Deckard's System Scanner v20070426.43
Run by Owner on 2007-05-25 at 17:06:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
29: 2007-05-26 03:07:03 UTC - RP211 - Deckard's System Scanner Restore Point
28: 2007-05-26 03:04:53 UTC - RP210 - Configured VirusBuster Personal 2006
27: 2007-05-25 03:40:14 UTC - RP209 - Software Distribution Service 2.0
26: 2007-05-24 13:04:47 UTC - RP208 - Software Distribution Service 2.0
25: 2007-05-24 02:17:07 UTC - RP207 - Installed Windows Internet Explorer 7.
-- First Restore Point --
1: 2007-05-09 05:57:14 UTC - RP183 - Removed AVG 7.5
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 5:08:32 PM, on 5/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner.CHRISTOPHER.000\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/microsoftup ... 6184379593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 6183074000
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} -
http://gamedownload.ijjimax.com/gamedow ... in9USA.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R4 VBEngNT - c:\windows\system32\drivers\vbengnt.sys (file missing)
R4 VBFilter - c:\windows\system32\drivers\vbfilter.sys (file missing)
R4 VBRec - c:\windows\system32\drivers\vbrec.sys (file missing)
R4 VBShld - c:\windows\system32\drivers\vbshld.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
S2 CCALib8 (Canon Camera Access Library
- c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
S2 sdAuxService (Spyware Doctor Auxiliary Service) - c:\program files\spyware doctor\svcntaux.exe (file missing)
S2 sdCoreService (Spyware Doctor Service) - c:\program files\spyware doctor\swdsvc.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
-- Scheduled Tasks -------------------------------------------------------------
2007-05-25 06:39:55 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-05-25 06:16:49 402 --ah----- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
2007-05-24 21:28:26 266 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-05-21 18:00:00 542 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Norton QuickScan - Mom.job
2007-05-18 20:00:00 548 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job
2007-05-04 19:56:53 384 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
-- Files created between 2007-04-25 and 2007-05-25 -----------------------------
2007-05-24 21:41:59 0 d-------- C:\Downloads
2007-05-24 21:41:59 0 d-------- C:\Bases
2007-05-24 21:39:23 0 d-------- C:\Kaspersky
2007-05-24 21:24:22 66048 --a------ C:\WINDOWS\ieResetIcons.exe <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2007-05-23 22:26:34 0 dr-h----- C:\Documents and Settings\Owner.CHRISTOPHER.000\Recent
2007-05-23 16:29:23 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\Google
2007-05-23 16:18:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-05-23 16:18:21 0 d-------- C:\Program Files\Google
2007-05-22 18:09:45 0 d-------- C:\WINDOWS\system32\embedded
2007-05-20 17:56:40 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-05-20 17:55:49 0 d-------- C:\Program Files\Realtek AC97
2007-05-20 17:55:41 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2007-05-20 17:47:03 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2007-05-20 17:47:02 0 d-------- C:\Program Files\Belarc
2007-05-20 13:56:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2007-05-20 13:50:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-05-20 13:50:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-05-20 13:50:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-05-20 13:50:35 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-05-20 13:50:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2007-05-20 13:50:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-05-20 13:50:34 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-05-20 13:50:34 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-05-20 13:50:34 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-05-20 13:50:34 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-05-20 13:50:34 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-05-20 13:50:34 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-05-20 13:50:34 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-05-20 13:50:34 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-05-20 13:50:34 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-05-20 13:50:34 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-05-20 13:50:34 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-05-20 13:50:34 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-05-20 13:50:34 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-05-20 13:50:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-05-20 13:50:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-05-20 13:50:33 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-05-20 08:51:36 0 d-------- C:\Program Files\VirusBuster
2007-05-20 00:07:16 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\.DownloadManager
2007-05-19 15:16:49 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\AVG7
2007-05-19 15:16:38 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-05-19 15:16:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-05-17 17:28:52 0 d-------- C:\Program Files\Bonjour
2007-05-12 15:54:57 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-05-12 10:57:38 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\SystemRequirementsLab
2007-05-08 20:13:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-05-06 20:55:43 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\PC Tools
2007-05-05 21:51:44 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\Share-to-Web Upload Folder
2007-05-05 21:44:48 0 d-------- C:\WINDOWS\system32\NtmsData
2007-05-05 15:56:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-05-05 15:51:29 0 dr-h----- C:\MSOCache
2007-05-05 15:34:43 0 d-------- C:\Program Files\Microsoft SQL Server
2007-05-04 19:56:58 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\Uniblue
2007-05-04 19:56:33 0 d-------- C:\Program Files\Uniblue
2007-05-04 18:28:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Nexon
2007-05-04 17:31:49 0 d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
2007-05-03 22:11:39 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-05-03 18:47:12 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\Corel
2007-05-03 18:38:52 0 d-------- C:\Program Files\WordPerfect Mail
2007-05-03 18:37:57 0 d-------- C:\Program Files\Common Files\Corel
2007-05-03 18:37:57 0 d-------- C:\Program Files\Common Files\Borland Shared
2007-05-03 18:37:56 0 d-------- C:\Program Files\WordPerfect Office X3
2007-05-03 06:34:08 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\wpmail-log
2007-05-02 22:32:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Borland
2007-05-02 22:32:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Corel
2007-05-02 22:29:20 8 -r-hs---- C:\WINDOWS\system32\EBD7EF69F5.sys
2007-05-02 22:29:19 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-02 22:27:47 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\InstallShield
2007-05-02 19:09:55 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-05-01 21:39:32 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\Aim
2007-05-01 21:38:37 0 d-------- C:\Program Files\AOD
2007-05-01 21:38:21 0 d-------- C:\Program Files\AIM
2007-05-01 12:30:41 512 --a------ C:\ScanSectorLog.dat
2007-04-29 13:11:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-04-29 13:00:14 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\LimeWire
2007-04-27 20:21:00 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-27 20:20:45 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-04-27 20:19:33 0 d-------- C:\WINDOWS\Internet Logs
-- Find3M Report ---------------------------------------------------------------
2007-05-25 17:05:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-20 17:14:49 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\Adobe
2007-05-20 10:41:34 0 d-------- C:\Program Files\Common Files\Adobe
2007-05-13 18:45:05 0 d-------- C:\Program Files\Lavasoft
2007-05-08 20:23:20 0 d-------- C:\Program Files\IntelliMover Data Transfer Demo
2007-05-06 13:11:22 1222 --a------ C:\WINDOWS\checkip.dat
2007-05-05 16:04:24 0 d-------- C:\Program Files\Microsoft Works
2007-05-05 15:56:24 0 d-------- C:\Program Files\Microsoft.NET
2007-05-04 20:15:22 0 d-------- C:\Program Files\Movie Maker
2007-05-04 20:15:22 0 d-------- C:\Program Files\Messenger
2007-05-04 20:15:22 0 d-------- C:\Program Files\LimeWire
2007-04-30 21:18:06 0 d-------- C:\Program Files\Incomplete
2007-04-27 19:54:11 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-04-22 12:05:58 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\WinRAR
2007-04-22 09:30:53 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\interMute
2007-04-21 17:50:53 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\Apple Computer
2007-04-21 16:57:32 111 --ah----- C:\sys24596.bin
2007-04-21 15:22:53 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\MonkeyJam
2007-04-21 14:44:27 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\Mozilla
2007-04-21 14:44:23 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\Thunderbird
2007-04-20 22:05:56 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\Help
2007-04-20 21:29:15 0 d-------- C:\Program Files\Canon
2007-04-16 15:10:03 0 d-------- C:\Program Files\CCleaner
2007-04-15 16:07:04 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-04-14 16:22:19 3889 --a------ C:\WINDOWS\viassary-hp.reg
2007-04-14 10:02:38 1840 --a------ C:\WINDOWS\mozver.dat
2007-04-14 08:51:53 0 d-------- C:\Program Files\Windows NT
2007-04-14 00:37:05 0 d-------- C:\Program Files\MSBuild
2007-04-14 00:29:27 0 d-------- C:\Program Files\Reference Assemblies
2007-04-14 00:09:45 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\Template
2007-04-11 21:15:58 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\Viewpoint
2007-04-11 18:35:43 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\Talkback
2007-04-11 17:35:45 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2007-04-11 10:40:55 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\AdobeUM
2007-04-10 21:08:27 0 d-------- C:\Program Files\Common Files\Real
2007-04-10 20:07:58 0 d-------- C:\Program Files\Common Files\logishrd
2007-04-10 20:03:52 0 d-------- C:\Program Files\Logitech
2007-04-10 19:01:01 0 d-------- C:\Program Files\Windows Defender
2007-04-10 18:43:51 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\Lavasoft
2007-04-10 18:32:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-09 20:52:42 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\Macromedia
2007-04-09 20:08:56 0 d-------- C:\Documents and Settings\Owner.CHRISTOPHER.000\Application Data\acccore
2007-04-09 19:53:17 0 d--h----- C:\Program Files\WindowsUpdate
2007-04-09 16:41:22 0 d-------- C:\Program Files\Yahoo!
2007-04-08 21:39:50 0 d-------- C:\Program Files\Windows Media Connect 2
2007-03-31 23:03:31 0 d-------- C:\Program Files\directx
2007-03-31 23:02:55 0 d-------- C:\Program Files\WordSmart
2007-03-31 22:58:35 0 d-------- C:\Program Files\SATMath
2007-03-22 20:25:02 124928 -----n--- C:\WINDOWS\system32\prntvpt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"AWMON"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"WUAppSetup"="C:\\Program Files\\Common Files\\logishrd\\WUApp32.exe -v 0x046d -p 0x08c1 -f video -m logitech -d 10.5.1.2023"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\OneCareMP
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"item"="Adobe Reader Synchronizer"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
"backup"="C:\\WINDOWS\\pss\\Compaq Connections.lnkCommon Startup"
"location"="Common Startup"
"item"="Compaq Connections"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Quicken Scheduled Updates.lnk"
"backup"="C:\\WINDOWS\\pss\\Quicken Scheduled Updates.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Quicken\\bagent.exe "
"item"="Quicken Scheduled Updates"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^spywaredoctor.lnk]
"backup"="C:\\WINDOWS\\pss\\spywaredoctor.lnkCommon Startup"
"location"="Common Startup"
"item"="spywaredoctor"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner.CHRISTOPHER.000^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner.CHRISTOPHER.000^Start Menu^Programs^Startup^Organize.lnk]
"backup"="C:\\WINDOWS\\pss\\Organize.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\COMPAQ~1\\bin\\DISPLA~1.EXE \"-application\" \"core.hp.main/application.xml\" \"-appname\" \"eLife\""
"item"="Organize"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner.CHRISTOPHER.000^Start Menu^Programs^Startup^spamsubtract.lnk]
"backup"="C:\\WINDOWS\\pss\\spamsubtract.lnkStartup"
"location"="Startup"
"item"="spamsubtract"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AGRSMMSG"
"hkey"="HKLM"
"command"="AGRSMMSG.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCXMNTR"
"hkey"="HKLM"
"command"="ALCXMNTR.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avp"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\hkcmd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphupd05"
"hkey"="HKLM"
"command"="c:\\Program Files\\HP\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpsysdrv"
"hkey"="HKLM"
"command"="c:\\windows\\system\\hpsysdrv.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CfgWiz"
"hkey"="HKLM"
"command"="c:\\Program Files\\Common Files\\Symantec Shared\\CfgWiz.exe /GUID NAV /CMDLINE \"REBOOT\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winssnotify"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QFSCHD130"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WordPerfect Office X3\\Programs\\QFSCHD130.EXE\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SDTrayApp"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TeaTimer"
"hkey"="HKCU"
"command"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpeedUpMyPC"
"hkey"="HKCU"
"command"="C:\\Program Files\\Uniblue\\SpeedUpMyPC\\SpeedUpMyPC.exe -s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sgtray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VTTimer"
"hkey"="HKLM"
"command"="VTTimer.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zlclient"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09263bde-e70b-11db-97db-806d6172696f}]
Shell\AutoRun\command D:\Info.exe folder.htt 480 480
-- End of Deckard's System Scanner: finished at 2007-05-25 at 17:09:37 ---------