Files\GLOBEtrotter Software Inc
2008-03-25 19:46:02 0 d-------- C:\FLEXLM
2008-03-24 11:03:00 0 d-------- C:\Program Files\Motion Technologies
2008-03-23 00:22:59 0 d-------- C:\Documents and Settings\larry\Application Data\atitray
2008-03-23 00:22:01 0 d-------- C:\Program Files\Ray Adams
2008-03-22 12:55:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-22 12:18:15 0 d-------- C:\PROEPROJECTS
2008-03-22 10:26:11 0 d-------- C:\Documents and Settings\larry\Application Data\Earthsim
2008-03-21 12:32:06 4096 --a------ C:\WINDOWS\system32\crash
2008-03-21 10:55:10 0 d-------- C:\Documents and Settings\larry\Application Data\ATI
2008-03-21 10:55:10 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-03-21 10:51:37 0 d-------- C:\Program Files\Steam
2008-03-21 10:48:06 593920 --a------ C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-03-21 10:47:02 0 d-------- C:\Program Files\ATI Technologies
2008-03-21 10:46:00 0 d-------- C:\ATI
2008-03-20 22:33:51 0 d-------- C:\3DMARK06
2008-03-20 20:42:24 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-03-20 03:03:59 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
2008-03-20 03:03:59 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
2008-03-20 03:03:44 0 d-------- C:\Program Files\Sygate
2008-03-20 02:21:21 192512 --a------ C:\WINDOWS\system32\kdfvmgr.exe <Not Verified; ??????; ?????? KdfVMgr>
2008-03-20 02:21:21 53248 --a------ C:\WINDOWS\system32\Kdfhok.dll <Not Verified; Kings Information & Network; Kings kdfhok>
2008-03-20 02:21:21 77824 --a------ C:\WINDOWS\system32\kdfapi.dll <Not Verified; Kings Information & Network; lab kdfapi>
2008-03-20 02:21:20 0 d-------- C:\WINDOWS\kdefense
2008-03-20 02:21:19 846336 --a------ C:\WINDOWS\system32\kdfinj.dll <Not Verified; Bluegem Security; LocalSSL kdfinj Library>
2008-03-20 01:06:32 0 d-------- C:\WINDOWS\LocalSSL
2008-03-19 23:40:26 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-03-19 23:40:26 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-03-19 23:40:26 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-03-19 23:40:24 0 d-------- C:\Program Files\Trojan Remover
2008-03-19 23:40:24 0 d-------- C:\Documents and Settings\larry\Application Data\Simply Super Software
2008-03-19 23:40:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-03-18 21:27:27 0 d-------- C:\Program Files\Common Files\McNeel Shared
2008-03-18 21:25:46 0 d-------- C:\Program Files\Rhinoceros 4.0
2008-03-17 17:05:12 0 d-------- C:\Program Files\SafeNet Sentinel
2008-03-17 17:05:11 0 d-------- C:\Program Files\Common Files\SafeNet Sentinel
2008-03-17 17:03:31 0 d-------- C:\Program Files\NewTek
2008-03-16 12:35:30 0 d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-03-16 12:34:18 0 d-------- C:\Documents and Settings\larry\Application Data\GRETECH
2008-03-16 12:33:53 0 d-------- C:\Program Files\GRETECH
2008-03-13 14:12:30 3972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2008-03-13 14:12:30 5632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys <Not Verified; EnTech Taiwan; EnTech.sys>
2008-03-13 14:12:30 21664 --a------ C:\WINDOWS\system32\drivers\Entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
2008-03-13 14:12:29 0 d-------- C:\WINDOWS\system32\Futuremark
2008-03-13 14:08:55 0 d-------- C:\Program Files\Futuremark


