Deckard's System Scanner v20071014.68 Run by lostonearth on 2008-02-26 00:19:42 Computer is in Normal Mode. -------------------------------------------------------------------------------- Backed up registry hives. Performed disk cleanup. -- HijackThis (run as lostonearth.exe) ----------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:20:16 AM, on 26/02/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Windows\System32\SysMonitor.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conime.exe C:\Users\lostonearth\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\LOSTON~1.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ycomp/defaults/sp/*http://ca.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ca.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O13 - Gopher Prefix: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 7240 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 PSDFilter - c:\windows\system32\drivers\psdfilter.sys R0 PSDNServ (PSDNSERVER) - c:\windows\system32\drivers\psdnserv.sys R0 psdvdisk - c:\windows\system32\drivers\psdvdisk.sys R0 UBHelper - c:\windows\system32\drivers\ubhelper.sys R1 SASDIFSV - \??\c:\program files\superantispyware\sasdifsv.sys R1 SASKUTIL - \??\c:\program files\superantispyware\saskutil.sys R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys R3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AcerMemUsageCheckService (ePerformance Service) - c:\acer\empowering technology\eperformance\memcheck.exe R2 eRecoveryService (eRecovery Service) - c:\acer\empowering technology\erecovery\erecoveryservice.exe R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Process Modules ------------------------------------------------------------- C:\Windows\explorer.exe (pid 1904) 2006-11-16 13:19:10 37376 --a------ C:\Windows\System32\MSNChatHook.dll 2006-11-16 19:10:14 286720 --a------ C:\Windows\System32\sysenv.dll 2006-11-16 13:18:50 63488 --a------ C:\Windows\System32\ShowErrMsg.dll -- Scheduled Tasks ------------------------------------------------------------- 2008-02-24 02:35:54 500 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - lostonearth.job -- Files created between 2008-01-26 and 2008-02-26 ----------------------------- 2008-02-25 11:52:56 0 d-------- C:\Users\All Users\Malwarebytes 2008-02-25 11:52:56 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-02-25 01:13:16 0 d-------- C:\Users\All Users\Yahoo! Companion 2008-02-25 01:12:05 0 d-------- C:\Program Files\Common Files\PX Storage Engine 2008-02-25 01:11:59 0 d-------- C:\Program Files\DivX 2008-02-25 00:31:54 0 d-------- C:\Program Files\World of Warcraft 2008-02-25 00:31:54 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-02-24 19:36:18 0 d-------- C:\Windows\system32\Kaspersky Lab 2008-02-24 19:07:55 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-02-24 19:07:49 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-02-24 19:07:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-23 19:00:45 0 --a------ C:\Windows\ativpsrm.bin 2008-02-23 18:36:49 0 d-------- C:\Program Files\MSXML 4.0 2008-02-23 18:10:23 0 d-------- C:\Program Files\Trend Micro 2008-02-23 17:59:28 0 d-------- C:\Windows\system32\Macromed 2008-02-23 17:59:27 0 d-------- C:\Users\All Users\InstallShield 2008-02-23 17:59:21 0 d-------- C:\Windows\Acer_Wide 2008-02-23 17:59:21 187392 --a------ C:\Windows\Acer(Wide).scr 2008-02-23 17:59:21 187392 --a------ C:\Windows\Acer(Normal).scr 2008-02-23 17:59:21 0 d-------- C:\Program Files\Acer Inc 2008-02-23 17:59:18 0 d-------- C:\Windows\Acer_Normal 2008-02-23 17:58:07 327680 --a------ C:\Windows\system32\Remove_eRecovery.exe 2008-02-23 17:58:07 16384 --a------ C:\Windows\system32\LauncheRyAgentUser.exe 2008-02-23 17:58:07 1402880 --a------ C:\Windows\system32\ERUpdateHidden.EXE 2008-02-23 17:58:07 16384 --a------ C:\Windows\system32\ClearEvent.exe 2008-02-23 17:58:07 360448 --a------ C:\Windows\system32\CheckD2DSystem.exe 2008-02-23 17:57:03 0 d-------- C:\Windows\system32\i386 2008-02-23 17:56:40 0 d-------- C:\Program Files\Acer Assist 2008-02-23 17:56:39 0 d-------- C:\Program Files\Acer Registration 2008-02-23 17:55:33 0 d--hs---- C:\$RECYCLE.BIN 2008-02-23 17:55:27 0 dr------- C:\Users\lostonearth\Searches 2008-02-23 17:55:11 0 dr------- C:\Users\lostonearth\Contacts 2008-02-23 17:55:03 0 d-------- C:\Program Files\Yahoo! 2008-02-23 17:53:04 0 d--hs---- C:\Users\lostonearth\Templates 2008-02-23 17:53:04 0 d--hs---- C:\Users\lostonearth\Start Menu 2008-02-23 17:53:04 0 d--hs---- C:\Users\lostonearth\SendTo 2008-02-23 17:53:04 0 d--hs---- C:\Users\lostonearth\Recent 2008-02-23 17:53:04 0 d--hs---- C:\Users\lostonearth\PrintHood 2008-02-23 17:53:04 0 d--hs---- C:\Users\lostonearth\NetHood 2008-02-23 17:53:04 0 d--hs---- C:\Users\lostonearth\My Documents 2008-02-23 17:53:04 0 d--hs---- C:\Users\lostonearth\Local Settings 2008-02-23 17:53:04 0 d--hs---- C:\Users\lostonearth\Cookies 2008-02-23 17:53:04 0 d--hs---- C:\Users\lostonearth\Application Data 2008-02-23 17:53:03 0 dr------- C:\Users\lostonearth\Videos 2008-02-23 17:53:03 0 dr------- C:\Users\lostonearth\Saved Games 2008-02-23 17:53:03 0 dr------- C:\Users\lostonearth\Pictures 2008-02-23 17:53:03 1048576 --ahs---- C:\Users\lostonearth\NTUSER.DAT 2008-02-23 17:53:03 0 dr------- C:\Users\lostonearth\Music 2008-02-23 17:53:03 0 dr------- C:\Users\lostonearth\Links 2008-02-23 17:53:03 0 dr------- C:\Users\lostonearth\Favorites 2008-02-23 17:53:03 0 dr------- C:\Users\lostonearth\Downloads 2008-02-23 17:53:03 0 dr------- C:\Users\lostonearth\Documents 2008-02-23 17:53:03 0 dr------- C:\Users\lostonearth\Desktop 2008-02-23 17:53:03 0 d--h----- C:\Users\lostonearth\AppData 2008-02-23 17:32:45 0 d-------- C:\Windows\SoftwareDistribution 2008-02-20 18:05:44 3596288 --a------ C:\Windows\system32\qt-dx331.dll 2008-02-20 18:04:16 196608 --a------ C:\Windows\system32\dtu100.dll 2008-02-20 18:04:16 81920 --a------ C:\Windows\system32\dpl100.dll 2008-02-20 18:04:04 802816 --a------ C:\Windows\system32\divx_xx11.dll 2008-02-20 18:04:04 823296 --a------ C:\Windows\system32\divx_xx0c.dll 2008-02-20 18:04:04 823296 --a------ C:\Windows\system32\divx_xx07.dll 2008-02-20 18:04:04 682496 --a------ C:\Windows\system32\DivX.dll 2008-02-20 18:03:24 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll -- Find3M Report --------------------------------------------------------------- 2008-02-25 11:55:25 0 d-------- C:\Program Files\Common Files 2008-02-25 11:52:59 0 d-------- C:\Users\lostonearth\AppData\Roaming\Malwarebytes 2008-02-25 01:12:21 0 d-------- C:\Users\lostonearth\AppData\Roaming\DivX 2008-02-25 00:26:43 0 d-------- C:\Program Files\Microsoft Games 2008-02-24 19:07:49 0 d-------- C:\Users\lostonearth\AppData\Roaming\SUPERAntiSpyware.com 2008-02-24 11:29:47 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-02-24 11:23:30 0 d-------- C:\Program Files\Norton Internet Security 2008-02-24 03:24:54 0 d-------- C:\Program Files\Symantec 2008-02-24 02:38:45 174 --ahs---- C:\Program Files\desktop.ini 2008-02-24 02:35:05 0 d-------- C:\Program Files\Windows Calendar 2008-02-24 02:35:03 0 d-------- C:\Program Files\Windows Mail 2008-02-24 02:34:58 0 d-------- C:\Program Files\Windows Defender 2008-02-24 02:34:51 0 d-------- C:\Program Files\Windows Sidebar 2008-02-23 18:45:28 0 d-------- C:\Users\lostonearth\AppData\Roaming\Adobe 2008-02-23 18:04:58 0 d-------- C:\Users\lostonearth\AppData\Roaming\Acer 2008-02-23 18:04:52 0 d-------- C:\Users\lostonearth\AppData\Roaming\Leadertech 2008-02-23 18:04:41 0 d-------- C:\Users\lostonearth\AppData\Roaming\Macromedia 2008-02-23 17:59:17 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-02-23 17:59:17 0 d-------- C:\Program Files\Common Files\InstallShield 2008-02-23 17:55:17 0 d-------- C:\Users\lostonearth\AppData\Roaming\Identities 2008-02-23 17:53:34 0 d-------- C:\Program Files\Realtek 2008-02-23 16:26:49 1306 --a------ C:\Windows\CLEANUP.CMD -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [23/02/2008 06:53 PM] "RtHDVCpl"="RtHDVCpl.exe" [01/12/2006 05:37 AM C:\Windows\RtHDVCpl.exe] "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [20/11/2006 08:44 PM] "osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [20/11/2006 08:42 PM] "Acer Tour"="" [] "Acer Empowering Technology Monitor"="C:\Windows\system32\SysMonitor.exe" [23/11/2006 03:24 PM] "Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" [13/12/2006 10:55 AM] "Acer Assist Launcher"="C:\Program Files\Acer Assist\launcher.exe" [04/12/2006 01:05 PM] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [17/11/2006 08:26 AM] "eRecoveryService"="" [] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 05:38 PM] "Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [21/02/2008 07:50 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [23/02/2008 06:39 PM] "WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" [] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 02:06 PM] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 4:44:06 AM] Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [06/01/2006 8:51:42 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 01:55 PM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b213fc70-e277-11dc-b8cb-806e6f6e6963}] AutoRun\command- E:\Installer.exe *Newly Created Service* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-02-26 00:21:13 ------------