AVG popped up during the scan and alerted me of a trojan horse. I attached the screenshot.
Deckard's System Scanner v20071014.68
Run by Andrew on 2008-03-07 07:54:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
163: 2008-03-07 13:54:45 UTC - RP163 - Deckard's System Scanner Restore Point
162: 2008-03-06 18:38:24 UTC - RP162 - System Checkpoint
161: 2008-03-05 18:26:10 UTC - RP161 - System Checkpoint
160: 2008-03-04 14:49:45 UTC - RP160 - System Checkpoint
159: 2008-02-28 15:10:45 UTC - RP159 - System Checkpoint
-- First Restore Point --
1: 2007-12-10 22:44:49 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Andrew.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:52 AM, on 3/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Xfire\xfire.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Andrew\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Andrew.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: TELUS Desktop Calendar.lnk = C:\Program Files\TELUS Desktop Calendar\TELUS_Desktop_Calendar.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wbsys.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 10387 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Wireless Service; ANIWZCS2 Service Launcher (NT)>
S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_81C01043&REV_A3\3&2411E6FE&0&51
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_81C01043&REV_A3\3&2411E6FE&0&51
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Other PCI Bridge Device
Device ID: PCI\VEN_10DE&DEV_0269&SUBSYS_816A1043&REV_A3\3&2411E6FE&0&A0
Manufacturer:
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_10DE&DEV_0269&SUBSYS_816A1043&REV_A3\3&2411E6FE&0&A0
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-03-04 11:19:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-02-07 and 2008-03-07 -----------------------------
2008-03-07 07:37:18 0 d-------- C:\Documents and Settings\Andrew\Application Data\skypePM
2008-03-07 07:37:18 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-07 07:35:12 0 d-------- C:\Documents and Settings\Andrew\Application Data\Skype
2008-03-07 07:35:06 0 d-------- C:\Program Files\Skype
2008-03-07 07:35:05 0 d-------- C:\Program Files\Common Files\Skype
2008-03-07 07:34:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-03-05 22:13:57 0 d-------- C:\Documents and Settings\Andrew\Application Data\Malwarebytes
2008-03-05 22:13:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-05 22:13:49 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-26 22:46:51 0 d-------- C:\Program Files\TELUS Desktop Calendar
2008-02-26 22:46:06 201728 --a------ C:\WINDOWS\system32\TELUS 2008 Nature.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-02-26 22:46:06 0 d-------- C:\WINDOWS\system32\TELUS 2008 Nature dir
2008-02-26 18:13:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-21 08:04:58 0 d-------- C:\Documents and Settings\Andrew\Application Data\Nero
2008-02-21 08:04:22 368640 --a------ C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corporation; TwnLib4 - TwainPRO v4.0 - Utility Library>
2008-02-21 08:04:22 802816 --a------ C:\WINDOWS\system32\imagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-02-21 08:04:22 258048 --a------ C:\WINDOWS\system32\imagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-02-21 08:04:21 1757184 --a------ C:\WINDOWS\system32\imagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-02-21 08:04:20 0 d-------- C:\Program Files\Nero
2008-02-21 08:04:20 0 d-------- C:\Program Files\Common Files\Nero
2008-02-21 08:04:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-02-20 20:14:01 77 --a------ C:\WINDOWS\system32\winitn.dll
2008-02-20 20:13:59 2535424 --a------ C:\WINDOWS\system32\agsaamj.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress3 Module>
2008-02-20 20:13:59 90112 --a------ C:\WINDOWS\system32\agsaami.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFormatSettings3 Module>
2008-02-20 20:13:59 610304 --a------ C:\WINDOWS\system32\agsaamg.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFile3 Module>
2008-02-20 20:13:58 372736 --a------ C:\WINDOWS\system32\agsaamc.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFileWMA3 Module>
2008-02-20 20:13:58 53760 --a------ C:\WINDOWS\system\ppacklib.dll <Not Verified; ; ZLib.DLL>
2008-02-20 20:13:51 1 --a------ C:\WINDOWS\sslzdlt.dll
2008-02-20 20:13:50 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-02-20 20:13:48 0 d-------- C:\Program Files\AML Products
2008-02-17 08:36:38 0 d-------- C:\Program Files\BitPim
2008-02-14 20:41:44 0 d-------- C:\logs
2008-02-12 18:08:11 0 d-------- C:\Program Files\Avanquest update
2008-02-12 18:06:29 0 d-------- C:\Program Files\Common Files\Motorola Shared
2008-02-12 18:06:21 0 d-------- C:\Program Files\Motorola Phone Tools
2008-02-12 18:06:21 0 d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-02-07 22:20:36 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-02-07 22:20:35 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-02-07 22:20:33 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
-- Find3M Report ---------------------------------------------------------------
2008-03-07 07:52:43 0 d-------- C:\Documents and Settings\Andrew\Application Data\SiteAdvisor
2008-03-07 07:35:05 0 d-------- C:\Program Files\Common Files
2008-03-05 22:22:54 0 d-------- C:\Program Files\Xfire
2008-03-05 19:39:03 0 d-------- C:\Program Files\Steam
2008-03-04 22:42:26 0 d-------- C:\Program Files\FlashGet
2008-03-03 23:29:37 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2008-02-27 21:37:23 0 d-------- C:\Documents and Settings\Andrew\Application Data\LimeWire
2008-02-26 07:33:19 0 d-------- C:\Documents and Settings\Andrew\Application Data\Xfire
2008-02-20 20:50:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-19 21:20:45 0 d-------- C:\Documents and Settings\Andrew\Application Data\Google
2008-02-19 21:20:14 0 d-------- C:\Program Files\Google
2008-02-18 13:47:03 0 d-------- C:\Documents and Settings\Andrew\Application Data\GSC
2008-02-13 21:30:53 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-12 18:08:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-09 19:31:18 36104 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-02-09 19:31:18 131072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-02-09 09:08:35 0 d-------- C:\Documents and Settings\Andrew\Application Data\Azureus
2008-02-08 22:30:46 0 d-------- C:\Program Files\Bus-Simulator 2008
2008-02-06 19:48:27 0 d-------- C:\Program Files\Web Publish
2008-02-04 19:44:29 0 d-------- C:\Program Files\GSC
2008-02-01 20:31:00 0 d-------- C:\Program Files\WarRock
2008-01-29 21:21:44 0 d-------- C:\Program Files\World of Warcraft
2008-01-29 17:48:04 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-01-22 17:24:59 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-01-22 16:20:09 0 d-------- C:\Program Files\Activision
2008-01-21 19:03:25 0 d-------- C:\Documents and Settings\Andrew\Application Data\Adobe
2008-01-21 17:58:53 0 d-------- C:\Program Files\Common Files\Acronis
2008-01-21 17:58:51 0 d-------- C:\Program Files\Acronis
2008-01-21 17:55:27 0 d-------- C:\Documents and Settings\Andrew\Application Data\Help
2008-01-21 17:54:45 0 d-------- C:\Program Files\Symantec
2008-01-21 15:55:33 0 d-------- C:\Documents and Settings\Andrew\Application Data\InternetCalls
2008-01-20 23:29:19 0 d-------- C:\Program Files\PeerGuardian2
2008-01-19 18:12:29 0 d-------- C:\Documents and Settings\Andrew\Application Data\teamspeak2
2008-01-19 18:12:28 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-01-19 18:00:27 0 d-------- C:\Program Files\Ahead
2008-01-18 21:15:03 0 d-------- C:\Documents and Settings\Andrew\Application Data\Ventrilo
2008-01-18 21:14:34 0 d-------- C:\Program Files\Ventrilo
2008-01-18 07:50:59 0 d-------- C:\Documents and Settings\Andrew\Application Data\Apple Computer
2008-01-17 07:57:15 0 d-------- C:\Program Files\Sierra
2008-01-16 17:06:27 0 d-------- C:\Program Files\iTunes
2008-01-16 17:06:16 0 d-------- C:\Program Files\iPod
2008-01-16 17:05:20 0 d-------- C:\Program Files\QuickTime
2008-01-13 22:36:04 0 d-------- C:\Program Files\MSXML 6.0
2008-01-13 19:50:32 0 d-------- C:\Program Files\Starcraft
2008-01-13 14:08:17 0 d-------- C:\Program Files\Bonjour
2008-01-13 14:00:31 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-12 22:28:20 0 d-------- C:\Program Files\COMODO
2008-01-12 22:28:20 0 d-------- C:\Documents and Settings\Andrew\Application Data\Comodo
2008-01-12 18:36:12 0 d-------- C:\Documents and Settings\Andrew\Application Data\SUPERAntiSpyware.com
2008-01-12 17:48:13 0 d-------- C:\Documents and Settings\Andrew\Application Data\CyberLink
2008-01-12 17:47:29 0 d-------- C:\Program Files\CyberLink
2008-01-12 16:48:27 0 d-------- C:\Program Files\Vstplugins
2008-01-12 16:48:09 0 d-------- C:\Program Files\Sony
2008-01-12 16:46:19 0 d-------- C:\Program Files\MSBuild
2008-01-12 16:43:04 0 d-------- C:\Program Files\Reference Assemblies
2008-01-12 12:44:31 0 d-------- C:\Documents and Settings\Andrew\Application Data\FileZilla
2008-01-12 11:30:58 0 d-------- C:\Program Files\FileZilla Client
2008-01-12 11:23:46 0 d-------- C:\Documents and Settings\Andrew\Application Data\SmartFTP
2008-01-12 11:23:36 0 d-------- C:\Program Files\SmartFTP Client
2008-01-11 12:53:11 0 d-------- C:\Program Files\Army Operations
2008-01-11 12:19:16 0 d-------- C:\Program Files\GameSpy Arcade
2008-01-11 11:54:50 0 d-------- C:\Documents and Settings\Andrew\Application Data\GetRightToGo
2008-01-11 11:48:02 0 d-------- C:\Documents and Settings\Andrew\Application Data\Opera
2008-01-11 11:47:56 0 d-------- C:\Program Files\Opera
2008-01-10 08:22:14 0 d-------- C:\Program Files\Stardock
2008-01-08 15:51:21 34807 --a------ C:\WINDOWS\scunin.dat
2008-01-08 15:51:20 967 --a------ C:\WINDOWS\ScUnin.pif
2008-01-08 15:51:20 70656 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-01-07 20:50:20 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-07 18:11:08 61 ---hs---- C:\WINDOWS\cnerolf.dat
2008-01-07 18:07:58 0 d-------- C:\Program Files\vasfmc
2008-01-07 18:06:19 0 d-------- C:\Program Files\SquawkBox3
2008-01-07 08:06:07 552 --a------ C:\Documents and Settings\Andrew\Application Data\AutoGK.ini
2008-01-06 17:47:51 43602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2008-01-02 18:21:05 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-01 18:41:11 616 --a------ C:\WINDOWS\eReg.dat
2007-12-30 11:10:32 34308 --a------ C:\BASSMOD.DLL
2007-12-30 11:02:11 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-12-27 18:26:10 2195 --a------ C:\WINDOWS\mozver.dat
2007-12-27 10:21:25 16 --a------ C:\WINDOWS\bnsacomm64_c.dll
2007-12-26 20:34:04 38400 --a------ C:\WINDOWS\31838.exe
2007-12-24 22:10:03 34 --a------ C:\Documents and Settings\Andrew\Application Data\pcouffin.log
2007-12-24 22:09:56 47360 --a------ C:\Documents and Settings\Andrew\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-24 22:09:56 1144 --a------ C:\Documents and Settings\Andrew\Application Data\pcouffin.inf
2007-12-24 22:09:56 7887 --a------ C:\Documents and Settings\Andrew\Application Data\pcouffin.cat
2007-12-19 08:55:16 659456 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-12-19 08:54:55 51 --a------ C:\WINDOWS\NOT FOUND
2007-12-10 17:40:15 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-10 16:37:16 0 -rahs---- C:\MSDOS.SYS
2007-12-10 16:37:16 0 -rahs---- C:\IO.SYS
2007-12-10 16:37:16 0 --a------ C:\CONFIG.SYS
2007-12-10 16:37:16 0 --a------ C:\AUTOEXEC.BAT
2007-12-10 16:34:14 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-10 10:27:43 62 --ahs---- C:\Documents and Settings\Andrew\Application Data\desktop.ini
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/04/2007 05:14 PM]
"nwiz"="nwiz.exe" [10/04/2007 05:14 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/04/2007 05:14 PM]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [10/27/2004 03:21 PM C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [12/18/2006 09:34 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/13/2006 07:12 AM]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [09/07/2006 11:19 AM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 03:22 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"D-Link Wireless G WUA-1340"="C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [08/27/2007 04:25 PM]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [01/19/2007 11:49 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/21/2007 09:57 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/20/2007 09:16 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 03:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [07/09/2001 04:50 AM]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [02/22/2007 07:53 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [12/06/2007 06:06 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01/26/2008 05:43 PM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 05:22 PM]
C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2/20/2008 7:57:28 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [1/21/2008 7:02:06 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [1/26/2008 5:43:19 PM]
TELUS Desktop Calendar.lnk - C:\Program Files\TELUS Desktop Calendar\TELUS_Desktop_Calendar.exe [11/12/2007 6:10:10 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 01/10/2008 08:23 AM 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
-- End of Deckard's System Scanner: finished at 2008-03-07 07:57:38 ------------