as requested
Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-25 11:58:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Failed to create restore point; System Restore is disabled (service is not running).
-- Last 5 Restore Point(s) --
6: 2008-04-25 00:58:54 UTC - RP6 - ComboFix created restore point
5: 2008-04-23 12:13:26 UTC - RP5 - Installed Windows Installer KB893803v2.
4: 2008-04-23 11:23:29 UTC - RP4 - Removed Google Earth.
3: 2008-04-22 16:59:11 UTC - RP3 - Installed ErrorSmart
2: 2008-04-22 15:56:29 UTC - RP2 - Unsigned driver install
-- First Restore Point --
1: 2008-04-22 15:48:33 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 448 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-25 11:59:49
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\WinReanimator\WinReanimator.exe
C:\Program Files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Desktop\dss22.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ieR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.comR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.google.com/search?q=%sR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ieR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ieR1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: (no name) - - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinReanimator] "C:\Program Files\WinReanimator\WinReanimator.exe" /hide
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [jdgf894jrghoiiskd] C:\WINDOWS\TEMP\winlogan.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Service Pack 1] C:\WINDOWS\System32\vedxg6ame4.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [jdgf894jrghoiiskd] C:\WINDOWS\TEMP\winlogan.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Service Pack 1] C:\WINDOWS\System32\vedxg6ame4.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macr...ash/swflash.cabO18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: lDbygiFghaRNwYW - {44A7743A-EE0D-DE90-4441-CB946BE9BCEF} - C:\WINDOWS\system32\kpdfw.dll
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! mail scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! web scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 5866 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 sasdifsv - c:\program files\superantispyware\sasdifsv.sys
R1 saskutil - c:\program files\superantispyware\saskutil.sys
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>
S1 AFS2K - c:\windows\system32\drivers\afs2k.sys
S1 ydhqzop - c:\windows\ydhqzop.sys (file missing)
S3 catchme - c:\docume~1\owner~1.you\locals~1\temp\catchme.sys (file missing)
S3 sasenum - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 uploadmgr (Upload Manager) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROM_NEC_DVD+RW_ND-2100AD___________________1.26____\5&22AC9DF0&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: _NEC DVD+RW ND-2100AD
PNP Device ID: IDE\CDROM_NEC_DVD+RW_ND-2100AD___________________1.26____\5&22AC9DF0&0&0.0.0
Service: cdrom
-- Scheduled Tasks -------------------------------------------------------------
2008-04-22 18:56:41 408 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-04-22 09:01:33 272 --a------ C:\WINDOWS\Tasks\Easy Internet Sign-up.job
2006-11-04 15:34:18 402 --a------ C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
-- Files created between 2008-03-25 and 2008-04-25 -----------------------------
2008-04-24 21:09:09 0 d-------- C:\Program Files\WinReanimator
2008-04-24 20:54:37 0 d-------- C:\!KillBox
2008-04-24 20:30:59 0 d-------- C:\VundoFix Backups
2008-04-24 20:23:35 17408 --a------ C:\WINDOWS\braviax.exe
2008-04-24 20:10:59 11254 --a------ C:\WINDOWS\System32\locate.com
2008-04-24 20:10:37 0 d-------- C:\MGtools
2008-04-24 19:59:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-24 19:56:37 6656 --a------ C:\WINDOWS\System32\univrs32.dat
2008-04-24 19:55:24 6144 --a------ C:\WINDOWS\System32\cru629.dat
2008-04-24 19:55:24 6144 --a------ C:\WINDOWS\cru629.dat
2008-04-24 19:54:14 206 --a------ C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\delself.bat
2008-04-24 19:54:13 35328 --a------ C:\WINDOWS\System32\drivers\beep.sys
2008-04-24 19:42:02 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Malwarebytes
2008-04-24 19:20:42 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Malwarebytes
2008-04-24 19:20:32 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-24 19:20:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-24 19:19:54 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-24 19:12:42 0 d-------- C:\WinPFind3u
2008-04-24 19:12:01 0 d-------- C:\Rustbfix
2008-04-24 19:11:44 25600 --a------ C:\WINDOWS\System32\WS2Fix.exe
2008-04-24 19:11:44 289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-24 19:11:44 86528 --a------ C:\WINDOWS\System32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-24 19:11:44 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-24 19:11:44 82432 --a------ C:\WINDOWS\System32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-24 19:11:44 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2008-04-24 19:11:43 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-04-24 18:51:58 0 d-------- C:\Program Files\Alwil Software
2008-04-24 18:37:19 483328 --a------ C:\WINDOWS\System32\hphmon05.exe <Not Verified; Hewlett-Packard; HP Photosmart>
2008-04-24 18:37:19 52736 --a------ C:\WINDOWS\system\hpsysdrv.exe <Not Verified; Hewlett-Packard Company; hpsysdrv>
