Deckard's System Scanner v20071014.68
Run by Administrator on 2008-01-20 11:09:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 4 Restore Point(s) --
4: 2008-01-20 17:09:52 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-01-20 11:47:46 UTC - RP3 - Software Distribution Service 3.0
2: 2008-01-20 10:53:55 UTC - RP2 - ComboFix created restore point
1: 2008-01-20 10:53:10 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Administrator.exe) ---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:01 AM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 2285 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080115-140124-137 O4 - HKCU\..\RunOnce: [SpybotDeletingB913] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
backup-20080115-140124-154 O4 - HKLM\..\RunOnce: [SpybotDeletingC906] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
backup-20080115-140124-216 O4 - HKCU\..\RunOnce: [SpybotDeletingD8277] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
backup-20080115-140124-222 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20080115-140124-225 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20080115-140124-256 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
backup-20080115-140124-370 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
backup-20080115-140124-374 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
backup-20080115-140124-408 O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
backup-20080115-140124-429 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080115-140124-468 O2 - BHO: (no name) - {95ACA637-65AC-3355-8B29-3AE600860CE5} - C:\WINDOWS\system32\utv.dll (file missing)
backup-20080115-140124-483 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
backup-20080115-140124-485 O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
backup-20080115-140124-551 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
backup-20080115-140124-609 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
backup-20080115-140124-622 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896backup-20080115-140124-654 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20080115-140124-714 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
backup-20080115-140124-832 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157backup-20080115-140124-843 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896backup-20080115-140124-913 O4 - HKLM\..\RunOnce: [SpybotDeletingA4634] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
backup-20080115-140124-921 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20080115-140124-959 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080115-140124-988 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157backup-20080115-140125-131 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20080115-140125-160 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
backup-20080115-140125-227 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} -
http://www.nvidia.co...iaSmartScan.cabbackup-20080115-140125-322 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
backup-20080115-140125-334 O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
backup-20080115-140125-352 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204backup-20080115-140125-440 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20080115-140125-461 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080115-140125-467 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
backup-20080115-140125-504 O20 - Winlogon Notify: pmnnnno - pmnnnno.dll (file missing)
backup-20080115-140125-629 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
backup-20080115-140125-824 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080115-140125-864 O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20080115-140125-873 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
backup-20080115-140141-142 O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
backup-20080115-140141-200 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
backup-20080115-140141-403 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20080115-140141-512 O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
backup-20080115-140141-755 O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
backup-20080115-140141-809 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
backup-20080116-035328-149 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
backup-20080116-035328-160 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080116-035328-243 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080116-035328-335 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
backup-20080116-035328-940 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20080116-035747-170 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20080116-035747-301 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080116-035747-892 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
backup-20080116-035747-949 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
backup-20080116-035759-462 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
backup-20080116-035759-639 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20080116-035759-729 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
backup-20080116-091818-838 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080116-091818-892 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080117-233629-244 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080117-233629-276 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
backup-20080117-233629-454 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20080117-233629-464 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080117-233629-543 O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
backup-20080117-233629-639 O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
backup-20080117-233629-742 O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
backup-20080117-233629-891 O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
backup-20080120-042919-928 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080120-045330-132 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080120-045330-238 O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
backup-20080120-045330-285 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
backup-20080120-045330-548 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20080120-045330-634 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896backup-20080120-045330-666 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157backup-20080120-045330-794 O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
backup-20080120-045330-801 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080120-045330-809 O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
