DSS Main.txt
Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-03 16:51:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
26: 2008-05-03 21:52:01 UTC - RP167 - Deckard's System Scanner Restore Point
25: 2008-05-03 08:00:32 UTC - RP166 - Software Distribution Service 3.0
24: 2008-05-02 08:00:52 UTC - RP165 - Software Distribution Service 3.0
23: 2008-05-01 20:22:05 UTC - RP164 - Software Distribution Service 3.0
22: 2008-05-01 20:20:14 UTC - RP163 - Software Distribution Service 3.0
-- First Restore Point --
1: 2008-04-18 01:08:08 UTC - RP142 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:53:44 PM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.homepagec...sn.com/?wl=trueR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {301AA8B2-AAC5-495F-9CF3-F217EB813C8A} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6A74B6DF-174F-4853-B343-F865BA5AC029} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1006.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx...owserPlugin.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{107F7F51-BC08-40C6-A2F5-9C9DB80ABD21}: NameServer = 66.21.97.115,66.21.97.117
O17 - HKLM\System\CCS\Services\Tcpip\..\{526F7D45-CF53-4F3A-A3B1-A632C28DEBC9}: NameServer = 6.21.97.115,66.21.97.117
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F932784-93F3-4CBB-BAAE-3A302C8C37E2}: NameServer = 66.21.97.115,66.21.97.117
O17 - HKLM\System\CS1\Services\Tcpip\..\{107F7F51-BC08-40C6-A2F5-9C9DB80ABD21}: NameServer = 66.21.97.115,66.21.97.117
O20 - Winlogon Notify: qomlijh - qomlijh.dll (file missing)
O21 - SSODL: zip - {675e5d08-a3a0-4d3a-835f-79ab6a8de289} - (no file)
O21 - SSODL: UnknownChk - {7fccdd79-6ca8-424a-82eb-cda83d63b095} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Buddy Central Service 2 (BuddyCentralService) - Unknown owner - C:\Gunbound\Server\BuddyCenter\BuddyCenter2.exe (file missing)
O23 - Service: Buddy Service 2 (BuddyService) - Unknown owner - C:\Gunbound\Server\BuddyServ\BuddyServ2.exe (file missing)
O23 - Service: GunBound central service with database middleware funtionality (GunBound Central Service) - Unknown owner - C:\Gunbound\Server\Center\GunBoundCenter2.exe (file missing)
O23 - Service: GunBoundServ[8360] - Unknown owner - C:\Gunbound\Server\Gunbound8360\GunBoundServ2.exe (file missing)
O23 - Service: NVSvc - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - (no file)
--
End of file - 5663 bytes
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - "regedit.exe" "%1"-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SSHDRV65 - c:\windows\system32\drivers\sshdrv65.sys
R2 SVKP - c:\windows\system32\svkp.sys <Not Verified; AntiCracking; SVKP driver for NT>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
S2 NdisFileServices32 - c:\windows\system32\drivers\qnpfkn.sys (file missing)
S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
S2 zntport (NTPort Library Driver) - c:\windows\system32\zntport.sys (file missing)
S3 CEDRIVER51 - c:\documents and settings\owner\desktop\memhack 2.0.7.1j\dbk32.sys (file missing)
S3 CEDRIVER52 - c:\program files\cheat engine\dbk32.sys (file missing)
S3 DRIVER1111 - c:\documents and settings\owner\desktop\blowie\blowie32.sys (file missing)
S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 Dual2 - c:\documents and settings\owner\desktop\1008 aimbot+bypass-1\1008 aimbot+bypass\universalbypass\dual2.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 Engine - c:\documents and settings\owner\desktop\astrv135\asprstripperxp_v135\engine.sys (file missing)
S3 IlvMoneyDRIVER53 - c:\documents and settings\owner\desktop\ilvmoney1083.sys (file missing)
S3 IRIS5 (IRIS5 Protocol Driver) - c:\windows\system32\iris5.sys <Not Verified; eEye Digital Security; Iris Driver>
S3 PCD65X2 - c:\docume~1\owner\locals~1\temp\pcd65x2.sys (file missing)
S3 PCD65X3 - c:\docume~1\owner\locals~1\temp\pcd65x3.sys (file missing)
S3 PCD65X4 - c:\docume~1\owner\locals~1\temp\pcd65x4.sys (file missing)
S3 PCD65X5 - c:\docume~1\owner\locals~1\temp\pcd65x5.sys (file missing)
S3 PCD65X6 - c:\docume~1\owner\locals~1\temp\pcd65x6.sys (file missing)
S3 projectx1 - c:\documents and settings\owner\desktop\projectx_4.0 engine\projectx_4.0 engine\felipeze.sys (file missing)
