Main.txt
Deckard's System Scanner v20071014.68
Run by Travis Evans on 2008-06-04 18:55:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
5: 2008-06-04 22:55:39 UTC - RP5 - Deckard's System Scanner Restore Point
4: 2008-06-04 17:03:23 UTC - RP4 - System Checkpoint
3: 2008-06-02 13:27:40 UTC - RP3 - System Checkpoint
2: 2008-05-29 00:24:37 UTC - RP2 - ComboFix created restore point
1: 2008-05-29 00:23:41 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 447 MiB (512 MiB recommended).System Drive C: has 2.82 GiB (less than 15%) free.-- HijackThis (run as Travis Evans.exe) ----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:58:59 PM, on 06/04/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\iPod\bin\iPodSrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
C:\Program Files\Brownie\Brnipmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Avvenu\Avvenu_agent.exe
C:\Program Files\Avvenu\Avvenu_updater.exe
C:\Program Files\Avvenu\Avvenu_cachescheduler.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Documents and Settings\Travis Evans\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Travis Evans.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.gamecockcentral.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [SetupType] Portable
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Avvenu Update] C:\Program Files\Avvenu\Avvenu_updater.exe
O4 - HKLM\..\Run: [Avvenu Access n Share Update] "C:\Program Files\Avvenu\Avvenu_updater.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Avvenu Connector.lnk = C:\Program Files\Avvenu\Avvenu_agent.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {DECDBEEF-D3AD-B3EF-DE4D-B3EFDEADB3EF} - C:\Program Files\BellSouth\Communications Suite\BstMessenger.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: ActiveGS.cab -
http://www.virtualapple.com/activegs.cabO16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
http://supportcenter.rr.com/sdccommon/d ... gctlcm.cabO16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} -
http://www.one2one.com/static/class/one2oneSvc.cabO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=48835O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) -
https://signup.msn.com/pages/MsnInstC.cabO16 - DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} (ICWMInstallObj Class) -
https://web.raindance.com/confmgr/insta ... nstall.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoftware.com/activescan ... stubie.cabO16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} -
https://activation.alltel.com/wizlet/AL ... _2-0-0.cabO16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) -
https://inotes.cwinsider.com/brchml2/iNotes6.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by102fd.bay102.hotmail.msn.com/r ... nPUpld.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 9998266445O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cabO16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) -
http://h30155.www3.hp.com/ediags/gs/ins ... utions.cabO16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) -
http://www.one2one.com/static/class/one2one.cabO16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -
http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cabO16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?326O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
http://pdl.stream.aol.com/downloads/aol ... _en_dl.cabO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPodSrv - Unknown owner - C:\Program Files\iPod\bin\iPodSrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
--
End of file - 14026 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080528-201404-101 O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R1 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
R2 SprintPort (SprintPort Serial Driver) - c:\program files\sprint\pcs connection manager\sprintport\winport.sys <Not Verified; 3Com; 3Com -- winport.sys>
R3 LVPrcMon (Logitech LVPrcMon Driver) - c:\windows\system32\drivers\lvprcmon.sys
R3 NWADI (NWADI Bus Enumerator) - c:\windows\system32\drivers\nwadienum.sys <Not Verified; Novatel Wireless Inc; NWADI Bus Enumerator>
S1 vcdrom (Virtual CD-ROM Device Driver) - c:\documents and settings\travis evans\desktop\vcdrom.sys (file missing)