-- Find3M Report ---------------------------------------------------------------

2008-04-13 21:36:14 0 d-------- C:\Documents and Settings\larry\Application Data\SUPERAntiSpyware.com
2008-04-13 21:36:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-13 21:35:22 0 d-------- C:\Program Files\Trend Micro
2008-04-13 21:15:17 0 d-------- C:\Documents and Settings\larry\Application Data\Azureus
2008-04-13 17:00:35 0 d-------- C:\Program Files\Common Files
2008-04-13 00:03:01 0 d-------- C:\Program Files\PokerStars
2008-04-12 14:02:28 0 d-------- C:\Documents and Settings\larry\Application Data\Sonic
2008-04-12 12:17:58 23348 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-12 09:59:46 0 d-------- C:\Documents and Settings\larry\Application Data\Vso
2008-04-12 09:59:43 668 --a------ C:\Documents and Settings\larry\Application Data\vso_ts_preview.xml
2008-04-11 12:54:02 0 d-------- C:\Program Files\Windows NT
2008-04-10 21:27:01 0 d-------- C:\Program Files\Java
2008-04-09 07:49:28 0 d-------- C:\Program Files\Opera
2008-04-04 17:54:17 0 d-------- C:\Documents and Settings\larry\Application Data\Microgaming
2008-04-02 07:54:01 0 d-------- C:\Program Files\Pixologic
2008-04-01 23:05:50 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-01 23:05:48 0 d-------- C:\Program Files\Common Files\Alias Shared
2008-04-01 23:03:39 0 d-------- C:\Program Files\Autodesk
2008-04-01 22:49:00 0 d-------- C:\Program Files\Bunkspeed
2008-03-31 18:14:34 0 d-------- C:\Program Files\proeWildfire 4.0
2008-03-26 16:24:30 0 d-------- C:\Program Files\ewido anti-malware
2008-03-26 12:42:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-25 09:16:45 0 d-------- C:\Program Files\TechSmith
2008-03-24 20:27:25 0 d-------- C:\Program Files\Virtual Mechanics
2008-03-23 11:24:46 90088 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-03-22 20:13:42 0 d-------- C:\Program Files\SoundSpectrum
2008-03-22 20:12:18 0 d-------- C:\Program Files\Microsoft Works
2008-03-22 19:23:26 39696 --a------ C:\Documents and Settings\larry\Application Data\wklnhst.dat
2008-03-22 16:30:29 0 d-------- C:\Program Files\Atari
2008-03-22 12:55:48 0 d-------- C:\Program Files\Bonjour
2008-03-22 10:44:34 0 d-------- C:\Program Files\Auslogics
2008-03-22 00:30:01 0 d-------- C:\Program Files\Google
2008-03-21 23:55:06 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-21 23:31:21 0 d-------- C:\Documents and Settings\larry\Application Data\Adobe
2008-03-21 11:16:38 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-03-21 01:18:31 0 d-------- C:\Program Files\Shockwave.com
2008-03-20 10:29:35 0 d-------- C:\Program Files\RootKit Hook Analyzer
2008-03-20 02:12:17 0 d-------- C:\Program Files\Alwil Software
2008-03-16 00:38:08 0 d-------- C:\Documents and Settings\larry\Application Data\Bioshock
2008-03-15 12:58:31 0 d-------- C:\Program Files\PowerISO
2008-03-14 11:56:25 0 d-------- C:\Documents and Settings\larry\Application Data\SoundSpectrum
2008-03-13 03:03:24 0 d-------- C:\Program Files\Azureus
2008-03-12 23:19:56 0 d-------- C:\Documents and Settings\larry\Application Data\Auslogics
2008-03-12 22:17:48 0 d-------- C:\Program Files\ToniArts
2008-03-11 00:02:17 0 d-------- C:\Program Files\Lavalys
2008-03-10 19:06:27 0 d-------- C:\Program Files\Bethesda Softworks
2008-03-09 18:26:14 0 d-------- C:\Program Files\HP
2008-03-07 23:07:06 0 d-------- C:\Program Files\ptchelpWildfire 4.0
2008-03-03 15:44:04 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-03 08:47:59 0 d-------- C:\Program Files\Moffsoft FreeCalc
2008-02-26 23:01:21 0 d-------- C:\Program Files\FreeRIP3
2008-02-21 00:29:31 0 d-------- C:\Program Files\Common Files\Ahead
2008-02-20 19:53:37 0 d-------- C:\Documents and Settings\larry\Application Data\Ahead
2008-02-20 18:49:43 0 d-------- C:\Program Files\Common Files\LightScribe
2008-02-20 18:40:35 0 d-------- C:\Program Files\Nero
2008-02-20 15:23:21 0 d-------- C:\Program Files\bobyte
2008-02-19 01:34:01 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-02-19 01:12:25 0 d-------- C:\Program Files\Paradox Interactive
2008-02-18 22:08:55 0 d-------- C:\Program Files\OpenAL
2008-02-14 05:13:33 0 d-------- C:\Program Files\Picasa2
2008-02-13 02:54:37 0 d-------- C:\Program Files\flexlm
2008-02-08 22:19:35 36 -rah----- C:\WINDOWS\sued.dat
2008-02-02 16:05:39 34 --a------ C:\Documents and Settings\larry\Application Data\pcouffin.log
2008-02-02 16:03:22 47360 --a------ C:\Documents and Settings\larry\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-02 16:03:22 1144 --a------ C:\Documents and Settings\larry\Application Data\pcouffin.inf
2008-02-02 16:03:22 7887 --a------ C:\Documents and Settings\larry\Application Data\pcouffin.cat
2008-01-18 11:49:14 137 --a------ C:\WINDOWS\system32\DeleteOcx.cmd