S3 Revolution1 - c:\documents and settings\owner\desktop\revolution_engine_8.3_shak3\revolution_engine_8.3_shak3\shak3.sys (file missing)
S3 SoRa1 - c:\documents and settings\owner\desktop\sora_engine_2.3__1058_\sora engine 2.3\sora23.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S3 BuddyCentralService (Buddy Central Service 2) - c:\gunbound\server\buddycenter\buddycenter2.exe (file missing)
S3 BuddyService (Buddy Service 2) - c:\gunbound\server\buddyserv\buddyserv2.exe (file missing)
S3 GunBound Central Service (GunBound central service with database middleware funtionality) - c:\gunbound\server\center\gunboundcenter2.exe (file missing)
S3 GunBoundServ[8360] - c:\gunbound\server\gunbound8360\gunboundserv2.exe (file missing)
S4 BNBT Service - c:\documents and settings\owner\desktop\animetracker\bnbt.exe -s (file missing)
S4 FontCache3.0.0.0 (Windows Presentation Foundation Font Cache 3.0.0.0) - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe (file missing)
S4 gusvc (Google Updater Service) - "c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing)
S4 IDriverT (InstallDriver Table Manager) - "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe" (file missing)
S4 idsvc (Windows CardSpace) - "c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe" (file missing)
S4 LightScribeService (LightScribeService Direct Disc Labeling Service) - "c:\program files\common files\lightscribe\lssrvc.exe" (file missing)
S4 Macromedia Licensing Service - "c:\program files\common files\macromedia shared\service\macromedia licensing.exe" (file missing)
S4 MDM - "c:\program files\common files\microsoft shared\vs7debug\mdm.exe" (file missing)
S4 MySQL - "c:\program files\mysql\mysql server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 5.0\my.ini" mysql (file missing)
S4 NetTcpPortSharing (Net.Tcp Port Sharing Service) - "c:\windows\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe" (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Loopback Adapter
Device ID: ROOT\NET\0000
Manufacturer: Microsoft
Name: Microsoft Loopback Adapter
PNP Device ID: ROOT\NET\0000
Service: msloop
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_MAGICISO&PROD_VIRTUAL_DVD-ROM&REV_1.0A\1&2AFD7D61&0&0000
Manufacturer: (Standard CD-ROM drives)
Name: MagicISO Virtual DVD-ROM0000
PNP Device ID: SCSI\CDROM&VEN_MAGICISO&PROD_VIRTUAL_DVD-ROM&REV_1.0A\1&2AFD7D61&0&0000
Service: cdrom
-- Files created between 2008-04-03 and 2008-05-03 -----------------------------
2008-05-03 16:27:11 0 d-------- C:\Program Files\Trend Micro
2008-05-02 21:27:15 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-04-28 12:28:00 0 d-------- C:\Program Files\MSXML 4.0
2008-04-28 12:00:32 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-28 12:00:14 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-28 12:00:11 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-28 12:00:07 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-28 11:11:47 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-28 06:57:58 514509 --ahs---- C:\WINDOWS\system32\nnXwyJjl.ini2
2008-04-27 23:00:14 514777 --ahs---- C:\WINDOWS\system32\klVwGfhk.ini2
2008-04-27 21:04:08 515624 --ahs---- C:\WINDOWS\system32\DKQsBJjl.ini2
2008-04-27 13:06:31 515738 --ahs---- C:\WINDOWS\system32\ppqsYJjl.ini2
2008-04-26 13:55:04 0 d-------- C:\Program Files\Common Files\Corel
2008-04-26 12:56:51 0 d-------- C:\Program Files\WMA-MP3.com
2008-04-26 02:24:20 0 d-------- C:\Documents and Settings\Owner\.gimp-2.4
2008-04-26 02:22:00 0 d-------- C:\Program Files\GIMP-2.0
2008-04-26 02:19:36 518735 --ahs---- C:\WINDOWS\system32\efLkkUtv.ini2
2008-04-25 13:27:20 516203 --ahs---- C:\WINDOWS\system32\WyHjQtwa.ini2
2008-04-25 12:14:55 521026 --ahs---- C:\WINDOWS\system32\NWHjPqru.ini2
2008-04-25 11:45:41 94208 --a------ C:\WINDOWS\system32\bepsnwxw.exe
2008-04-25 11:08:52 418600 --ahs---- C:\WINDOWS\system32\StwHRXbc.ini2
2008-04-25 03:45:15 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-24 03:22:41 420625 --ahs---- C:\WINDOWS\system32\iRqrAJlm.ini2
2008-04-24 03:17:31 0 d-------- C:\WINDOWS\system32\814810
2008-04-24 03:11:54 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-04-24 02:59:52 0 d-------- C:\Documents and Settings\Owner\Application Data\DAEMON Tools
2008-04-20 15:19:01 0 d-------- C:\Program Files\Free WMA to MP3 Converter