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 HPCI (HP Configuration Interface) - c:\windows\system32\drivers\hpci.sys (file missing)
S3 IPSECSHM (Nortel IPSECSHM Adapter) - c:\windows\system32\drivers\ipsecw2k.sys (file missing)
S3 NWUSBModem (Novatel Wireless USB Modem Driver) - c:\windows\system32\drivers\nwusbmdm.sys (file missing)
S3 NWUSBPort (Novatel Wireless USB Status Port Driver) - c:\windows\system32\drivers\nwusbser.sys (file missing)
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 bgsvcgen (B's Recorder GOLD Library General Service) - c:\windows\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD8>
R2 Dcfssvc - c:\windows\system32\drivers\dcfssvc.exe <Not Verified; Eastman Kodak Company; Kodak DC File System Driver (Win32)>
R2 iPodSrv - c:\program files\ipod\bin\ipodsrv.exe <Not Verified; ; iPod service>
R2 OSCM Utility Service - c:\program files\novatel wireless\sprint\sprint pcs connection manager\oscmutilityservice.exe <Not Verified; Sprint Spectrum, L.L.C; OSCM>
S2 AOLService (AOL Spyware Protection Service) - c:\progra~1\common~1\aol\aolspy~1\\aolserv.exe (file missing)
S2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-06-04 18:25:00 374 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-05-29 02:25:10 370 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-05-25 14:41:31 478 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
2008-04-12 11:53:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-05-04 and 2008-06-04 -----------------------------
2008-06-04 13:56:40 0 d-------- C:\Documents and Settings\Travis Evans\Application Data\Malwarebytes
2008-06-04 13:56:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 13:56:03 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-29 15:31:10 438272 --a------ C:\WINDOWS\system32\SkinCrafter.dll <Not Verified; DMSoft Technologies; SkinCrafter Module>
2008-05-29 15:31:09 81920 --a------ C:\WINDOWS\system32\viscomwave.dll <Not Verified; Viscom Software; >
2008-05-29 15:31:09 139264 --a------ C:\WINDOWS\system32\viscomqtde.dll <Not Verified; Viscom Software
http://www.viscomsoft.com; >
2008-05-29 15:31:03 0 d-------- C:\Program Files\Aplus Video Converter
2008-05-28 20:38:22 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-05-28 20:23:03 68096 --a------ C:\WINDOWS\zip.exe
2008-05-28 20:23:03 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-28 20:23:03 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-28 20:23:03 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-28 20:23:03 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-28 20:23:03 98816 --a------ C:\WINDOWS\sed.exe
2008-05-28 20:23:03 80412 --a------ C:\WINDOWS\grep.exe
2008-05-28 20:23:03 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-28 20:05:16 0 dr-h----- C:\Documents and Settings\Travis Evans\Recent
2008-05-28 18:13:46 0 d-------- C:\WINDOWS\ERUNT
2008-05-28 17:55:43 0 d-------- C:\Program Files\RogueRemover FREE
2008-05-28 17:12:28 2942 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-28 17:12:02 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-28 17:12:02 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-28 17:12:02 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-28 17:12:02 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-28 17:12:02 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-28 17:12:02 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-28 17:12:02 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-28 17:12:01 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-05-28 14:40:43 0 d-------- C:\Program Files\Alwil Software
2008-05-28 13:54:44 0 d-------- C:\Program Files\Panda Security
2008-05-28 13:52:09 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-28 13:49:48 0 d-------- C:\Documents and Settings\Administrator.TRAVISLAPTOP\Application Data\Macromedia
2008-05-27 22:27:10 0 d-------- C:\Documents and Settings\Administrator.TRAVISLAPTOP\Application Data\Adobe
2008-05-27 20:28:36 0 d-------- C:\Documents and Settings\Administrator.TRAVISLAPTOP\Application Data\SUPERAntiSpyware.com
2008-05-27 20:28:19 0 d-------- C:\Documents and Settings\Administrator.TRAVISLAPTOP\Application Data\Lavasoft
2008-05-27 20:26:22 0 dr------- C:\Documents and Settings\Administrator.TRAVISLAPTOP\Favorites