2008-04-24 18:15:23 0 dr-h----- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Recent
2008-04-24 18:14:34 0 d-------- C:\Program Files\CCleaner
2008-04-24 18:03:41 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-24 17:58:41 68096 --a------ C:\WINDOWS\zip.exe
2008-04-24 17:58:41 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-24 17:58:41 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-24 17:58:41 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-24 17:58:41 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-24 17:58:41 98816 --a------ C:\WINDOWS\sed.exe
2008-04-24 17:58:41 80412 --a------ C:\WINDOWS\grep.exe
2008-04-24 17:58:41 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-24 17:32:32 10752 --a------ C:\exefix_xp.com <Not Verified; ; ExeFix for Windows® XP>
2008-04-24 17:15:30 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-24 17:15:09 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-24 17:15:08 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\SUPERAntiSpyware.com
2008-04-24 17:14:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-23 05:13:48 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-22 18:56:37 0 d-------- C:\Program Files\Norton Security Scan
2008-04-22 18:38:21 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 18:19:20 0 dr-hs---- C:\cmdcons
2008-04-22 18:18:54 0 d-------- C:\WINDOWS\setupupd
2008-04-22 09:59:33 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\ErrorSmart
2008-04-22 09:52:45 0 dr-hs--c- C:\WINDOWS\System32\dllcache
2008-04-22 08:29:06 208896 --a------ C:\WINDOWS\System32\wmpns.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Player>
2008-04-22 08:27:24 175712 --a------ C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\GDIPFONTCACHEV1.DAT
2008-04-22 08:22:49 184386 --a------ C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\hpdj04 <Not Verified; HP; HP DeskJet>
2008-04-22 08:22:49 184386 --a------ C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\hpdj02 <Not Verified; HP; HP DeskJet>
2008-04-22 08:14:21 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Aim
2008-04-22 08:14:21 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\AdobeUM
2008-04-22 08:14:21 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Adobe
2008-04-22 08:14:20 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\LimeWire
2008-04-22 08:14:20 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Leadertech
2008-04-22 08:14:20 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\j2 Global
2008-04-22 08:14:20 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\InterVideo
2008-04-22 08:14:20 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\interMute
2008-04-22 08:14:20 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Identities
2008-04-22 08:14:20 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\HP
2008-04-22 08:14:20 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Help
2008-04-22 08:14:20 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Google
2008-04-22 08:14:20 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\funkitron
2008-04-22 08:14:20 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\FUJIFILM
2008-04-22 08:14:20 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Earthlink
2008-04-22 08:14:20 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\EarthLink Toolbar
2008-04-22 08:14:20 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Datalayer
2008-04-22 08:14:09 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Macromedia
2008-04-22 08:14:08 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Musicmatch
2008-04-22 08:14:08 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\MSN6
2008-04-22 08:14:08 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Mozilla
2008-04-22 08:14:08 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Motive
2008-04-22 08:14:07 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\PC Suite
2008-04-22 08:14:07 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Nokia
2008-04-22 08:14:07 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Nokia Multimedia Player
2008-04-22 08:14:06 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Sun
2008-04-22 08:14:06 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Sonic
2008-04-22 08:14:06 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Share-to-Web Upload Folder
2008-04-22 08:14:06 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\ScamBlocker
2008-04-22 08:14:06 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\SampleView
2008-04-22 08:14:06 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Real
2008-04-22 08:14:02 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Viewpoint
2008-04-22 08:14:02 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\TmpRecentIcons
2008-04-22 08:14:02 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Template
2008-04-22 08:14:02 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Symantec
2008-04-22 08:14:01 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Incomplete
2008-04-22 08:14:01 0 dr------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Favorites
2008-04-22 08:14:01 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Desktop
2008-04-22 08:14:01 0 d---s---- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Cookies
2008-04-22 08:14:01 0 dr-h----- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data
2008-04-22 08:14:01 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Yahoo!
