next the Main log
Deckard's System Scanner v20071014.68
Run by Admin on 2008-07-27 14:52:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
63: 2008-07-27 13:52:24 UTC - RP788 - Deckard's System Scanner Restore Point
62: 2008-07-26 20:37:01 UTC - RP787 - Removed PC Connectivity Solution
61: 2008-07-26 11:00:43 UTC - RP786 - Software Distribution Service 3.0
60: 2008-07-26 08:35:38 UTC - RP785 - Software Distribution Service 3.0
59: 2008-07-26 08:30:48 UTC - RP784 - Software Distribution Service 3.0
-- First Restore Point --
1: 2008-06-27 17:54:47 UTC - RP726 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Admin.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53:57, on 27/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Updater.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1160729953\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\program files\common files\aol\1160729953\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1160729953\ee\aolsoftware.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\VSB1O713\dss[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.co.uk/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.co.uk/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.google.co.uk/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://search.aol.co.uk/web?isinit=true&query=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Message of the Day] C:\Program Files\UoL\MotD\MOTD2000.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1160729953\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search -
res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ieSpell Options -
res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: Check &Spelling -
res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebook.com/controls/Fac ... loader.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -
http://support.f-secure.com/ols/fscax.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
--
End of file - 10636 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*.reg - regfile - shell\open\command - unable to read value.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 IFP300 (iriver Internet Audio Player IFP-300) - c:\windows\system32\drivers\ifp300.sys <Not Verified; iRiver, Inc.; IFP-100>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\windows\system32\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 WPN111 (Wireless USB 2.0 Adapter with RangeMax Service) - c:\windows\system32\drivers\wpn111.sys <Not Verified; NETGEAR, Inc.; NETGEAR WPN111>
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 PPPoEWin (PPPoEWin Miniport) - c:\windows\system32\drivers\pppoewin.sys (file missing)
S3 tapvpn (TAP VPN Adapter) - c:\windows\system32\drivers\tapvpn.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S2 SvcOnlineArmor (Online Armor) - "c:\program files\tall emu\online armor\oasrv.exe" <Not Verified; Tall Emu; Online Armor Security Suite>
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV00DF\4&1A87BEAE&1&01
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller #2
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV00DF\4&1A87BEAE&1&01
Service: NVENETFD
-- Scheduled Tasks -------------------------------------------------------------
2008-07-27 14:50:00 422 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FAC759C1-0052-4326-9F19-25051AD22968}.job
2008-07-27 14:09:00 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-07-27 14:00:00 350 --a------ C:\WINDOWS\Tasks\At39.job
2008-07-27 14:00:00 350 --a------ C:\WINDOWS\Tasks\At15.job
2008-07-27 13:00:00 350 --a------ C:\WINDOWS\Tasks\At38.job
2008-07-27 13:00:00 350 --a------ C:\WINDOWS\Tasks\At14.job
2008-07-27 12:00:00 350 --a------ C:\WINDOWS\Tasks\At37.job
2008-07-27 12:00:00 350 --a------ C:\WINDOWS\Tasks\At13.job
2008-07-27 11:00:00 350 --a------ C:\WINDOWS\Tasks\At36.job
2008-07-27 11:00:00 350 --a------ C:\WINDOWS\Tasks\At12.job
2008-07-27 10:00:00 350 --a------ C:\WINDOWS\Tasks\At35.job
2008-07-27 10:00:00 350 --a------ C:\WINDOWS\Tasks\At11.job
2008-07-27 09:00:00 350 --a------ C:\WINDOWS\Tasks\At34.job
2008-07-27 09:00:00 350 --a------ C:\WINDOWS\Tasks\At10.job
2008-07-27 08:00:00 350 --a------ C:\WINDOWS\Tasks\At9.job
2008-07-27 08:00:00 350 --a------ C:\WINDOWS\Tasks\At33.job
2008-07-27 07:00:00 350 --a------ C:\WINDOWS\Tasks\At8.job
2008-07-27 07:00:00 350 --a------ C:\WINDOWS\Tasks\At32.job
2008-07-27 06:00:00 350 --a------ C:\WINDOWS\Tasks\At7.job
2008-07-27 06:00:00 350 --a------ C:\WINDOWS\Tasks\At31.job
2008-07-27 05:00:00 350 --a------ C:\WINDOWS\Tasks\At6.job
2008-07-27 05:00:00 350 --a------ C:\WINDOWS\Tasks\At30.job
2008-07-27 04:00:00 350 --a------ C:\WINDOWS\Tasks\At5.job
2008-07-27 04:00:00 350 --a------ C:\WINDOWS\Tasks\At29.job
2008-07-27 03:00:00 350 --a------ C:\WINDOWS\Tasks\At4.job
2008-07-27 03:00:00 350 --a------ C:\WINDOWS\Tasks\At28.job
2008-07-27 02:00:00 350 --a------ C:\WINDOWS\Tasks\At3.job