2008-05-27 20:26:22 0 d-------- C:\Documents and Settings\Administrator.TRAVISLAPTOP\Desktop
2008-05-27 20:26:22 0 d--hs---- C:\Documents and Settings\Administrator.TRAVISLAPTOP\Cookies
2008-05-27 20:26:22 0 dr-h----- C:\Documents and Settings\Administrator.TRAVISLAPTOP\Application Data
2008-05-27 20:26:22 0 d-------- C:\Documents and Settings\Administrator.TRAVISLAPTOP\Application Data\Symantec
2008-05-27 20:26:22 0 d---s---- C:\Documents and Settings\Administrator.TRAVISLAPTOP\Application Data\Microsoft
2008-05-27 20:26:22 0 d-------- C:\Documents and Settings\Administrator.TRAVISLAPTOP\Application Data\InterTrust
2008-05-27 20:26:22 0 d-------- C:\Documents and Settings\Administrator.TRAVISLAPTOP\Application Data\Identities
2008-05-27 20:26:21 0 d--h----- C:\Documents and Settings\Administrator.TRAVISLAPTOP\Templates
2008-05-27 20:26:21 0 dr------- C:\Documents and Settings\Administrator.TRAVISLAPTOP\Start Menu
2008-05-27 20:26:21 0 dr-h----- C:\Documents and Settings\Administrator.TRAVISLAPTOP\SendTo
2008-05-27 20:26:21 0 dr-h----- C:\Documents and Settings\Administrator.TRAVISLAPTOP\Recent
2008-05-27 20:26:21 0 d--h----- C:\Documents and Settings\Administrator.TRAVISLAPTOP\PrintHood
2008-05-27 20:26:21 1048576 --ah----- C:\Documents and Settings\Administrator.TRAVISLAPTOP\NTUSER.DAT
2008-05-27 20:26:21 0 d--h----- C:\Documents and Settings\Administrator.TRAVISLAPTOP\NetHood
2008-05-27 20:26:21 0 dr------- C:\Documents and Settings\Administrator.TRAVISLAPTOP\My Documents
2008-05-27 20:26:21 0 d--h----- C:\Documents and Settings\Administrator.TRAVISLAPTOP\Local Settings
2008-05-27 16:52:39 0 d-------- C:\Program Files\Trend Micro
2008-05-27 12:57:05 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-27 12:54:01 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-27 12:53:56 0 d-------- C:\Documents and Settings\Travis Evans\Application Data\SUPERAntiSpyware.com
2008-05-27 12:48:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-27 12:37:00 0 d-------- C:\Documents and Settings\Travis Evans\Application Data\TmpRecentIcons
2008-05-27 11:26:21 0 d-------- C:\Program Files\SpywareBlaster
2008-05-25 15:35:24 0 d-------- C:\Program Files\Skysoft Systems
2008-05-23 15:06:31 0 d-------- C:\Program Files\Plazmic CDK 4.2.2
2008-05-22 12:48:10 0 d-------- C:\Documents and Settings\Travis Evans\Application Data\Mobipocket
2008-05-22 11:57:31 0 d-------- C:\Program Files\Mobipocket.com
2008-05-17 18:19:49 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-16 11:07:17 0 d-------- C:\Documents and Settings\Travis Evans\PsiData
2008-05-12 16:49:58 0 d-------- C:\Documents and Settings\Travis Evans\Application Data\OfficeUpdate12
2008-05-12 14:08:34 0 d-------- C:\WINDOWS\Prefetch
2008-05-12 13:48:16 0 d-------- C:\WINDOWS\system32\scripting
2008-05-12 13:48:11 0 d-------- C:\WINDOWS\l2schemas
2008-05-12 13:48:09 0 d-------- C:\WINDOWS\system32\en
-- Find3M Report ---------------------------------------------------------------
2008-06-04 18:55:36 0 d-------- C:\Documents and Settings\Travis Evans\Application Data\DNA
2008-06-03 12:18:12 256 --a------ C:\WINDOWS\system32\pool.bin
2008-06-02 12:03:14 9781 --a----c- C:\WINDOWS\mozver.dat
2008-06-02 11:11:11 0 d-------- C:\Documents and Settings\Travis Evans\Application Data\BitTorrent
2008-05-28 21:53:22 0 d-------- C:\Documents and Settings\Travis Evans\Application Data\Mozilla
2008-05-28 16:25:35 0 d-------- C:\Program Files\DivX
2008-05-28 13:52:09 0 d-a------ C:\Program Files\Common Files
2008-05-27 11:32:08 0 d-------- C:\Program Files\Norton AntiVirus
2008-05-27 09:19:12 0 d-------- C:\Documents and Settings\Travis Evans\Application Data\AdobeUM
2008-05-23 15:00:14 0 d-------- C:\Program Files\Research In Motion
2008-05-22 13:23:21 0 d-------- C:\Documents and Settings\Travis Evans\Application Data\com.zipeg
2008-05-18 17:32:36 0 d-------- C:\Program Files\Zune
2008-05-16 11:18:50 0 d-------- C:\Program Files\Google
2008-05-12 14:47:44 0 d-------- C:\Program Files\Rove
2008-05-12 14:07:39 0 d-------- C:\Program Files\Messenger
2008-05-12 13:48:07 0 d-------- C:\Program Files\Movie Maker
2008-05-12 13:40:07 0 d-------- C:\Program Files\Windows NT
2008-05-07 14:08:00 0 d-------- C:\Program Files\Avvenu
2008-04-27 18:13:46 0 d-------- C:\Program Files\BEIKS