2008-04-22 08:14:01 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Yahoo! Messenger
2008-04-22 08:14:01 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\WildTangent
2008-04-22 08:14:01 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Webshots
2008-04-22 08:13:57 0 d--h----- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\NetHood
2008-04-22 08:13:57 0 dr------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\My Documents
2008-04-22 08:13:57 0 d--h----- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Local Settings
2008-04-22 08:13:56 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\WINDOWS
2008-04-22 08:13:56 0 d---s---- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\UserData
2008-04-22 08:13:56 0 d--h----- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Templates
2008-04-22 08:13:56 0 dr------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Start Menu
2008-04-22 08:13:56 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Shared
2008-04-22 08:13:56 0 dr-h----- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\SendTo
2008-04-22 08:13:56 0 d--h----- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\PrintHood
2008-04-22 08:13:56 0 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Phone Browser
2008-04-22 08:13:56 1835008 --ah----- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\NTUSER.DAT
2008-04-22 07:55:04 10368 -----n--- C:\WINDOWS\System32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
2008-04-22 07:54:36 204800 --a------ C:\WINDOWS\System32\IVIresizeW7.dll
2008-04-22 07:54:36 188416 --a------ C:\WINDOWS\System32\IVIresizePX.dll
2008-04-22 07:54:36 192512 --a------ C:\WINDOWS\System32\IVIresizeP6.dll
2008-04-22 07:54:36 192512 --a------ C:\WINDOWS\System32\IVIresizeM6.dll
2008-04-22 07:54:36 200704 --a------ C:\WINDOWS\System32\IVIresizeA6.dll
2008-04-22 07:54:36 20480 --a------ C:\WINDOWS\System32\IVIresize.dll
2008-04-22 07:50:21 175712 --a----c- C:\Documents and Settings\Default User\Application Data\GDIPFONTCACHEV1.DAT
2008-04-22 07:30:03 184386 --a----c- C:\Documents and Settings\Default User\hpdj02 <Not Verified; HP; HP DeskJet>
2008-04-22 07:30:02 184386 --a----c- C:\Documents and Settings\Default User\hpdj04 <Not Verified; HP; HP DeskJet>
2008-04-22 07:20:43 0 d--hs---- C:\Documents and Settings\Default User\UserData
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Shared
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Phone Browser
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Incomplete
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Yahoo!
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Yahoo! Messenger
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\WildTangent
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Webshots
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Viewpoint
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\TmpRecentIcons
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Template
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Share-to-Web Upload Folder
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\ScamBlocker
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\PC Suite
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Nokia
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Nokia Multimedia Player
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Musicmatch
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\MSN6
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Mozilla
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Motive
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\LimeWire
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Leadertech
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\j2 Global
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\InterVideo
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\HP
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Help
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Google
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\funkitron
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\FUJIFILM
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Earthlink
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\EarthLink Toolbar
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Datalayer
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Aim
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\AdobeUM
2008-04-22 07:20:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Adobe
2008-04-21 22:12:49 0 d-------- C:\Program Files\Windows Sidebar
2008-04-21 19:40:16 0 d-------- C:\Documents and Settings\Guest\Application Data\PC Suite
2008-04-17 11:14:31 0 d-------- C:\Program Files\Common Files\PCSuite
2008-04-17 11:14:31 0 d-------- C:\Program Files\Common Files\Nokia
2008-04-01 13:54:08 0 d-------- C:\Program Files\Cablenut
-- Find3M Report ---------------------------------------------------------------
2008-04-24 19:28:25 0 d-------- C:\Program Files\Wxvwgbtk
2008-04-24 19:19:54 0 d-------- C:\Program Files\Common Files
2008-04-24 18:48:50 0 d-------- C:\Program Files\Multimedia Card Reader
2008-04-24 18:22:22 3678 --a------ C:\WINDOWS\System32\tmp.reg
2008-04-24 18:18:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-23 04:27:13 0 d-------- C:\Program Files\Norton AntiVirus
2008-04-23 04:23:51 0 d-------- C:\Program Files\Google
2008-04-22 10:06:23 0 d-------- C:\Program Files\Windows NT
2008-04-22 10:06:20 0 d-------- C:\Program Files\Movie Maker
2008-04-22 10:06:20 0 d-------- C:\Program Files\Messenger
2008-04-22 09:01:51 3884 --a----c- C:\WINDOWS\viassary-hp.reg
2008-04-22 09:01:33 0 d-------- C:\Program Files\Easy Internet signup
2008-04-22 08:57:24 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-22 06:13:49 0 d-------- C:\Program Files\The Cleaner
2008-04-17 15:01:59 7160 --a------ C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\NMM-MetaData.db
2008-04-17 11:14:30 0 d-------- C:\Program Files\Nokia
2008-03-24 14:09:57 0 d-------- C:\Program Files\Common Files\Adobe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2008-04-24 18:37]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-04-24 18:37]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-24 18:37]
"AGRSMMSG"="AGRSMMSG.exe" [2003-12-12 22:54 C:\WINDOWS\AGRSMMSG.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 21:35 C:\WINDOWS\ALCXMNTR.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00]
"WinReanimator"="C:\Program Files\WinReanimator\WinReanimator.exe" [2008-02-29 23:45]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-24 18:37]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-04-24 18:37]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"jdgf894jrghoiiskd"=C:\WINDOWS\TEMP\winlogan.exe
"Service Pack 1"=C:\WINDOWS\System32\vedxg6ame4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"EnableLUA"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 11:55 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"lDbygiFghaRNwYW"= {44A7743A-EE0D-DE90-4441-CB946BE9BCEF} - C:\WINDOWS\System32\kpdfw.dll [2002-08-29 05:00 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 11:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jmq57.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\psexesvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xce13.sys]
@="Driver"
-- End of Deckard's System Scanner: finished at 2008-04-25 12:00:26 ------------