Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-24 11:15:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
15: 2008-07-24 15:57:40 UTC - RP28 - Windows Update
14: 2008-07-24 09:19:57 UTC - RP23 - Installed Creative ALchemy (X-Fi Edition)
13: 2008-07-24 09:16:57 UTC - RP21 - Installed Creative MediaSource 5
12: 2008-07-24 09:15:32 UTC - RP19 - Installed Creative Software AutoUpdate
11: 2008-07-24 09:15:13 UTC - RP17 - Installed Host OpenAL
-- First Restore Point --
1: 2008-07-24 08:31:14 UTC - RP24 - Device Driver Package Install: NVIDIA Display adapters
Backed up registry hives.
Performed disk cleanup.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-24 11:18:06
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\System32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Administrator\Desktop\dss.exe
C:\Windows\System32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
http://www.creative....15102/CTPID.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\System32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
--
End of file - 3961 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
All drivers whitelisted.
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S3 Creative ALchemy AL1 Licensing Service - "c:\program files\common files\creative labs shared\service\al1licensing.exe" <Not Verified; Creative Labs; Creative ALchemy AL1 Licensing Service>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-06-24 and 2008-07-24 -----------------------------
2008-07-24 06:39:02 0 d-------- C:\Windows\Panther
2008-07-24 06:38:30 0 d-------- C:\Windows\OEMLOGO
2008-07-24 06:38:30 24 -rah----- C:\Windows\CLEANUP.CMD
2008-07-24 05:57:12 0 d-------- C:\Windows\Debug
2008-07-24 05:44:24 0 d-------- C:\Windows\SoftwareDistribution
2008-07-24 05:40:08 0 d-------- C:\Windows\Prefetch
2008-07-24 04:24:10 0 dr------- C:\Users\Seven\Searches
2008-07-24 04:24:06 0 dr------- C:\Users\Seven\Contacts
2008-07-24 04:24:01 0 d--hs---- C:\Users\Seven\Templates
2008-07-24 04:24:01 0 d--hs---- C:\Users\Seven\Start Menu
2008-07-24 04:24:01 0 d--hs---- C:\Users\Seven\SendTo
2008-07-24 04:24:01 0 d--hs---- C:\Users\Seven\Recent
2008-07-24 04:24:01 0 d--hs---- C:\Users\Seven\PrintHood
2008-07-24 04:24:01 0 d--hs---- C:\Users\Seven\NetHood
2008-07-24 04:24:01 0 d--hs---- C:\Users\Seven\Local Settings
2008-07-24 04:24:01 0 d--hs---- C:\Users\Seven\Cookies
2008-07-24 04:24:01 0 d--hs---- C:\Users\Seven\Application Data
2008-07-24 04:24:00 0 dr------- C:\Users\Seven\Videos
2008-07-24 04:24:00 0 dr------- C:\Users\Seven\Saved Games
2008-07-24 04:24:00 0 dr------- C:\Users\Seven\Pictures
2008-07-24 04:24:00 524288 --ahs---- C:\Users\Seven\NTUSER.DAT
2008-07-24 04:24:00 0 d--hs---- C:\Users\Seven\My Documents
2008-07-24 04:24:00 0 dr------- C:\Users\Seven\Music
2008-07-24 04:24:00 0 dr------- C:\Users\Seven\Links
2008-07-24 04:24:00 0 dr------- C:\Users\Seven\Favorites
2008-07-24 04:24:00 0 dr------- C:\Users\Seven\Downloads
2008-07-24 04:24:00 0 dr------- C:\Users\Seven\Documents
2008-07-24 04:24:00 0 dr------- C:\Users\Seven\Desktop
2008-07-24 04:24:00 0 d--h----- C:\Users\Seven\AppData
2008-07-24 04:20:21 53248 -----n--- C:\Windows\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative Product Registration>
2008-07-24 04:20:13 0 d-------- C:\Program Files\Common Files\Creative Labs Shared
2008-07-24 04:17:10 0 d-------- C:\Program Files\Common Files\Creative
2008-07-24 04:17:06 0 d--h----- C:\Program Files\Creative Installation Information
2008-07-24 04:15:23 409600 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-07-24 04:15:23 114688 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL Library>
2008-07-24 04:15:22 1544192 --a------ C:\Windows\system32\Sens_oal.dll <Not Verified; Creative; >
2008-07-24 04:14:24 69120 --a------ C:\Windows\system32\CmdRtr.DLL
2008-07-24 04:14:24 108544 --a------ C:\Windows\system32\APOMngr.DLL
2008-07-24 04:12:53 0 d-------- C:\Program Files\Creative
2008-07-24 04:09:56 0 d-------- C:\Program Files\Realtek