2008-04-27 18:12:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-27 18:11:16 0 d-------- C:\Program Files\Vizzion
2008-04-21 10:17:15 0 d-------- C:\Program Files\FLAC
2008-04-18 11:47:46 0 d-------- C:\Program Files\BitTorrent
2008-04-18 11:47:34 0 d-------- C:\Program Files\DNA
2008-04-16 19:56:46 524288 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>
2008-04-16 11:22:42 0 d-------- C:\Program Files\Microsoft Works
2008-04-16 10:35:56 0 d-------- C:\Program Files\Microsoft Small Business
2008-04-16 10:23:28 0 d-------- C:\Program Files\Microsoft SQL Server
2008-04-15 19:49:56 0 d-------- C:\Program Files\EasyZip
2008-04-15 09:06:40 0 d-------- C:\Program Files\Common Files\Merge Modules
2008-04-14 20:46:29 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-14 20:42:52 0 d-------- C:\Program Files\Java
2008-04-14 09:02:07 0 d-------- C:\Documents and Settings\Travis Evans\Application Data\MP3Rocket
2008-04-12 16:40:24 0 d-------- C:\Program Files\Safari
2008-04-12 16:37:51 0 d-------- C:\Program Files\iTunes
2008-04-12 16:37:18 0 d-------- C:\Program Files\iPod
2008-04-12 16:33:20 0 d-------- C:\Program Files\QuickTime
2008-04-11 10:46:51 0 d-------- C:\Program Files\Zipeg
2008-04-08 00:02:09 0 d-------- C:\Documents and Settings\Travis Evans\Application Data\Composer
2008-04-07 22:29:37 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-04-07 18:49:02 38476 --a------ C:\Documents and Settings\Travis Evans\Application Data\Tab Separated Values (Windows).ADR
2008-04-07 18:44:42 38467 --a------ C:\Documents and Settings\Travis Evans\Application Data\Microsoft Access.ADR
2008-03-28 11:50:17 2052 --a------ C:\Documents and Settings\Travis Evans\Application Data\HPCOM_48BitScanUpdate.log
2008-03-28 11:45:22 29468 --a------ C:\WINDOWS\hpoins03.dat
2008-03-23 13:13:31 34 --a------ C:\WINDOWS\system32\BD2170W.DAT
2008-03-20 16:02:14 38488 --a------ C:\Documents and Settings\Travis Evans\Application Data\Comma Separated Values (Windows).ADR
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [05/21/2003 03:35 PM C:\WINDOWS\system32\carpserv.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [02/26/2003 08:25 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [01/24/2003 01:00 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [03/14/2003 08:56 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/14/2003 08:56 AM]
"HPAIO_PrintFolderMgr"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe" [05/15/2001 08:23 PM]
"SetupType"="Portable" []
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [12/09/2005 03:32 PM]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [12/07/2005 10:26 AM]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [12/07/2005 10:33 AM]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [11/01/2004 05:22 PM]
"BrStsWnd"="C:\Program Files\Brownie\BrstsWnd.exe" [07/31/2007 08:37 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Avvenu Update"="C:\Program Files\Avvenu\Avvenu_updater.exe" [01/21/2008 06:53 PM]
"Avvenu Access n Share Update"="C:\Program Files\Avvenu\Avvenu_updater.exe" [01/21/2008 06:53 PM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 05:22 PM]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [04/29/2008 07:56 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [11/13/2007 11:22 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [09/11/2006 05:40 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/08/2008 10:41 AM]
"MSMSGS"="C:\PROGRA~1\MESSEN~1\msmsgs.exe" [04/13/2008 08:12 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 05:45 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/13/2008 12:43 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [09/23/2005 11:05:26 PM]
Avvenu Connector.lnk - C:\Program Files\Avvenu\Avvenu_agent.exe [04/27/2008 06:12:55 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [11/13/2007 11:22:15 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\wd_windows_tools\WDEULA.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
AutoRun\command- Z:\.\Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc380720-ba56-11dc-a1e4-00904b41a330}]
AutoRun\command- E:\wd_windows_tools\WDEULA.exe
-- End of Deckard's System Scanner: finished at 2008-06-04 19:05:10 ------------