backup-20080120-045330-843 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896backup-20080120-045330-854 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157backup-20080120-045330-933 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =
http://go.microsoft....k/?LinkId=54843backup-20080120-045330-937 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 usbcamdd - c:\windows\system32\drivers\usbcamdd.sys
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 catchme - c:\docume~1\admini~1\locals~1\temp\catchme.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S4 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_03EB&SUBSYS_2A61103C&REV_A2\3&2411E6FE&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_03EB&SUBSYS_2A61103C&REV_A2\3&2411E6FE&0&09
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_10DE&DEV_03F2&SUBSYS_2A61103C&REV_A3\3&2411E6FE&0&11
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_10DE&DEV_03F2&SUBSYS_2A61103C&REV_A3\3&2411E6FE&0&11
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Other PCI Bridge Device
Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_2A61103C&REV_A2\3&2411E6FE&0&38
Manufacturer:
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_2A61103C&REV_A2\3&2411E6FE&0&38
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-01-20 10:56:21 464 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2008-01-20 04:59:49 378 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
-- Files created between 2007-12-20 and 2008-01-20 -----------------------------
2008-01-20 05:51:14 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-01-20 05:51:12 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-01-20 05:07:20 1286 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-20 05:06:42 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-20 05:06:42 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-01-20 05:06:42 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-01-20 05:06:42 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-01-20 05:06:42 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-01-20 05:06:42 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-20 04:59:47 0 d-------- C:\Program Files\XoftSpySE
2008-01-20 04:27:51 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-01-20 04:12:41 0 d-------- C:\WINDOWS\ERUNT
2008-01-20 02:07:25 0 dr-h----- C:\$VAULT$.AVG
2008-01-16 08:34:03 0 d-------- C:\Program Files\Spyware Doctor
2008-01-16 08:34:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-01-16 08:23:06 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-16 08:17:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-16 03:57:02 0 d--hs---- C:\WINDOWS\CSC
2008-01-16 00:00:18 0 d-------- C:\WINDOWS\system32\LogFiles
2008-01-15 14:05:53 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-01-15 14:05:27 0 d-------- C:\WINDOWS\Sun
2008-01-15 14:05:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-01-15 14:00:24 0 d-------- C:\Program Files\Trend Micro
2008-01-15 13:45:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-01-15 02:44:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-01-15 02:44:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-15 02:44:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-15 02:14:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-15 01:40:15 86144 --a------ C:\WINDOWS\system32\drivers\usbcamdd.sys
2008-01-15 01:31:46 0 d-------- C:\Program Files\Symantec
2008-01-15 01:21:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2008-01-15 00:54:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinBatch
2008-01-14 17:32:52 0 d-------- C:\WINDOWS\network diagnostic
2008-01-14 17:30:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-01-14 11:50:43 0 d-------- C:\ebay
2008-01-14 02:00:16 0 d-------- C:\WINDOWS\system32\PreInstall
2008-01-14 02:00:15 0 d--h----- C:\WINDOWS\$hf_mig$
2008-01-14 01:56:37 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-01-14 01:19:09 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-13 22:36:09 0 d-------- C:\Program Files\Safer Networking
2008-01-13 22:33:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-13 21:15:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-01-13 21:15:40 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-10 09:54:26 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 09:54:26 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-10 09:54:26 0 d-------- C:\Program Files\Xvid
2008-01-10 09:43:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2008-01-10 09:31:28 0 d-------- C:\Program Files\VideoLAN
2008-01-10 03:06:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-01-10 03:05:59 0 d-------- C:\Program Files\DivX
2008-01-09 21:25:46 0 d--hs---- C:\Documents and Settings\Administrator\UserData
2008-01-08 10:23:59 0 d-------- C:\Program Files\DFX
2008-01-08 10:23:09 0 d-------- C:\WINDOWS\RegisteredPackages
2008-01-08 10:22:50 0 d-------- C:\Program Files\Winamp
2008-01-07 17:36:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\acccore
2008-01-07 17:35:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-07 17:35:54 0 d-------- C:\Program Files\Viewpoint
2008-01-07 17:35:51 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-07 17:35:50 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-01-07 17:35:38 0 d-------- C:\Program Files\Common Files\AOL
2008-01-07 17:35:35 0 d-------- C:\Program Files\AIM6
2008-01-07 08:50:29 0 d-------- C:\partys
2008-01-07 08:22:34 0 d-------- C:\Program Files\eBay
2008-01-07 08:22:34 0 d-------- C:\Documents and Settings\All Users\eBay
2008-01-07 08:22:00 0 d-------- C:\WINDOWS\system32\Lang
2008-01-07 08:20:28 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-01-07 08:20:16 0 d-------- C:\WINDOWS\system32\RTCOM
2008-01-07 08:19:45 0 d-------- C:\Program Files\Realtek
2008-01-07 08:19:42 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-01-07 08:19:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-07 08:18:46 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-01-07 08:18:05 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-01-07 08:17:57 0 d-------- C:\WINDOWS\Prefetch
2008-01-07 08:14:02 0 d-------- C:\WINDOWS\peernet
2008-01-07 08:14:01 0 d-------- C:\WINDOWS\provisioning
2008-01-07 08:13:23 0 d-------- C:\WINDOWS\ServicePackFiles
2008-01-07 08:11:48 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-01-07 08:10:29 0 d-------- C:\WINDOWS\EHome
2008-01-07 08:06:12 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-01-07 07:54:47 0 d-------- C:\mp3
2008-01-07 07:54:47 0 d-------- C:\Incomplete
2008-01-07 07:54:37 0 d-------- C:\Documents and Settings\Administrator\Incomplete
2008-01-07 07:54:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-01-07 07:54:18 0 d-------- C:\Program Files\Yahoo!
2008-01-07 07:54:14 0 d-------- C:\Program Files\CCleaner
2008-01-07 07:52:24 0 d-------- C:\Program Files\Java
2008-01-07 07:52:05 0 d-------- C:\Program Files\Common Files\Java
2008-01-07 07:51:37 0 d-------- C:\Program Files\LimeWire
2008-01-07 07:50:31 40960 --a------ C:\WINDOWS\system32\eetransx.exe <Not Verified; evidence-eliminator.com; Evidence Eliminator ™>
2008-01-07 07:50:31 61440 --a------ C:\WINDOWS\system32\Eeshellx.dll <Not Verified; evidence-eliminator.com; Evidence Eliminator ™>
2008-01-07 07:50:31 118784 --a------ C:\WINDOWS\system32\EEGenFn1.dll <Not Verified; Robin Hood Software Ltd; EEGenfn1>
2008-01-07 07:50:30 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-01-07 07:50:30 0 d-------- C:\Program Files\Evidence Eliminator
2008-01-07 07:49:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-01-07 07:41:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-01-07 07:41:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-01-07 07:41:35 1158 --a------ C:\WINDOWS\mozver.dat
2008-01-07 07:37:02 0 d-------- C:\WINDOWS\nview
2008-01-07 07:30:38 0 d-------- C:\Program Files\uTorrent
2008-01-07 07:30:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-01-07 07:16:41 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-07 07:16:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-01-07 07:10:44 0 d-------- C:\WINDOWS\win98
2008-01-07 07:10:18 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-01-07 07:10:00 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-01-07 07:10:00 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-01-07 07:09:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-07 07:09:56 0 d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2008-01-07 07:09:55 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-07 07:06:24 0 d--hs---- C:\WINDOWS\Installer
2008-01-07 07:06:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-01-07 07:06:16 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-01-07 07:06:16 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-07 07:06:16 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-01-07 07:06:16 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-07 07:06:15 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-07 07:06:15 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-07 07:06:15 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-07 07:06:15 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-07 07:06:15 1572864 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-07 07:06:15 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-07 07:06:15 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-01-07 07:06:15 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-07 07:06:12 0 d--hs---- C:\System Volume Information
2008-01-07 07:06:11 233472 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-01-07 07:06:11 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-01-07 07:06:11 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-01-07 07:06:11 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-01-07 07:06:11 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-01-07 07:06:11 233472 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-01-07 07:06:11 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-01-07 07:06:11 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-01-07 07:06:11 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-01-07 07:06:11 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-01-07 07:02:51 0 d-------- C:\WINDOWS\system32\xircom
2008-01-07 07:02:51 0 d-------- C:\Program Files\microsoft frontpage
2008-01-07 07:02:42 233472 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-01-07 07:02:37 0 -rahs---- C:\MSDOS.SYS
2008-01-07 07:02:37 0 -rahs---- C:\IO.SYS
2008-01-07 07:02:37 0 --a------ C:\CONFIG.SYS
2008-01-07 07:02:37 0 --a------ C:\AUTOEXEC.BAT
2008-01-07 07:02:04 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-01-07 07:01:59 0 dr------- C:\WINDOWS\Offline Web Pages
2008-01-07 07:01:59 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-01-07 07:01:44 0 d-------- C:\WINDOWS\srchasst
2008-01-07 07:01:38 0 d-------- C:\WINDOWS\system32\DirectX
2008-01-07 07:01:37 0 d-------- C:\WINDOWS\system32\Macromed
2008-01-07 07:01:26 0 d-------- C:\Program Files\Movie Maker
2008-01-07 07:01:00 0 d-------- C:\WINDOWS\system32\Restore
2008-01-07 07:00:54 0 d-------- C:\WINDOWS\PCHEALTH
2008-01-07 07:00:48 0 d---s---- C:\WINDOWS\Tasks
2008-01-07 07:00:45 0 d-------- C:\Program Files\Common Files\MSSoap
2008-01-07 07:00:22 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-07 07:00:08 0 d-------- C:\WINDOWS\Registration
2008-01-07 07:00:02 0 d--h----- C:\Program Files\WindowsUpdate
2008-01-07 07:00:02 0 d-------- C:\Program Files\Online Services
2008-01-07 06:59:56 0 d-------- C:\Program Files\Messenger
2008-01-07 06:59:48 0 d-------- C:\Program Files\MSN Gaming Zone
2008-01-07 06:59:38 0 d-------- C:\Program Files\Windows NT
2008-01-07 06:59:26 0 d-------- C:\WINDOWS\system32\MsDtc
2008-01-07 06:59:24 0 d-------- C:\WINDOWS\system32\Com
2008-01-07 06:56:13 0 d-------- C:\Program Files\Common Files\ODBC
2008-01-07 06:56:11 0 dr------- C:\Program Files
2008-01-07 06:56:11 0 d-------- C:\Program Files\Common Files
2008-01-07 06:56:11 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-01-07 06:55:50 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-01-07 06:55:50 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-01-07 06:55:50 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-01-07 06:55:50 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-01-07 06:55:50 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-01-07 06:55:50 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-01-07 06:55:50 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-01-07 06:55:50 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-01-07 06:55:50 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-01-07 06:55:50 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-01-07 06:55:50 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-01-07 06:55:50 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-01-07 06:55:50 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-01-07 06:55:50 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-01-07 06:55:50 0 dr------- C:\Documents and Settings\All Users\Documents
2008-01-07 06:55:50 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-01-07 06:55:42 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-01-07 06:55:42 0 d-------- C:\WINDOWS\system32\CatRoot
2008-01-07 06:55:37 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-01-07 06:55:37 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-01-07 06:55:37 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-01-07 06:55:37 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-01-07 06:55:25 0 d-------- C:\Documents and Settings
2008-01-07 06:52:13 0 d-------- C:\WINDOWS
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\WinSxS
2008-01-07 06:52:13 0 dr------- C:\WINDOWS\Web
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\twain_32
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\wins
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\wbem
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\usmt
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\spool
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\ShellExt
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\Setup
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\ras
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\oobe
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\npp
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\mui
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\inetsrv
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\IME
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\icsxml
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\ias
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\export
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\drivers
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-01-07 06:52:13 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\dhcp
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\config
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\3076
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\2052
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\1054
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\1042
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\1041
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\1037
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\1033
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\1031
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\1028
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system32\1025
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\system
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\security
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\Resources
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\repair
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\mui
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\msapps
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\msagent
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\Media
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\java
2008-01-07 06:52:13 0 d--h----- C:\WINDOWS\inf
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\ime
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\Help
2008-01-07 06:52:13 0 dr--s---- C:\WINDOWS\Fonts
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\Driver Cache
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\Debug
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\Cursors
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\Connection Wizard
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\Config
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\AppPatch
2008-01-07 06:52:13 0 d-------- C:\WINDOWS\addins
2008-01-04 15:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 15:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 15:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 15:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 15:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 15:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 15:57:10 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 15:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
-- Find3M Report ---------------------------------------------------------------
2008-01-07 06:55:50 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2007-12-19 13:59:04 1044480 -ra------ C:\WINDOWS\system32\roboex32.dll <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9.2>
2007-12-19 13:59:04 49152 -ra------ C:\WINDOWS\system32\inetwh32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/04/2007 11:14 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HijackThis startup scan"="C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" [01/15/2008 02:00 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 06:56 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- End of Deckard's System Scanner: finished at 2008-01-20 11:10:57 ------------
Sign In
Create Account
