Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) D CPU 2.80GHz
CPU 1: Intel(R) Pentium(R) D CPU 2.80GHz
Percentage of Memory in Use: 81%
Physical Memory (total/avail): 502.04 MiB / 94.7 MiB
Pagefile Memory (total/avail): 1227.36 MiB / 876.51 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1942.44 MiB
C: is Fixed (NTFS) - 70.77 GiB total, 58.9 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD800JD-08MSA1 - 74.54 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 70.77 GiB - C:
\PARTITION1 - Unknown - 3.76 GiB
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
FirewallDisableNotify is set.
AV: VirusScan Enterprise + AntiSpyware Enterprise v8.5.0.781 (McAfee, Inc.)
Outdated[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\MArap\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SFO01642
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\MArap
LOGONSERVER=\\SFO01642
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Lenovo;C:\Program Files\Lenovo\Client Security Solution;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RR=C:\Program Files\Lenovo\Rescue and Recovery
SESSIONNAME=Console
SWSHARE=C:\SWSHARE
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MArap\LOCALS~1\Temp
TMP=C:\DOCUME~1\MArap\LOCALS~1\Temp
TVT=C:\Program Files\Lenovo
TVTCOMMON=C:\Program Files\Common Files\Lenovo
TVTPYDIR=C:\Program Files\Common Files\Lenovo\Python24
USERDOMAIN=SFO01642
USERNAME=MArap
USERPROFILE=C:\Documents and Settings\MArap
VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
MArap
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> "C:\WINDOWS\ie7updates\KB928089\spuninst\spuninst.exe"
--> "C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
--> "C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
--> "C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
--> "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
--> "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
--> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Reader Chinese Traditional Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2448-0000-705000000001}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Lenovo Memory Monitor --> "C:\Program Files\IBM\acp\ERTS0928\ERTS0928.exe" -uninstall
McAfee AntiSpyware Enterprise Module --> "C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /UninstallMAS
McAfee VirusScan Enterprise --> MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mocha W32 TN5250 --> C:\WINDOWS\mtn5250uninstall.exe
Mouse Suite --> PMUninst.exe MouseSuite98
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rescue and Recovery --> MsiExec.exe /I{7726CF62-7B45-4E6D-9266-615346816BCA}
Rescue and Recovery Critical Patch for Windows Update (KB917422) --> MsiExec.exe /X{83E5061B-A69A-46AD-A780-1DA6569FF283}
Revo Uninstaller 1.50 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
ThinkVantage Technologies Welcome Message --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
Wallpapers --> MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type704 / Error
Event Submitted/Written: 05/23/2008 00:51:39 PM
Event ID/Source: 1000 / UserInit
Event Description:
Could not execute the following script C:\DOCUME~1\MArap\LOCALS~1\Temp\Rar$EX00.297\xp.cmd. The system cannot find the file specified.
.
Event Record #/Type701 / Error
Event Submitted/Written: 05/23/2008 00:44:04 PM
Event ID/Source: 1000 / UserInit
Event Description:
Could not execute the following script C:\DOCUME~1\MArap\LOCALS~1\Temp\Rar$EX00.297\xp.cmd. The system cannot find the file specified.
.
Event Record #/Type697 / Error
Event Submitted/Written: 05/23/2008 00:38:31 PM
Event ID/Source: 1000 / UserInit
Event Description:
Could not execute the following script C:\DOCUME~1\MArap\LOCALS~1\Temp\Rar$EX00.297\xp.cmd. The system cannot find the file specified.
.
Event Record #/Type693 / Error
Event Submitted/Written: 05/22/2008 01:56:41 PM
Event ID/Source: 1000 / UserInit
Event Description:
Could not execute the following script C:\DOCUME~1\MArap\LOCALS~1\Temp\Rar$EX00.297\xp.cmd. The system cannot find the file specified.
.
Event Record #/Type686 / Error
Event Submitted/Written: 05/20/2008 03:05:21 AM
Event ID/Source: 1000 / UserInit
Event Description:
Could not execute the following script C:\DOCUME~1\MArap\LOCALS~1\Temp\Rar$EX00.297\xp.cmd. The system cannot find the file specified.