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [04/13/2008 04:35 PM]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [10/15/2004 07:40 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 02:42 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Update Protocols"=updr32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtqr

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^4 Warn Alert.lnk]
backup=C:\WINDOWS\pss\4 Warn Alert.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^larry^Start Menu^Programs^Startup^Installation Monitor.lnk]
backup=C:\WINDOWS\pss\Installation Monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update Protocols]
updr32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAM Idle Professional]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCDEmuApp.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"iPodService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Microsoft Update Protocols"=updr32.exe




-- End of Deckard's System Scanner: finished at 2008-04-13 22:09:47



DSS EXTRA.TXT

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.06GHz
CPU 1: Intel® Pentium® 4 CPU 3.06GHz
Percentage of Memory in Use: 24%
Physical Memory (total/avail): 2046.98 MiB / 1546.02 MiB
Pagefile Memory (total/avail): 3942.74 MiB / 3667.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.18 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.5 GiB total, 27.64 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)
K: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380011A - 74.5 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.5 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)
AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
AV: Trend Micro Internet Security Pro v16.00.1679 () Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\trlrm\\RMHSvc.exe"="C:\\WINDOWS\\trlrm\\RMHSvc.exe:*:Enabled:RMHSvc.exe"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\EA GAMES\\American McGee's Alice\\alice.exe"="C:\\Program Files\\EA GAMES\\American McGee's Alice\\alice.exe:*:Enabled:American McGee's Alice"
"C:\\Program Files\\Global Star Software\\Luxury Liner Tycoon\\Cruise.exe"="C:\\Program Files\\Global Star Software\\Luxury Liner Tycoon\\Cruise.exe:*:Enabled:Main Executable"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\iMesh\\iMesh5\\iMesh.exe"="C:\\Program Files\\iMesh\\iMesh5\\iMesh.exe:*:Disabled:iMesh 5"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Disabled:Kazaa"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Disabled:BF1942"
"C:\\Program Files\\EA GAMES\\Battlefield 1942 Secret Weapons of WWII Demo\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942 Secret Weapons of WWII Demo\\BF1942.exe:*:Disabled:BF1942"
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"="C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat:*:Disabled:The Battle for Middle-earth ™"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Disabled:Yahoo! Messenger"