2008-07-24 04:09:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-24 04:09:49 0 d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-07-24 04:09:48 0 d-------- C:\Program Files\DVDVideoSoft
2008-07-24 04:09:41 520192 --a------ C:\Windows\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-07-24 04:09:41 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-07-24 04:09:39 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-24 04:06:36 0 d-------- C:\Program Files\CCleaner
2008-07-24 04:06:24 3948 -ra------ C:\Windows\system32\drivers\nvphy.bin
2008-07-24 04:01:54 0 d-------- C:\Program Files\Stardock
2008-07-24 04:01:54 0 d-------- C:\Program Files\Common Files\Stardock
2008-07-24 03:59:50 0 dr------- C:\Users\Administrator\Searches
2008-07-24 03:59:38 0 dr------- C:\Users\Administrator\Contacts
2008-07-24 03:59:33 0 dr------- C:\Users\Administrator\Videos
2008-07-24 03:59:33 0 d--hs---- C:\Users\Administrator\Templates
2008-07-24 03:59:33 0 d--hs---- C:\Users\Administrator\Start Menu
2008-07-24 03:59:33 0 d--hs---- C:\Users\Administrator\SendTo
2008-07-24 03:59:33 0 dr------- C:\Users\Administrator\Saved Games
2008-07-24 03:59:33 0 d--hs---- C:\Users\Administrator\Recent
2008-07-24 03:59:33 0 d--hs---- C:\Users\Administrator\PrintHood
2008-07-24 03:59:33 0 dr------- C:\Users\Administrator\Pictures
2008-07-24 03:59:33 0 d--hs---- C:\Users\Administrator\NetHood
2008-07-24 03:59:33 0 d--hs---- C:\Users\Administrator\My Documents
2008-07-24 03:59:33 0 dr------- C:\Users\Administrator\Music
2008-07-24 03:59:33 0 d--hs---- C:\Users\Administrator\Local Settings
2008-07-24 03:59:33 0 dr------- C:\Users\Administrator\Links
2008-07-24 03:59:33 0 dr------- C:\Users\Administrator\Favorites
2008-07-24 03:59:33 0 dr------- C:\Users\Administrator\Downloads
2008-07-24 03:59:33 0 dr------- C:\Users\Administrator\Documents
2008-07-24 03:59:33 0 dr------- C:\Users\Administrator\Desktop
2008-07-24 03:59:33 0 d--hs---- C:\Users\Administrator\Cookies
2008-07-24 03:59:33 0 d--hs---- C:\Users\Administrator\Application Data
2008-07-24 03:59:32 3407872 --ahs---- C:\Users\Administrator\NTUSER.DAT
2008-07-24 03:59:32 0 d--h----- C:\Users\Administrator\AppData
2008-07-24 03:58:14 0 d-------- C:\Program Files\Alwil Software
2008-07-24 03:55:11 0 d-------- C:\Program Files\MediaMonkey
2008-07-24 03:50:08 0 d-------- C:\Windows\system32\Macromed
2008-07-24 03:45:22 0 --a------ C:\Windows\nsreg.dat
2008-07-24 03:31:48 0 d-------- C:\Windows\nvtmpinst
2008-07-20 01:16:11 0 d-------- C:\DVDVideoSoft
2008-07-19 23:51:02 0 d-------- C:\MAGIX
2008-07-19 22:43:32 0 d-------- C:\RaidTool
2008-07-19 22:28:32 0 -rahs---- C:\MSDOS.SYS
2008-07-19 22:28:32 0 -rahs---- C:\IO.SYS
2008-07-15 12:13:13 0 d--hs---- C:\Boot
2008-07-15 11:40:28 0 d-------- C:\NVIDIA
2008-07-15 11:28:16 0 dr-h----- C:\MSOCache
2008-07-15 11:14:05 0 d--hs---- C:\System Volume Information
-- Find3M Report ---------------------------------------------------------------
2008-07-24 04:09:49 0 d-------- C:\Program Files\Common Files
2008-07-24 03:59:40 0 d-------- C:\Users\Administrator\AppData\Roaming\Identities
2008-07-24 03:53:04 0 d-------- C:\Users\Administrator\AppData\Roaming\WinRAR
2008-07-24 03:50:45 0 d-------- C:\Users\Administrator\AppData\Roaming\Macromedia
2008-07-24 03:50:45 0 d-------- C:\Users\Administrator\AppData\Roaming\Adobe
2008-07-24 03:45:21 0 d-------- C:\Users\Administrator\AppData\Roaming\Mozilla
2008-07-24 03:43:49 0 d-------- C:\Users\Administrator\AppData\Roaming\Creative
2008-07-24 03:38:49 0 d-------- C:\Program Files\Windows Mail
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/20/2008 09:33 PM]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [02/28/2007 05:50 PM]
"P17RunE"="P17RunE.dll" [04/08/2007 08:40 PM C:\Windows\System32\P17RunE.dll]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [03/25/2008 02:52 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [03/25/2008 02:52 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 06:19 PM]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [7/24/2008 4:01:54 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8910 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-07-24 11:18:43 ------------