.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type1224 / Error
Event Submitted/Written: 05/27/2008 08:16:30 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
SASKUTIL
Event Record #/Type1223 / Error
Event Submitted/Written: 05/27/2008 08:16:30 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error:
%%1068
Event Record #/Type1222 / Error
Event Submitted/Written: 05/27/2008 08:16:30 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error:
%%1058
Event Record #/Type1220 / Warning
Event Submitted/Written: 05/27/2008 08:14:19 AM / 05/27/2008 08:14:47 AM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetLink (TM) Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.
Event Record #/Type1215 / Warning
Event Submitted/Written: 05/23/2008 00:51:41 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetLink (TM) Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.
-- End of Deckard's System Scanner: finished at 2008-05-27 08:17:20 ------------
Deckard's System Scanner v20071014.68
Run by MArap on 2008-05-27 08:15:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2008-05-27 15:15:48 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 80% (more than 75%).Total Physical Memory: 503 MiB (512 MiB recommended).-- HijackThis (run as MArap.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:49 AM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\MArap\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MArap.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/magicbox.jasusa.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {1D277B1C-F326-48A7-985C-ED6B1D94F0B1} - C:\WINDOWS\system32\hgGxutSi.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) -
https://www-307.ibm.com/pc/support/acce ... /AcpIR.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://sdlc-esd.sun.com/ESD40/JSCDL/jre ... 586-jc.cabO16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) -
http://u3.sandisk.com/download/apps/LPInstaller.CABO16 - DPF: {BE415DD9-C50D-46AA-9B5D-37F2EEBBBFE6} (acpRunner Class) -
https://www-307.ibm.com/pc/support/acce ... ontrol.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
--
End of file - 5408 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 EGATHDRV (IBM Access Support) - c:\windows\system32\egathdrv.sys <Not Verified; IBM Corporation; IBM eGatherer>
R2 pmem - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R2 smi2 - c:\program files\smi2\smi2.sys <Not Verified; IBM Corp.; TVT SMI Bios driver>
R2 tvtfilter - c:\windows\system32\drivers\tvtfilter.sys <Not Verified; Lenovo; Rescue and Recovery>
S1 SASKUTIL - c:\program files\superantispyware\saskutil.sys (file missing)
S3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\adihdaud.sys (file missing)
S3 AEAudio (AE Audio Service) - c:\windows\system32\drivers\aeaudio.sys (file missing)
S3 PcdrNdisuio (PCDRNDISUIO Usermode I/O Protocol) - c:\windows\system32\drivers\pcdrndisuio.sys (file missing)
S3 SenFiltService (SenFilt Service) - c:\windows\system32\drivers\senfilt.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 tvtnetwk - c:\program files\lenovo\rescue and recovery\adm\iuservice.exe
S3 PsaSrv (IBM PSA Access Driver Control) - c:\windows\system32\psasrv.exe
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-05-16 17:15:00 390 --a----c- C:\WINDOWS\Tasks\1-Click Maintenance.job
-- Files created between 2008-04-27 and 2008-05-27 -----------------------------
2008-05-23 12:51:38 0 dr-h----- C:\Documents and Settings\MArap\Recent
2008-05-23 12:34:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-20 06:01:25 0 d-------- C:\Program Files\Trend Micro
2008-05-19 12:46:02 0 d-------- C:\Documents and Settings\MArap\Application Data\AVGTOOLBAR
2008-05-19 09:29:12 0 d--hs---- C:\WINDOWS\CSC
2008-05-19 09:26:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-05-16 14:46:54 898805 --ahs---- C:\WINDOWS\system32\rAHilnnn.ini2
2008-05-14 09:28:40 1092595 --ahs---- C:\WINDOWS\system32\qAdfLUtv.ini2