"C:\\Program Files\\Common Files\\4 Warn Alert\\TrueWeather.exe"="C:\\Program Files\\Common Files\\4 Warn Alert\\TrueWeather.exe:*:Enabled:TrueWeather"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Program Files\\Infogrames Interactive\\Monopoly\\Monopoly.exe"="C:\\Program Files\\Infogrames Interactive\\Monopoly\\Monopoly.exe:*:Enabled:Monopoly"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Documents and Settings\\larry\\Local Settings\\Temp\\ptc12EA_tmp.exe"="C:\\Documents and Settings\\larry\\Local Settings\\Temp\\ptc12EA_tmp.exe:*:Enabled:ptc12EA_tmp"
"C:\\Documents and Settings\\larry\\Local Settings\\Temp\\ptc133A_tmp.exe"="C:\\Documents and Settings\\larry\\Local Settings\\Temp\\ptc133A_tmp.exe:*:Enabled:ptc133A_tmp"
"C:\\Documents and Settings\\larry\\Local Settings\\Temp\\ptc1370_tmp.exe"="C:\\Documents and Settings\\larry\\Local Settings\\Temp\\ptc1370_tmp.exe:*:Enabled:ptc1370_tmp"
"C:\\Documents and Settings\\larry\\Local Settings\\Temp\\ptc1378_tmp.exe"="C:\\Documents and Settings\\larry\\Local Settings\\Temp\\ptc1378_tmp.exe:*:Enabled:ptc1378_tmp"
"C:\\Program Files\\proeWildfire\\i486_nt\\nms\\nmsd.exe"="C:\\Program Files\\proeWildfire\\i486_nt\\nms\\nmsd.exe:*:Enabled:nmsd"
"C:\\Program Files\\proeWildfire\\i486_nt\\obj\\pro_comm_msg.exe"="C:\\Program Files\\proeWildfire\\i486_nt\\obj\\pro_comm_msg.exe:*:Enabled:pro_comm_msg"
"C:\\Program Files\\proeWildfire\\i486_nt\\obj\\xtop.exe"="C:\\Program Files\\proeWildfire\\i486_nt\\obj\\xtop.exe:*:Enabled:xtop"
"C:\\Documents and Settings\\larry\\Local Settings\\Temp\\ptc13AF_tmp.exe"="C:\\Documents and Settings\\larry\\Local Settings\\Temp\\ptc13AF_tmp.exe:*:Enabled:ptc13AF_tmp"
"C:\\Documents and Settings\\larry\\Local Settings\\Temp\\ptc13B4_tmp.exe"="C:\\Documents and Settings\\larry\\Local Settings\\Temp\\ptc13B4_tmp.exe:*:Enabled:ptc13B4_tmp"
"C:\\Documents and Settings\\larry\\Local Settings\\Temp\\ptc141F_tmp.exe"="C:\\Documents and Settings\\larry\\Local Settings\\Temp\\ptc141F_tmp.exe:*:Disabled:ptc141F_tmp"
"C:\\Documents and Settings\\larry\\Local Settings\\Temp\\ptc1430_tmp.exe"="C:\\Documents and Settings\\larry\\Local Settings\\Temp\\ptc1430_tmp.exe:*:Disabled:ptc1430_tmp"
"C:\\Program Files\\PTC Collaboration Tools\\i486_nt\\nms\\nmsd.exe"="C:\\Program Files\\PTC Collaboration Tools\\i486_nt\\nms\\nmsd.exe:*:Disabled:nmsd"
"C:\\Program Files\\Firefly Studios\\CivCity Rome\\CivCity Rome.exe"="C:\\Program Files\\Firefly Studios\\CivCity Rome\\CivCity Rome.exe:*:Enabled:CivCity Rome"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe"="C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe:*:Enabled:Active Virus Shield"
"C:\\Program Files\\proeWildfire 3.0\\i486_nt\\nms\\nmsd.exe"="C:\\Program Files\\proeWildfire 3.0\\i486_nt\\nms\\nmsd.exe:*:Enabled:nmsd"
"C:\\Program Files\\proeWildfire 3.0\\i486_nt\\obj\\pro_comm_msg.exe"="C:\\Program Files\\proeWildfire 3.0\\i486_nt\\obj\\pro_comm_msg.exe:*:Enabled:pro_comm_msg"
"C:\\Program Files\\proeWildfire 3.0\\i486_nt\\obj\\xtop.exe"="C:\\Program Files\\proeWildfire 3.0\\i486_nt\\obj\\xtop.exe:*:Enabled:xtop"
"C:\\Program Files\\proeWildfire 3.0\\bin\\proe.exe"="C:\\Program Files\\proeWildfire 3.0\\bin\\proe.exe:*:Enabled:Pro/ENGINEER"
"C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\WINDOWS\\trlrm\\RMHSvc.exe"="C:\\WINDOWS\\trlrm\\RMHSvc.exe:*:Enabled:RMHSv

Edited by MrKrinkle, 13 April 2008 - 09:53 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP