Log Check
I scanned and am posting a log file.I wanna know if anything is wrong
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:57 PM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless 108G DWA-520\AirPlusCFG.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\GIGABYTE\GEST\gest.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
F:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless 108G DWA-520] C:\Program Files\D-Link\D-Link Wireless 108G DWA-520\AirPlusCFG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [RemoteControl8] "F:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "F:\Program Files\CyberLink\PowerDVD8\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\D-Link Wireless 108G DWA-520\JSWUtil\jswpsapi.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 9348 bytes
DDS result
Deckard's System Scanner v20071014.68
Run by user on 2008-05-26 15:35:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
153: 2008-05-26 11:35:19 UTC - RP153 - Deckard's System Scanner Restore Point
152: 2008-05-25 15:24:56 UTC - RP152 - Installed Guitar Hero Explorer
151: 2008-05-25 05:30:43 UTC - RP151 - System Checkpoint
150: 2008-05-23 14:02:23 UTC - RP150 - Installed AuditionSEA
149: 2008-05-23 12:40:22 UTC - RP149 - Restore Operation
-- First Restore Point --
1: 2008-03-23 02:41:32 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as user.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:36:48 PM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless 108G DWA-520\AirPlusCFG.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\GIGABYTE\GEST\gest.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
F:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\user\My Documents\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless 108G DWA-520] C:\Program Files\D-Link\D-Link Wireless 108G DWA-520\AirPlusCFG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [RemoteControl8] "F:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "F:\Program Files\CyberLink\PowerDVD8\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\D-Link Wireless 108G DWA-520\JSWUtil\jswpsapi.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 9598 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 vcdrom (Virtual CD-ROM Device Driver) - f:\downloads\vcdrom.sys <Not Verified; Microsoft Corporation; VirtualCdRom>
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 npkcusb - c:\nexon\maplestory\npkcusb.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
S0 sptd - c:\windows\system32\drivers\sptd.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 PciCon - d:\pcicon.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Wireless Service; ANIWZCS2 Service Launcher (NT)>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 jswpsapi (Jumpstart Wifi Protected Setup) - c:\program files\d-link\d-link wireless 108g dwa-520\jswutil\jswpsapi.exe <Not Verified; Atheros Communications, Inc.; JumpStart>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1D7DE1284
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1D7DE1284
Service: NIC1394
-- Files created between 2008-04-26 and 2008-05-26 -----------------------------
2008-05-26 15:25:55 0 d-------- C:\WINDOWS\LastGood
2008-05-26 15:25:28 0 d-------- C:\Program Files\Panda Security
2008-05-26 15:03:30 0 d-------- C:\Program Files\Trend Micro
2008-05-26 14:33:39 20480 --a------ C:\WINDOWS\system32\33a527d.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-26 14:33:39 20480 --a------ C:\WINDOWS\system32\207e0e2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-26 13:49:42 0 d--h----- C:\Documents and Settings\Emergency\Templates
2008-05-26 13:49:42 0 dr------- C:\Documents and Settings\Emergency\Start Menu
2008-05-26 13:49:42 0 dr-h----- C:\Documents and Settings\Emergency\SendTo
2008-05-26 13:49:42 0 d--h----- C:\Documents and Settings\Emergency\Recent
2008-05-26 13:49:42 0 d--h----- C:\Documents and Settings\Emergency\PrintHood
2008-05-26 13:49:42 262144 --ah----- C:\Documents and Settings\Emergency\NTUSER.DAT
2008-05-26 13:49:42 0 d--h----- C:\Documents and Settings\Emergency\NetHood
2008-05-26 13:49:42 0 d-------- C:\Documents and Settings\Emergency\My Documents
2008-05-26 13:49:42 0 d--h----- C:\Documents and Settings\Emergency\Local Settings
2008-05-26 13:49:42 0 d-------- C:\Documents and Settings\Emergency\Favorites
2008-05-26 13:49:42 0 d-------- C:\Documents and Settings\Emergency\Desktop
2008-05-26 13:49:42 0 d---s---- C:\Documents and Settings\Emergency\Cookies
2008-05-26 13:49:42 0 dr-h----- C:\Documents and Settings\Emergency\Application Data
2008-05-26 13:49:42 0 d---s---- C:\Documents and Settings\Emergency\Application Data\Microsoft
2008-05-26 13:49:28 20480 --a------ C:\WINDOWS\system32\923e22.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-26 13:49:27 20480 --a------ C:\WINDOWS\system32\11c61dbf.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-25 19:25:06 0 d-------- C:\Documents and Settings\user\Application Data\OnReally
2008-05-25 19:17:28 0 d-------- C:\Documents and Settings\user\Application Data\fretsonfire
2008-05-25 13:02:06 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-25 13:01:53 0 d-------- C:\Program Files\Real
2008-05-25 13:01:50 0 d-------- C:\Program Files\Common Files\Real
2008-05-25 13:01:49 0 d-------- C:\Documents and Settings\user\Application Data\Real
2008-05-25 12:15:15 20480 --a------ C:\WINDOWS\system32\ed5e268.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-25 12:15:15 20480 --a------ C:\WINDOWS\system32\16333bfc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-25 06:17:25 0 d-------- C:\OutputFolder
2008-05-25 06:16:45 129024 --a------ C:\WINDOWS\system32\AVERM.dll
2008-05-25 06:16:45 28672 --a------ C:\WINDOWS\system32\AVEQT.dll
2008-05-24 20:33:55 20480 --a------ C:\WINDOWS\system32\832e198.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-24 20:33:55 20480 --a------ C:\WINDOWS\system32\5a91b4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-23 18:39:01 20480 --a------ C:\WINDOWS\system32\68efec0.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-23 18:39:01 20480 --a------ C:\WINDOWS\system32\26dcace.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-23 18:02:24 0 d-------- C:\Program Files\AuditionSEA
2008-05-23 13:19:32 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-05-23 13:19:32 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
2008-05-18 20:57:28 0 d-------- C:\Program Files\HGI
2008-05-18 20:30:28 0 d-------- C:\Program Files\PDM
2008-05-16 18:12:59 0 d-------- C:\Documents and Settings\user\Application Data\iWin
2008-05-15 16:25:29 0 d-------- C:\Program Files\DivX
2008-05-13 00:11:17 0 d-------- C:\Documents and Settings\user\dwhelper
2008-05-07 22:08:57 0 d-------- C:\Perl
2008-05-04 06:12:10 0 d-------- C:\Program Files\QuickTime
2008-05-03 12:10:29 0 d-------- C:\Documents and Settings\user\Application Data\PlayFirst
2008-05-03 12:10:29 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-03 12:01:47 0 d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-05-03 11:11:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-05-03 11:10:46 0 d-------- C:\Documents and Settings\user\Application Data\Sony
2008-05-03 11:09:31 0 d-------- C:\Documents and Settings\user\Application Data\Publish Providers
2008-05-03 11:09:31 0 d-------- C:\Documents and Settings\user\Application Data\NetMedia Providers
2008-05-03 11:07:18 0 d-------- C:\Program Files\Vstplugins
2008-05-03 10:50:52 0 d-------- C:\Documents and Settings\user\Application Data\Ludia
2008-05-03 10:50:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Ludia
2008-05-03 10:39:43 0 d-------- C:\Program Files\ReflexiveArcade
2008-05-02 21:06:21 0 d-------- C:\Program Files\BannedStory
2008-05-02 20:57:23 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-05-02 20:29:58 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-02 20:26:33 0 d-------- C:\Program Files\Bonjour
2008-05-02 20:19:27 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-02 19:34:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-02 19:34:51 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-02 02:36:48 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire
2008-05-01 14:42:02 3284 --a------ C:\WINDOWS\system32\ANIWZCS{A86F4CB7-03CA-4D51-A949-5EC22D238565}
2008-04-30 21:44:44 0 d-------- C:\Documents and Settings\user\Application Data\Download Manager
-- Find3M Report ---------------------------------------------------------------
2008-05-26 15:25:29 2656 --a------ C:\WINDOWS\mozver.dat
2008-05-26 15:02:14 0 d-------- C:\Documents and Settings\user\Application Data\DMCache
2008-05-26 15:00:14 5 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{A86F4CB7-03CA-4D51-A949-5EC22D238565}
2008-05-26 14:59:48 0 d-------- C:\Program Files\Steam
2008-05-25 13:02:06 0 d-------- C:\Program Files\Common Files
2008-05-23 21:16:11 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2008-05-23 18:02:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-23 13:35:53 0 d-------- C:\Documents and Settings\user\Application Data\IDM
2008-05-22 19:34:37 0 d-------- C:\Documents and Settings\user\Application Data\MegauploadToolbar
2008-05-21 03:01:00 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-19 23:51:32 0 d-------- C:\Program Files\Etisalat USB
2008-05-17 17:39:31 0 d-------- C:\Program Files\Internet Download Manager
2008-05-16 12:03:05 0 d-------- C:\Documents and Settings\user\Application Data\Adobe
2008-04-21 15:28:35 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-04-15 18:42:16 0 d-------- C:\Documents and Settings\user\Application Data\TVU Networks
2008-04-15 17:23:37 0 d-------- C:\Documents and Settings\user\Application Data\TypingMaster7
2008-04-14 18:10:34 0 d-------- C:\Documents and Settings\user\Application Data\DAEMON Tools
2008-04-14 17:19:01 0 d-------- C:\Program Files\MegauploadToolbar
2008-04-14 16:04:04 0 d-------- C:\Documents and Settings\user\Application Data\Aston
2008-04-14 16:04:03 0 --a------ C:\Program Files\AstonWriteTest.txt
2008-04-14 00:29:46 0 d-------- C:\Program Files\Cucusoft
2008-04-13 18:33:56 0 d-------- C:\Documents and Settings\user\Application Data\Uniblue
2008-04-13 18:33:50 0 d-------- C:\Program Files\Uniblue
2008-04-13 18:24:53 0 d-------- C:\Program Files\Kaspersky Lab
2008-04-13 00:44:06 0 d-------- C:\Program Files\AVG
2008-04-12 15:26:09 0 d-------- C:\Program Files\NeroInstall.bak
2008-04-12 15:25:40 0 d-------- C:\Documents and Settings\user\Application Data\Nero
2008-04-12 15:24:45 0 d-------- C:\Program Files\Common Files\Nero
2008-04-12 15:24:02 0 d-------- C:\Program Files\Nero
2008-04-11 17:52:15 0 d-------- C:\Documents and Settings\user\Application Data\Nexon
2008-04-11 17:51:26 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-04-06 22:34:45 0 d-------- C:\Documents and Settings\user\Application Data\CyberLink
2008-04-06 18:53:37 0 d-------- C:\Program Files\Stardock
2008-04-06 16:40:31 0 d-------- C:\Program Files\Enterbrain
2008-04-06 16:40:19 0 d-------- C:\Program Files\Common Files\Enterbrain
2008-04-06 15:39:25 0 d-------- C:\Program Files\MSXML 4.0
2008-04-06 15:33:59 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-04 23:56:25 0 d-------- C:\Documents and Settings\user\Application Data\Ahead
2008-04-04 23:48:20 0 d-------- C:\Program Files\CyberLink
2008-04-04 21:35:58 3247781 --a------ C:\WINDOWS\system32\Naruto 2.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer>
2008-04-04 21:34:00 3320224 --a------ C:\WINDOWS\system32\Naruto 1.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer>
2008-04-04 21:15:32 4096 --a------ C:\WINDOWS\d3dx.dat
2008-04-04 17:06:05 0 d-------- C:\Program Files\Windows Live
2008-04-04 17:04:52 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-03 21:42:02 0 d-------- C:\Program Files\New Folder
2008-03-24 06:44:48 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-23 06:46:25 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-03-23 06:33:48 0 -rahs---- C:\MSDOS.SYS
2008-03-23 06:33:48 0 -rahs---- C:\IO.SYS
2008-03-23 06:33:48 0 --a------ C:\CONFIG.SYS
2008-03-23 06:33:48 0 --a------ C:\AUTOEXEC.BAT
2008-03-23 06:31:13 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-22 22:24:50 62 --ahs---- C:\Documents and Settings\user\Application Data\desktop.ini
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="C:\Program Files\GIGABYTE\GEST\RUN.exe" [12/14/2007 11:46 PM]
"RTHDCPL"="RTHDCPL.EXE" [09/19/2007 02:14 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 02:43 PM C:\WINDOWS\Alcmtr.exe]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [03/20/2007 10:36 AM]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [08/29/2007 12:55 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [01/19/2007 11:49 PM]
"D-Link D-Link Wireless 108G DWA-520"="C:\Program Files\D-Link\D-Link Wireless 108G DWA-520\AirPlusCFG.exe" [08/30/2007 02:15 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 03:10 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [02/28/2008 09:59 AM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [02/08/2008 06:36 PM]
"RemoteControl8"="F:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe" [02/18/2008 06:33 PM]
"PDVD8LanguageShortcut"="F:\Program Files\CyberLink\PowerDVD8\PowerDVD8\Language\Language.exe" [12/14/2007 11:36 AM]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [11/14/2007 11:10 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/25/2008 01:01 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/04/2008 09:46 PM]
"Steam"="C:\Program Files\Steam\Steam.exe" [04/06/2008 03:58 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [07/27/2007 04:00 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [05/16/2008 08:45 PM]
C:\Documents and Settings\user\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07b9a5ed-2269-11dd-9ddd-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07b9b28c-2269-11dd-9ddd-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07b9b497-2269-11dd-9ddd-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07b9b5ae-2269-11dd-9ddd-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cadcae7-1443-11dd-a7f6-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cadcbdf-1443-11dd-a7f6-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cadcdbd-1443-11dd-a7f6-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{131195ca-24ee-11dd-9ddf-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13119fd0-24ee-11dd-9ddf-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ba5acd7-267b-11dd-b653-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{353d3976-1da2-11dd-9ddb-001cf0d203d8}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{353d4edb-1da2-11dd-9ddb-001cf0d203d8}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{353d50ee-1da2-11dd-9ddb-001cf0d203d8}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3544b959-13b5-11dd-a7f5-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3544b964-13b5-11dd-a7f5-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3aa07e5a-19d1-11dd-9dd3-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ae0784a-0f96-11dd-a7f1-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ae07969-0f96-11dd-a7f1-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bcd39ac-0fcc-11dd-a7f4-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bcd39dc-0fcc-11dd-a7f4-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d94ebc8-07cb-11dd-a7d4-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d94ebc9-07cb-11dd-a7d4-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54fa3086-0a17-11dd-a7e6-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54fa32c5-0a17-11dd-a7e6-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69706efc-f86b-11dc-a7b3-001d7d04d8e5}]
AutoRun\command- I:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fb5826d-1940-11dd-9dd1-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c66b0a4-0ae5-11dd-a7e8-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8294e17a-1c1d-11dd-9dd7-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8294ed1f-1c1d-11dd-9dd7-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bd110ac-0edb-11dd-a7ed-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e855d38-0ed8-11dd-a7ec-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e855d3d-0ed8-11dd-a7ec-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e855f4d-0ed8-11dd-a7ec-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e856053-0ed8-11dd-a7ec-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99366c6c-15e6-11dd-a7fb-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99366c72-15e6-11dd-a7fb-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e368266-15dc-11dd-a7fa-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e368271-15dc-11dd-a7fa-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a307dab5-15e7-11dd-a7fc-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3211ffd-0f9b-11dd-a7f3-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b03a3a12-2416-11dd-9dde-001cf0d203d8}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b03a3dae-2416-11dd-9dde-001cf0d203d8}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbf8edf3-1ce7-11dd-9dd9-001cf0d203d8}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d37a6649-176a-11dd-a800-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d37a6723-176a-11dd-a800-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d37a7279-176a-11dd-a800-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d83c6984-0a2e-11dd-a7e7-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1817829-f947-11dc-a7ae-001d7d04d8e5}]
AutoRun\command- I:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e181782b-f947-11dc-a7ae-001d7d04d8e5}]
AutoRun\command- I:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0af9e70-0a0e-11dd-a7e4-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f66bf963-1aa0-11dd-9dd5-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
*Newly Created Service* - RKPAVPROC
-- End of Deckard's System Scanner: finished at 2008-05-26 15:37:22 ------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:57 PM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless 108G DWA-520\AirPlusCFG.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\GIGABYTE\GEST\gest.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
F:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless 108G DWA-520] C:\Program Files\D-Link\D-Link Wireless 108G DWA-520\AirPlusCFG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [RemoteControl8] "F:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "F:\Program Files\CyberLink\PowerDVD8\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\D-Link Wireless 108G DWA-520\JSWUtil\jswpsapi.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 9348 bytes
DDS result
Deckard's System Scanner v20071014.68
Run by user on 2008-05-26 15:35:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
153: 2008-05-26 11:35:19 UTC - RP153 - Deckard's System Scanner Restore Point
152: 2008-05-25 15:24:56 UTC - RP152 - Installed Guitar Hero Explorer
151: 2008-05-25 05:30:43 UTC - RP151 - System Checkpoint
150: 2008-05-23 14:02:23 UTC - RP150 - Installed AuditionSEA
149: 2008-05-23 12:40:22 UTC - RP149 - Restore Operation
-- First Restore Point --
1: 2008-03-23 02:41:32 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as user.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:36:48 PM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless 108G DWA-520\AirPlusCFG.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\GIGABYTE\GEST\gest.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
F:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\user\My Documents\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless 108G DWA-520] C:\Program Files\D-Link\D-Link Wireless 108G DWA-520\AirPlusCFG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [RemoteControl8] "F:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "F:\Program Files\CyberLink\PowerDVD8\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\D-Link Wireless 108G DWA-520\JSWUtil\jswpsapi.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 9598 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 vcdrom (Virtual CD-ROM Device Driver) - f:\downloads\vcdrom.sys <Not Verified; Microsoft Corporation; VirtualCdRom>
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 npkcusb - c:\nexon\maplestory\npkcusb.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
S0 sptd - c:\windows\system32\drivers\sptd.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 PciCon - d:\pcicon.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Wireless Service; ANIWZCS2 Service Launcher (NT)>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 jswpsapi (Jumpstart Wifi Protected Setup) - c:\program files\d-link\d-link wireless 108g dwa-520\jswutil\jswpsapi.exe <Not Verified; Atheros Communications, Inc.; JumpStart>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1D7DE1284
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1D7DE1284
Service: NIC1394
-- Files created between 2008-04-26 and 2008-05-26 -----------------------------
2008-05-26 15:25:55 0 d-------- C:\WINDOWS\LastGood
2008-05-26 15:25:28 0 d-------- C:\Program Files\Panda Security
2008-05-26 15:03:30 0 d-------- C:\Program Files\Trend Micro
2008-05-26 14:33:39 20480 --a------ C:\WINDOWS\system32\33a527d.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-26 14:33:39 20480 --a------ C:\WINDOWS\system32\207e0e2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-26 13:49:42 0 d--h----- C:\Documents and Settings\Emergency\Templates
2008-05-26 13:49:42 0 dr------- C:\Documents and Settings\Emergency\Start Menu
2008-05-26 13:49:42 0 dr-h----- C:\Documents and Settings\Emergency\SendTo
2008-05-26 13:49:42 0 d--h----- C:\Documents and Settings\Emergency\Recent
2008-05-26 13:49:42 0 d--h----- C:\Documents and Settings\Emergency\PrintHood
2008-05-26 13:49:42 262144 --ah----- C:\Documents and Settings\Emergency\NTUSER.DAT
2008-05-26 13:49:42 0 d--h----- C:\Documents and Settings\Emergency\NetHood
2008-05-26 13:49:42 0 d-------- C:\Documents and Settings\Emergency\My Documents
2008-05-26 13:49:42 0 d--h----- C:\Documents and Settings\Emergency\Local Settings
2008-05-26 13:49:42 0 d-------- C:\Documents and Settings\Emergency\Favorites
2008-05-26 13:49:42 0 d-------- C:\Documents and Settings\Emergency\Desktop
2008-05-26 13:49:42 0 d---s---- C:\Documents and Settings\Emergency\Cookies
2008-05-26 13:49:42 0 dr-h----- C:\Documents and Settings\Emergency\Application Data
2008-05-26 13:49:42 0 d---s---- C:\Documents and Settings\Emergency\Application Data\Microsoft
2008-05-26 13:49:28 20480 --a------ C:\WINDOWS\system32\923e22.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-26 13:49:27 20480 --a------ C:\WINDOWS\system32\11c61dbf.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-25 19:25:06 0 d-------- C:\Documents and Settings\user\Application Data\OnReally
2008-05-25 19:17:28 0 d-------- C:\Documents and Settings\user\Application Data\fretsonfire
2008-05-25 13:02:06 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-25 13:01:53 0 d-------- C:\Program Files\Real
2008-05-25 13:01:50 0 d-------- C:\Program Files\Common Files\Real
2008-05-25 13:01:49 0 d-------- C:\Documents and Settings\user\Application Data\Real
2008-05-25 12:15:15 20480 --a------ C:\WINDOWS\system32\ed5e268.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-25 12:15:15 20480 --a------ C:\WINDOWS\system32\16333bfc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-25 06:17:25 0 d-------- C:\OutputFolder
2008-05-25 06:16:45 129024 --a------ C:\WINDOWS\system32\AVERM.dll
2008-05-25 06:16:45 28672 --a------ C:\WINDOWS\system32\AVEQT.dll
2008-05-24 20:33:55 20480 --a------ C:\WINDOWS\system32\832e198.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-24 20:33:55 20480 --a------ C:\WINDOWS\system32\5a91b4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-23 18:39:01 20480 --a------ C:\WINDOWS\system32\68efec0.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-23 18:39:01 20480 --a------ C:\WINDOWS\system32\26dcace.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-23 18:02:24 0 d-------- C:\Program Files\AuditionSEA
2008-05-23 13:19:32 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-05-23 13:19:32 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
2008-05-18 20:57:28 0 d-------- C:\Program Files\HGI
2008-05-18 20:30:28 0 d-------- C:\Program Files\PDM
2008-05-16 18:12:59 0 d-------- C:\Documents and Settings\user\Application Data\iWin
2008-05-15 16:25:29 0 d-------- C:\Program Files\DivX
2008-05-13 00:11:17 0 d-------- C:\Documents and Settings\user\dwhelper
2008-05-07 22:08:57 0 d-------- C:\Perl
2008-05-04 06:12:10 0 d-------- C:\Program Files\QuickTime
2008-05-03 12:10:29 0 d-------- C:\Documents and Settings\user\Application Data\PlayFirst
2008-05-03 12:10:29 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-03 12:01:47 0 d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-05-03 11:11:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-05-03 11:10:46 0 d-------- C:\Documents and Settings\user\Application Data\Sony
2008-05-03 11:09:31 0 d-------- C:\Documents and Settings\user\Application Data\Publish Providers
2008-05-03 11:09:31 0 d-------- C:\Documents and Settings\user\Application Data\NetMedia Providers
2008-05-03 11:07:18 0 d-------- C:\Program Files\Vstplugins
2008-05-03 10:50:52 0 d-------- C:\Documents and Settings\user\Application Data\Ludia
2008-05-03 10:50:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Ludia
2008-05-03 10:39:43 0 d-------- C:\Program Files\ReflexiveArcade
2008-05-02 21:06:21 0 d-------- C:\Program Files\BannedStory
2008-05-02 20:57:23 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-05-02 20:29:58 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-02 20:26:33 0 d-------- C:\Program Files\Bonjour
2008-05-02 20:19:27 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-02 19:34:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-02 19:34:51 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-02 02:36:48 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire
2008-05-01 14:42:02 3284 --a------ C:\WINDOWS\system32\ANIWZCS{A86F4CB7-03CA-4D51-A949-5EC22D238565}
2008-04-30 21:44:44 0 d-------- C:\Documents and Settings\user\Application Data\Download Manager
-- Find3M Report ---------------------------------------------------------------
2008-05-26 15:25:29 2656 --a------ C:\WINDOWS\mozver.dat
2008-05-26 15:02:14 0 d-------- C:\Documents and Settings\user\Application Data\DMCache
2008-05-26 15:00:14 5 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{A86F4CB7-03CA-4D51-A949-5EC22D238565}
2008-05-26 14:59:48 0 d-------- C:\Program Files\Steam
2008-05-25 13:02:06 0 d-------- C:\Program Files\Common Files
2008-05-23 21:16:11 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2008-05-23 18:02:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-23 13:35:53 0 d-------- C:\Documents and Settings\user\Application Data\IDM
2008-05-22 19:34:37 0 d-------- C:\Documents and Settings\user\Application Data\MegauploadToolbar
2008-05-21 03:01:00 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-19 23:51:32 0 d-------- C:\Program Files\Etisalat USB
2008-05-17 17:39:31 0 d-------- C:\Program Files\Internet Download Manager
2008-05-16 12:03:05 0 d-------- C:\Documents and Settings\user\Application Data\Adobe
2008-04-21 15:28:35 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-04-15 18:42:16 0 d-------- C:\Documents and Settings\user\Application Data\TVU Networks
2008-04-15 17:23:37 0 d-------- C:\Documents and Settings\user\Application Data\TypingMaster7
2008-04-14 18:10:34 0 d-------- C:\Documents and Settings\user\Application Data\DAEMON Tools
2008-04-14 17:19:01 0 d-------- C:\Program Files\MegauploadToolbar
2008-04-14 16:04:04 0 d-------- C:\Documents and Settings\user\Application Data\Aston
2008-04-14 16:04:03 0 --a------ C:\Program Files\AstonWriteTest.txt
2008-04-14 00:29:46 0 d-------- C:\Program Files\Cucusoft
2008-04-13 18:33:56 0 d-------- C:\Documents and Settings\user\Application Data\Uniblue
2008-04-13 18:33:50 0 d-------- C:\Program Files\Uniblue
2008-04-13 18:24:53 0 d-------- C:\Program Files\Kaspersky Lab
2008-04-13 00:44:06 0 d-------- C:\Program Files\AVG
2008-04-12 15:26:09 0 d-------- C:\Program Files\NeroInstall.bak
2008-04-12 15:25:40 0 d-------- C:\Documents and Settings\user\Application Data\Nero
2008-04-12 15:24:45 0 d-------- C:\Program Files\Common Files\Nero
2008-04-12 15:24:02 0 d-------- C:\Program Files\Nero
2008-04-11 17:52:15 0 d-------- C:\Documents and Settings\user\Application Data\Nexon
2008-04-11 17:51:26 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-04-06 22:34:45 0 d-------- C:\Documents and Settings\user\Application Data\CyberLink
2008-04-06 18:53:37 0 d-------- C:\Program Files\Stardock
2008-04-06 16:40:31 0 d-------- C:\Program Files\Enterbrain
2008-04-06 16:40:19 0 d-------- C:\Program Files\Common Files\Enterbrain
2008-04-06 15:39:25 0 d-------- C:\Program Files\MSXML 4.0
2008-04-06 15:33:59 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-04 23:56:25 0 d-------- C:\Documents and Settings\user\Application Data\Ahead
2008-04-04 23:48:20 0 d-------- C:\Program Files\CyberLink
2008-04-04 21:35:58 3247781 --a------ C:\WINDOWS\system32\Naruto 2.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer>
2008-04-04 21:34:00 3320224 --a------ C:\WINDOWS\system32\Naruto 1.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer>
2008-04-04 21:15:32 4096 --a------ C:\WINDOWS\d3dx.dat
2008-04-04 17:06:05 0 d-------- C:\Program Files\Windows Live
2008-04-04 17:04:52 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-03 21:42:02 0 d-------- C:\Program Files\New Folder
2008-03-24 06:44:48 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-23 06:46:25 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-03-23 06:33:48 0 -rahs---- C:\MSDOS.SYS
2008-03-23 06:33:48 0 -rahs---- C:\IO.SYS
2008-03-23 06:33:48 0 --a------ C:\CONFIG.SYS
2008-03-23 06:33:48 0 --a------ C:\AUTOEXEC.BAT
2008-03-23 06:31:13 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-22 22:24:50 62 --ahs---- C:\Documents and Settings\user\Application Data\desktop.ini
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="C:\Program Files\GIGABYTE\GEST\RUN.exe" [12/14/2007 11:46 PM]
"RTHDCPL"="RTHDCPL.EXE" [09/19/2007 02:14 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 02:43 PM C:\WINDOWS\Alcmtr.exe]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [03/20/2007 10:36 AM]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [08/29/2007 12:55 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [01/19/2007 11:49 PM]
"D-Link D-Link Wireless 108G DWA-520"="C:\Program Files\D-Link\D-Link Wireless 108G DWA-520\AirPlusCFG.exe" [08/30/2007 02:15 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 03:10 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [02/28/2008 09:59 AM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [02/08/2008 06:36 PM]
"RemoteControl8"="F:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe" [02/18/2008 06:33 PM]
"PDVD8LanguageShortcut"="F:\Program Files\CyberLink\PowerDVD8\PowerDVD8\Language\Language.exe" [12/14/2007 11:36 AM]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [11/14/2007 11:10 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/25/2008 01:01 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/04/2008 09:46 PM]
"Steam"="C:\Program Files\Steam\Steam.exe" [04/06/2008 03:58 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [07/27/2007 04:00 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [05/16/2008 08:45 PM]
C:\Documents and Settings\user\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07b9a5ed-2269-11dd-9ddd-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07b9b28c-2269-11dd-9ddd-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07b9b497-2269-11dd-9ddd-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07b9b5ae-2269-11dd-9ddd-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cadcae7-1443-11dd-a7f6-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cadcbdf-1443-11dd-a7f6-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cadcdbd-1443-11dd-a7f6-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{131195ca-24ee-11dd-9ddf-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13119fd0-24ee-11dd-9ddf-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ba5acd7-267b-11dd-b653-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{353d3976-1da2-11dd-9ddb-001cf0d203d8}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{353d4edb-1da2-11dd-9ddb-001cf0d203d8}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{353d50ee-1da2-11dd-9ddb-001cf0d203d8}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3544b959-13b5-11dd-a7f5-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3544b964-13b5-11dd-a7f5-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3aa07e5a-19d1-11dd-9dd3-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ae0784a-0f96-11dd-a7f1-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ae07969-0f96-11dd-a7f1-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bcd39ac-0fcc-11dd-a7f4-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bcd39dc-0fcc-11dd-a7f4-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d94ebc8-07cb-11dd-a7d4-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d94ebc9-07cb-11dd-a7d4-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54fa3086-0a17-11dd-a7e6-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54fa32c5-0a17-11dd-a7e6-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69706efc-f86b-11dc-a7b3-001d7d04d8e5}]
AutoRun\command- I:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fb5826d-1940-11dd-9dd1-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c66b0a4-0ae5-11dd-a7e8-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8294e17a-1c1d-11dd-9dd7-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8294ed1f-1c1d-11dd-9dd7-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bd110ac-0edb-11dd-a7ed-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e855d38-0ed8-11dd-a7ec-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e855d3d-0ed8-11dd-a7ec-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e855f4d-0ed8-11dd-a7ec-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e856053-0ed8-11dd-a7ec-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99366c6c-15e6-11dd-a7fb-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99366c72-15e6-11dd-a7fb-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e368266-15dc-11dd-a7fa-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e368271-15dc-11dd-a7fa-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a307dab5-15e7-11dd-a7fc-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3211ffd-0f9b-11dd-a7f3-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b03a3a12-2416-11dd-9dde-001cf0d203d8}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b03a3dae-2416-11dd-9dde-001cf0d203d8}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbf8edf3-1ce7-11dd-9dd9-001cf0d203d8}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d37a6649-176a-11dd-a800-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d37a6723-176a-11dd-a800-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d37a7279-176a-11dd-a800-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d83c6984-0a2e-11dd-a7e7-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1817829-f947-11dc-a7ae-001d7d04d8e5}]
AutoRun\command- I:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e181782b-f947-11dc-a7ae-001d7d04d8e5}]
AutoRun\command- I:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0af9e70-0a0e-11dd-a7e4-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f66bf963-1aa0-11dd-9dd5-001d7d04d8e5}]
AutoRun\command- H:\AutoRun.exe
*Newly Created Service* - RKPAVPROC
-- End of Deckard's System Scanner: finished at 2008-05-26 15:37:22 ------------
Attachments
-
25.4 KB Views: 31
- Status
- Not open for further replies.
1 - 1 of 1 Posts
1 - 1 of 1 Posts
- Status
- Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Recommended Communities