2008-04-16 02:36:46 0 d-------- C:\Program Files\Alwil Software
2008-04-06 17:49:42 0 d-------- C:\WINDOWS\system32\209789
2008-04-05 12:35:36 0 d-------- C:\sysreset
-- Find3M Report ---------------------------------------------------------------
2008-05-03 15:30:20 0 d-------- C:\Program Files\Zoom Player
2008-04-28 10:14:56 18046 --ahs--c- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-27 19:17:30 0 d-------- C:\Program Files\Combined Community Codec Pack
2008-04-27 19:08:15 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-04-26 14:06:49 168 -r-hs---- C:\WINDOWS\system32\9E0F16F7B7.sys
2008-04-26 14:06:21 0 d-------- C:\Documents and Settings\Owner\Application Data\Corel
2008-04-26 13:55:04 0 d-------- C:\Program Files\Common Files
2008-04-26 13:55:03 0 d-------- C:\Program Files\Corel
2008-04-25 16:01:22 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-25 15:18:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-04-25 13:08:58 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-04-25 13:00:07 0 d-------- C:\Program Files\blcorp
2008-04-18 17:18:22 0 d-------- C:\Program Files\Audacity
2008-04-10 14:02:41 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-04-03 13:13:15 0 d-------- C:\Program Files\LimeWire
2008-04-03 12:42:02 0 d-------- C:\Program Files\Metacafe
2008-04-01 04:22:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-03-31 21:56:24 0 d-------- C:\Program Files\DivX
2008-03-31 21:55:59 0 d-------- C:\Program Files\AC3Filter
2008-03-29 19:36:26 164 --a------ C:\install.dat
2008-03-28 19:19:44 303104 --a------ C:\WINDOWS\fkdnrwsv.dll
2008-03-24 04:33:23 0 d-------- C:\Documents and Settings\Owner\Application Data\MySpace
2008-03-24 04:33:15 0 d-------- C:\Program Files\MySpace
2008-03-20 20:59:41 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-03-20 19:27:10 0 d-------- C:\Program Files\HHD Software
2008-03-19 18:58:18 0 d-------- C:\Program Files\ffdshow
2008-03-14 16:47:47 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-03-13 17:21:36 0 d-------- C:\Program Files\Opera
2008-03-12 05:53:13 0 d-------- C:\Documents and Settings\Owner\Application Data\Business Logic
2008-03-12 05:49:22 0 d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2008-03-12 05:44:38 881 --a------ C:\Program Files\WinCleaner OneClick CleanUp.lnk <WINCLE~1.LNK>
2008-03-12 05:44:36 0 d-------- C:\Program Files\Business Logic Corporation
2008-03-12 04:28:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Winamp2
2008-03-12 04:28:15 0 d-------- C:\Program Files\Winamp2
2008-03-12 03:49:30 0 d-------- C:\Documents and Settings\Owner\Application Data\.BitTornado
2008-03-12 03:47:53 0 d-------- C:\Program Files\BitTornado
2008-03-12 00:13:33 0 d-------- C:\Program Files\Avi2Dvd
2008-03-11 23:51:49 0 d-------- C:\Program Files\Image-Line
2008-03-11 23:49:27 0 d-------- C:\Program Files\VstPlugins
2008-03-11 23:47:17 0 d-------- C:\Documents and Settings\Owner\Application Data\Dev-Cpp
2008-03-11 23:45:55 0 d-------- C:\Program Files\Azureus
2008-03-11 23:27:09 0 d-------- C:\Program Files\WinZip2
2008-03-11 23:27:06 0 d-------- C:\Program Files\Windows NT
2008-03-11 23:27:03 0 d-------- C:\Program Files\Winamp
2008-03-11 23:27:03 0 d-------- C:\Program Files\Web Publish
2008-03-11 23:27:03 0 d-------- C:\Program Files\VirtualDub-1.5.6
2008-03-11 23:26:58 0 d-------- C:\Program Files\SHOUTcast
2008-03-11 23:26:58 0 d-------- C:\Program Files\SetSpeed
2008-03-11 23:26:57 0 d-------- C:\Program Files\QuickTime
2008-03-11 23:26:57 0 d-------- C:\Program Files\PolyFinder
2008-03-11 23:25:59 0 d-------- C:\Program Files\Iris
2008-03-11 23:25:56 0 d-------- C:\Program Files\HashTab Shell Extension
2008-03-11 23:25:55 0 d-------- C:\Program Files\GSpot
2008-03-11 23:25:53 0 d-------- C:\Program Files\Far
2008-03-11 23:25:49 0 d-------- C:\Program Files\EasyPHP1-8
2008-03-11 23:25:40 0 d-------- C:\Program Files\Common Files\Motive
2008-03-11 23:25:36 0 d-------- C:\Program Files\Common Files\LightScribe
2008-03-11 23:25:28 0 d-------- C:\Program Files\CIF USB Camera
2008-03-11 23:25:27 0 d-------- C:\Program Files\CD Audio Reader Filter
2008-03-11 23:24:45 0 d-------- C:\Program Files\Abyss Web Server
2008-03-11 23:24:45 0 d-------- C:\Program Files\7-Zip
2008-03-11 21:30:18 0 d--h----- C:\Documents and Settings\Owner\Application Data\Hangame
2008-03-11 21:29:23 0 d-------- C:\Program Files\sysreset
2008-03-11 19:37:59 306 --a------ C:\WINDOWS\system32\c3bfc44.exe
2008-03-11 18:28:28 306 --a------ C:\WINDOWS\system32\bfc692f.exe
2008-03-11 18:28:27 306 --a------ C:\WINDOWS\system32\bfc6556.exe
2008-03-11 16:09:28 306 --a------ C:\WINDOWS\system32\b7d2624.exe
2008-03-11 14:36:40 306 --a------ C:\WINDOWS\system32\b2818f3.exe
2008-03-10 16:50:14 306 --a------ C:\WINDOWS\system32\67c1c86.exe
2008-03-10 16:50:13 306 --a------ C:\WINDOWS\system32\67c18fc.exe
2008-03-09 20:56:19 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-03-09 20:56:19 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-03-06 00:31:51 0 d-------- C:\Program Files\Java
2008-03-03 18:33:56 20992 --a------ C:\WINDOWS\system32\12a22e0.exe
2008-03-03 18:10:39 20992 --a------ C:\WINDOWS\system32\114e418.exe
2008-03-03 17:12:28 20992 --a------ C:\WINDOWS\system32\df56dd.exe
2008-03-03 17:12:06 23666 --a------ C:\WINDOWS\system32\dee065.exe
2008-03-03 15:15:20 20992 --a------ C:\WINDOWS\system32\7466c4.exe
2008-03-03 14:28:15 20992 --a------ C:\WINDOWS\system32\494f07.exe
2008-03-03 14:05:22 20992 --a------ C:\WINDOWS\system32\3437ad.exe
2008-03-03 10:39:19 306 --a------ C:\WINDOWS\system32\c08ee.exe
2008-03-03 09:54:55 0 d-------- C:\Program Files\MSBuild
2008-03-03 09:54:36 0 d-------- C:\Program Files\Reference Assemblies
2008-03-03 09:46:31 0 d-------- C:\Program Files\MSXML 6.0
2008-02-29 15:47:35 18 --ahs---- C:\WINDOWS\system32\TMyUpdate.dll
2008-02-29 15:47:35 62 --ahs---- C:\WINDOWS\system32\TMyGeneric.dll
2008-02-29 15:45:06 262 --ahs---- C:\WINDOWS\TMy.dll
2008-02-20 21:05:44 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-20 21:04:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-02-20 21:04:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-20 21:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-02-20 21:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 21:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 21:04:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 21:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{301AA8B2-AAC5-495F-9CF3-F217EB813C8A}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A74B6DF-174F-4853-B343-F865BA5AC029}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 12:37 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [02/01/2008 03:32 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"D1sableTaskMgr"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomlijh]
qomlijh.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtUkkLfe
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Metacafe.lnk]
backup=C:\WINDOWS\pss\Metacafe.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!1_pgaccount]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!1_ProcessGuard_Startup]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AbyssWebServer]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bjh2vaja]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMcfd0f0f0]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cce3c36c]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
"C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daedjw]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dzjjmvtw]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Cleaner]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyWay]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\services]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"InCDsrv"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"seclogon"=2 (0x2)
"SbieSvc"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ose"=3 (0x3)
"gusvc"=3 (0x3)
"AVGEMS"=2 (0x2)
"aawservice"=3 (0x3)
"WZCSVC"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"Spooler"=2 (0x2)
"SharedAccess"=2 (0x2)
"O&O Defrag"=3 (0x3)
"MySQL"=2 (0x2)
"LightScribeService"=2 (0x2)
"SBCSSvc"=3 (0x3)
"MDM"=3 (0x3)
"usnjsvc"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"ProtexisLicensing"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f2f35eb-be60-11dc-a9fa-0010b54862a2}]
AutoRun\command- G:\Autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8300 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-05-03 16:54:37 ------------