2008-07-27 02:00:00 350 --a------ C:\WINDOWS\Tasks\At27.job
2008-07-27 01:00:00 350 --a------ C:\WINDOWS\Tasks\At26.job
2008-07-27 01:00:00 350 --a------ C:\WINDOWS\Tasks\At2.job
2008-07-27 00:55:00 350 --a------ C:\WINDOWS\Tasks\At25.job
2008-07-27 00:16:00 350 --a------ C:\WINDOWS\Tasks\At1.job
2008-07-26 23:00:00 350 --a------ C:\WINDOWS\Tasks\At48.job
2008-07-26 23:00:00 350 --a------ C:\WINDOWS\Tasks\At24.job
2008-07-26 22:00:00 350 --a------ C:\WINDOWS\Tasks\At47.job
2008-07-26 22:00:00 350 --a------ C:\WINDOWS\Tasks\At23.job
2008-07-26 21:00:00 350 --a------ C:\WINDOWS\Tasks\At46.job
2008-07-26 21:00:00 350 --a------ C:\WINDOWS\Tasks\At22.job
2008-07-26 20:00:00 350 --a------ C:\WINDOWS\Tasks\At45.job
2008-07-26 20:00:00 350 --a------ C:\WINDOWS\Tasks\At21.job
2008-07-26 19:00:00 350 --a------ C:\WINDOWS\Tasks\At44.job
2008-07-26 19:00:00 350 --a------ C:\WINDOWS\Tasks\At20.job
2008-07-26 18:00:01 350 --a------ C:\WINDOWS\Tasks\At43.job
2008-07-26 18:00:00 350 --a------ C:\WINDOWS\Tasks\At19.job
2008-07-26 17:00:00 350 --a------ C:\WINDOWS\Tasks\At42.job
2008-07-26 17:00:00 350 --a------ C:\WINDOWS\Tasks\At18.job
2008-07-26 16:00:00 350 --a------ C:\WINDOWS\Tasks\At41.job
2008-07-26 16:00:00 350 --a------ C:\WINDOWS\Tasks\At17.job
2008-07-26 15:00:00 350 --a------ C:\WINDOWS\Tasks\At40.job
2008-07-26 15:00:00 350 --a------ C:\WINDOWS\Tasks\At16.job
2008-07-25 17:15:00 390 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-07-09 14:14:10 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-06-27 and 2008-07-27 -----------------------------
2008-07-27 00:54:42 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-07-27 00:19:01 262144 --a------ C:\Program Files\Uninstall Ask Toolbar.dll <Not Verified; Ask.com; Ask Toolbar for Internet Explorer>
2008-07-26 21:56:38 0 d-------- C:\Program Files\LimeWire
2008-07-26 21:42:08 0 d-------- C:\fsaua.data
2008-07-26 21:24:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-26 21:24:54 0 d-------- C:\Documents and Settings\Admin\Application Data\Azureus
2008-07-26 21:24:17 0 d-------- C:\Program Files\Vuze
2008-07-26 12:14:37 0 d-------- C:\Program Files\uTorrent
2008-07-26 09:27:09 0 d-------- C:\WINDOWS\Prefetch
2008-07-25 11:22:38 0 d-------- C:\WINDOWS\system32\scripting
2008-07-25 11:22:38 0 d-------- C:\WINDOWS\system32\bits
2008-07-25 11:22:38 0 d-------- C:\WINDOWS\l2schemas
2008-07-25 11:18:02 0 d-------- C:\WINDOWS\EHome
2008-07-24 18:17:24 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-24 17:59:14 0 d-------- C:\Program Files\Trend Micro
2008-07-24 17:36:15 0 dr-h----- C:\Documents and Settings\Admin\Recent
2008-07-24 13:47:46 0 d-------- C:\Documents and Settings\Admin\Application Data\InstallShield
2008-07-24 13:46:35 0 d-------- C:\Program Files\Internet Cyclone
2008-07-24 13:46:22 0 d-------- C:\Program Files\XP Codec Pack
2008-07-24 13:46:22 0 d-------- C:\Program Files\BinarySense
2008-07-24 13:46:15 0 d-------- C:\Program Files\Common Files\Apple
2008-07-24 09:25:17 0 d-------- C:\Documents and Settings\Admin\Application Data\Opera(2)
2008-07-24 09:25:13 0 d-------- C:\Program Files\Opera(2)
2008-07-24 09:18:00 0 d-------- C:\Kontiki
2008-07-12 21:47:49 1568768 --a------ C:\WINDOWS\system32\imagx7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-07-12 15:01:11 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-07-12 15:01:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Mozilla
2008-07-12 15:00:36 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-07-10 12:30:13 0 d-------- C:\Program Files\The_Pirate_Bay
2008-07-09 16:44:08 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-08 23:46:40 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-07-08 23:46:40 0 d-------- C:\Documents and Settings\Admin\Application Data\Vso
2008-07-08 23:46:40 47360 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-07-08 23:46:32 0 d-------- C:\Program Files\VSO
2008-07-08 12:20:25 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2008-07-07 23:55:10 0 d-------- C:\Documents and Settings\Admin\Application Data\LimeWire
2008-07-07 17:30:15 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-07-07 17:30:04 147456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-07-07 17:30:04 651264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-07-07 17:30:04 362944 --a------ C:\WINDOWS\system32\drivers\WPN111.sys <Not Verified; NETGEAR, Inc.; NETGEAR WPN111>
2008-07-07 17:30:04 17149 --a------ C:\WINDOWS\system32\DNINDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-07-07 17:30:04 94208 --a------ C:\WINDOWS\system32\DNIN50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-07-07 17:30:04 0 d-------- C:\Program Files\NETGEAR
-- Find3M Report ---------------------------------------------------------------
2008-07-27 14:12:21 0 d-------- C:\Documents and Settings\Admin\Application Data\OnlineArmor
2008-07-27 12:37:30 0 d-------- C:\Program Files\Google
2008-07-27 03:36:31 0 d-------- C:\Program Files\RegScrubXP
2008-07-27 00:57:50 0 d-------- C:\Program Files\Common Files\aol
2008-07-27 00:57:27 0 d-------- C:\Documents and Settings\Admin\Application Data\Mozilla
2008-07-25 21:27:16 0 d-------- C:\Program Files\Messenger
2008-07-25 21:27:05 0 d-------- C:\Program Files\Movie Maker
2008-07-25 21:25:24 0 d-------- C:\Program Files\Windows NT
2008-07-24 22:11:55 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 18:22:10 0 d-------- C:\Program Files\SpywareBlaster
2008-07-24 18:03:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-24 17:44:06 0 d-------- C:\Program Files\Kontiki
2008-07-24 17:41:25 33 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.log
2008-07-24 17:41:24 1144 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.inf
2008-07-24 17:41:24 7887 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.cat
2008-07-24 17:39:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-24 17:20:25 0 d-------- C:\Program Files\Java
2008-07-24 17:04:13 0 d-------- C:\Program Files\Audible
2008-07-24 13:47:50 0 d-------- C:\Program Files\Opera
2008-07-24 13:46:46 0 d-------- C:\Program Files\Winamp
2008-07-24 13:46:20 0 d-------- C:\Program Files\DivX
2008-07-24 13:46:15 0 d-------- C:\Program Files\Common Files
2008-07-24 09:49:46 0 d-------- C:\Program Files\InterActual
2008-07-14 00:15:24 668 --a------ C:\Documents and Settings\Admin\Application Data\vso_ts_preview.xml
2008-07-13 13:01:05 0 d-------- C:\Documents and Settings\Admin\Application Data\Winamp
2008-07-12 21:48:08 0 d-------- C:\Program Files\Common Files\Ahead
2008-07-07 09:10:01 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-04 10:44:01 3532 --a------ C:\drmHeader.bin
2008-06-20 20:18:15 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-11 01:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 01:03:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-11 01:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-11 01:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-11 01:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-26 20:14:07 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-22 23:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/06/2007 14:32]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [25/07/2007 16:02]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [25/07/2007 16:06]
"Message of the Day"="C:\Program Files\UoL\MotD\MOTD2000.exe" [01/05/2006 13:53]
"iRiver Updater"="\Updater.exe" [01/07/2004 22:20]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [01/02/2008 00:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [23/03/2008 11:21]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 07:00]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/04/2008 19:49]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [20/11/2006 20:12]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [08/11/2005 23:00]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/11/2004 00:22]
"HostManager"="C:\Program Files\Common Files\AOL\1160729953\ee\AOLSoftware.exe" [27/04/2006 13:28]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [27/03/2006 16:57]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 12:23]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07/07/2008 09:10]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 21:05]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [07/07/2008 17:30:04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [07/07/2008 09:10 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
"C:\Program Files\Kontiki\KHost.exe" -all
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\MSMSGS.EXE" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"SatSrv"=2 (0x2)
"ose"=3 (0x3)
"NBService"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"lxbu_device"=3 (0x3)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"KService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"Diskeeper"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AOL ACS"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"SvcOnlineArmor"=2 (0x2)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"NinjaVideo Helper.exe"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"idsvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"aawservice"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"iRiver Updater"=\Updater.exe
"SSS2007 PasswordManagerFFAutoFill"="C:\Program Files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe"
"SSS2007 HotKeys"="C:\Program Files\Steganos Security Suite 2007\SteganosHotKeyService.exe"
"SSS2007 File Redirection Starter"="C:\Program Files\Steganos Security Suite 2007\fredirstarter.exe"
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06fdbe22-4f9e-11db-bd3c-806d6172696f}]
play\command- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1
-- End of Deckard's System Scanner: finished at 2008-07-27 14:55:53 ------------