2008-05-14 08:24:43 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-14 08:24:26 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-14 08:24:25 0 d-------- C:\Documents and Settings\MArap\Application Data\SUPERAntiSpyware.com
2008-05-13 15:20:40 0 d-------- C:\Documents and Settings\MArap\Application Data\TmpRecentIcons
2008-05-13 13:58:01 1079574 --ahs---- C:\WINDOWS\system32\iStuxGgh.ini2
2008-05-13 13:57:16 2032664576 --ah----- C:\EVREM
2008-05-13 13:52:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-13 13:52:08 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-05-12 10:26:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-08 09:22:17 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-02 09:06:57 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-02 09:06:49 0 d-------- C:\Program Files\Windows Live
2008-05-02 09:06:33 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-01 16:10:01 0 d-------- C:\WINDOWS\system32\Adobe
-- Find3M Report ---------------------------------------------------------------
2008-05-23 12:31:59 0 d-a------ C:\Program Files\Common Files
2008-05-19 12:20:24 0 d-a------ C:\Documents and Settings\MArap\Application Data\Macromedia
2008-05-19 12:12:18 0 d-a------ C:\Program Files\IrfanView
2008-05-19 12:05:58 0 d-------- C:\Program Files\VS Revo Group
2008-05-16 14:48:48 0 d-a------ C:\Program Files\Java
2008-05-16 14:26:23 0 d-------- C:\Documents and Settings\MArap\Application Data\Move Networks
2008-05-16 14:13:38 0 d-a------ C:\Program Files\Yahoo!
2008-05-16 13:57:22 0 d-------- C:\Program Files\Anti Tracks
2008-05-13 13:41:09 0 d-------- C:\Documents and Settings\MArap\Application Data\Skype
2008-05-13 08:02:04 0 d-------- C:\Documents and Settings\MArap\Application Data\skypePM
2008-05-12 10:24:37 0 d-------- C:\Documents and Settings\MArap\Application Data\AdobeUM
2008-05-08 09:22:05 0 d-a------ C:\Program Files\Common Files\Real
2008-05-05 08:24:20 0 d-a------ C:\Documents and Settings\MArap\Application Data\Real
2008-04-15 08:35:31 0 d-a------ C:\Documents and Settings\MArap\Application Data\Adobe
2008-03-28 17:42:26 0 d-------- C:\Documents and Settings\MArap\Application Data\U3
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D277B1C-F326-48A7-985C-ED6B1D94F0B1}]
C:\WINDOWS\system32\hgGxutSi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [01/07/2005 06:07 PM C:\WINDOWS\system32\HdAShCut.exe]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [07/10/2007 04:16 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/08/2008 09:21 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [11/17/2006 02:39 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDevMgrPage"=0 (0x0)
"NoConfigPage"=0 (0x0)
"NoVirtMemPage"=0 (0x0)
"NoFileSysPage"=0 (0x0)
"NoNetSetup"=0 (0x0)
"NoNetSetupIDPage"=0 (0x0)
"NoNetSetupSecurityPage"=0 (0x0)
"NoWorkgroupContents"=0 (0x0)
"NoEntireNetwork"=0 (0x0)
"NoFileSharingControl"=0 (0x0)
"DisableTaskMgr"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)
"NoFolderOptions"=00000000
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"NoThumbnailCache"=1 (0x1)
"NoFolderOptions"=00000000
"RestrictRun"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoRun"=0 (0x0)
"NoLogOff"=0 (0x0)
"NoFind"=0 (0x0)
"NoClose"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoStartBanner"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnliHAr
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3468622563-1000922078-4086516486-1005\Scripts\Logoff\0\0]
"Script"=C:\DOCUME~1\MArap\LOCALS~1\Temp\Rar$EX00.297\xp.cmd
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
ICO.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
"C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
-- Hosts -----------------------------------------------------------------------
127.0.0.1 000freexxx.com
127.0.0.1 100.6.87.194.dynamic.dol.ru
127.0.0.1 1000stars.ru
127.0.0.1 101.6.87.194.dynamic.dol.ru
127.0.0.1 123adult.com
127.0.0.1 123banners.com
127.0.0.1 123counter.mycomputer.com
127.0.0.1 123counter.superstats.com
127.0.0.1 123go.com
127.0.0.1 124.6.87.194.dynamic.dol.ru
986 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-05-27 08:17:20 ------------