Deckard's System Scanner v20071014.68 Run by Matt Gabak on 2008-04-23 17:19:26 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 102: 2008-04-23 21:19:43 UTC - RP954 - Deckard's System Scanner Restore Point 101: 2008-04-23 04:24:48 UTC - RP953 - Software Distribution Service 3.0 100: 2008-04-22 22:06:39 UTC - RP952 - ComboFix created restore point 99: 2008-04-22 04:08:52 UTC - RP951 - Software Distribution Service 3.0 98: 2008-04-21 04:02:38 UTC - RP950 - Software Distribution Service 3.0 -- First Restore Point -- 1: 2008-04-20 05:18:15 UTC - RP853 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Matt Gabak.exe) ------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:20, on 2008-04-23 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Matt Gabak\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Matt Gabak.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.localnet.com/adv_search.phtml R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - Startup: PowerReg Scheduler.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://start.localnet.com/ O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- End of file - 7164 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080420-213921-488 O4 - HKLM\..\Run: [c4708c23] rundll32.exe "C:\WINDOWS\system32\sgaslwrb.dll",b backup-20080420-213921-633 O21 - SSODL: pmsoarbf - {39FC4B67-4A28-4ADD-8E35-B46929ED0D95} - C:\WINDOWS\pmsoarbf.dll (file missing) backup-20080420-213921-708 O3 - Toolbar: qtvglped - {3D91099B-562D-49EC-BDBD-78C5DE9CAED9} - C:\WINDOWS\qtvglped.dll (file missing) backup-20080420-213921-791 O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) backup-20080420-213921-883 O21 - SSODL: omlbpkaw - {1BF900A2-58D6-4F1A-91A5-2996A30BE73A} - C:\WINDOWS\omlbpkaw.dll (file missing) backup-20080423-171857-365 O4 - HKLM\..\Run: [c4708c23] rundll32.exe "C:\WINDOWS\system32\qyaamsiu.dll",b -- File Associations ----------------------------------------------------------- [COLOR=red].reg - regfile - shell\open\command - regedit.exe "%1" %*[/COLOR] [COLOR=red].scr - AutoCADLTScriptFile - shell\open\command - "C:\WINDOWS\notepad.exe" "%1"[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.7) - c:\windows\system32\drivers\mdc8021x.sys R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys S0 PxHelp20 - c:\windows\system32\drivers\pxhelp20.sys (file missing) S3 catchme - c:\combofix\catchme.sys (file missing) S3 EL90XBC (3Com EtherLink XL 90XB/C Adapter Driver) - c:\windows\system32\drivers\el90xbc5.sys (file missing) S3 ForteUSB (AUDIOVOX USB Driver Service) - c:\windows\system32\drivers\forteusb.sys S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing) S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Broadcom 440x 10/100 Integrated Controller Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_015F1028&REV_01\4&39A85202&0&08F0 Manufacturer: Broadcom Name: Broadcom 440x 10/100 Integrated Controller PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_015F1028&REV_01\4&39A85202&0&08F0 Service: bcm4sbxp Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318} Description: CD-ROM Drive Device ID: IDE\CDROMSONY_CDRW/DVD_CRX830E___________________KDK3____\5&1C1051F5&0&0.0.0 Manufacturer: (Standard CD-ROM drives) Name: SONY CDRW/DVD CRX830E PNP Device ID: IDE\CDROMSONY_CDRW/DVD_CRX830E___________________KDK3____\5&1C1051F5&0&0.0.0 Service: cdrom -- Scheduled Tasks ------------------------------------------------------------- 2008-04-18 19:22:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-03-23 and 2008-04-23 ----------------------------- 2008-04-22 18:06:11 68096 --a------ C:\WINDOWS\zip.exe 2008-04-22 18:06:11 49152 --a------ C:\WINDOWS\VFind.exe 2008-04-22 18:06:11 212480 --a------ C:\WINDOWS\swxcacls.exe 2008-04-22 18:06:11 136704 --a------ C:\WINDOWS\swsc.exe 2008-04-22 18:06:11 161792 --a------ C:\WINDOWS\swreg.exe 2008-04-22 18:06:11 98816 --a------ C:\WINDOWS\sed.exe 2008-04-22 18:06:11 80412 --a------ C:\WINDOWS\grep.exe 2008-04-22 18:06:11 73728 --a------ C:\WINDOWS\fdsv.exe 2008-04-19 22:39:10 0 dr-h----- C:\Documents and Settings\Matt Gabak\Recent 2008-04-19 17:58:33 0 d-------- C:\Documents and Settings\Matt Gabak\Application Data\Malwarebytes 2008-04-19 17:49:24 0 d-------- C:\Program Files\Trend Micro 2008-04-19 17:37:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-19 17:37:46 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-19 17:37:12 0 d-------- C:\Program Files\Common Files\Download Manager 2008-04-19 17:21:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia 2008-04-19 17:20:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe 2008-04-19 00:23:00 0 d-------- C:\Documents and Settings\Matt Gabak\Application Data\TmpRecentIcons 2008-04-11 22:25:00 0 d-------- C:\Documents and Settings\Matt Gabak\Application Data\Move Networks 2008-04-01 19:46:04 0 d-------- C:\Program Files\MSECache 2008-03-30 14:40:59 0 d-------- C:\Documents and Settings\Matt Gabak\Application Data\vlc 2008-03-30 12:42:30 0 d-------- C:\Documents and Settings\Matt Gabak\Application Data\dvdcss 2008-03-30 12:41:12 0 d-------- C:\Program Files\VideoLAN 2008-03-30 12:25:05 0 d-------- C:\Documents and Settings\Matt Gabak\Application Data\DivX -- Find3M Report --------------------------------------------------------------- 2008-04-19 23:57:05 0 d-------- C:\Program Files\Viewpoint 2008-04-19 23:56:38 0 d-------- C:\Documents and Settings\Matt Gabak\Application Data\Viewpoint 2008-04-19 22:35:10 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-19 22:35:05 0 d-------- C:\Program Files\Common Files 2008-04-19 22:35:03 0 d-------- C:\Program Files\TI Education 2008-04-18 23:50:23 17332 --a------ C:\WINDOWS\system32\nvModes.dat 2008-04-07 17:45:29 0 d-------- C:\Documents and Settings\Matt Gabak\Application Data\Skype 2008-04-07 17:31:11 0 d-------- C:\Documents and Settings\Matt Gabak\Application Data\skypePM 2008-03-31 23:06:17 0 d-------- C:\Program Files\DivX 2008-03-26 16:11:47 0 d-------- C:\Program Files\AIM6 2008-03-18 18:32:13 0 d-------- C:\Program Files\Java 2008-02-28 23:54:31 0 d-------- C:\Program Files\iTunes -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-01-08 16:26] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-04-22 17:23] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-04-22 17:23] "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 01:21] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38] "IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 17:02] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09] "Aim6"="" [] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23] C:\Documents and Settings\Matt Gabak\Start Menu\Programs\Startup\ DESKTOP.INI [2002-09-03 10:00:00] PowerReg Scheduler.exe [2004-11-25 19:38:02] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ DESKTOP.INI [2004-08-30 12:26:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=1 (0x1) "disableregistrytools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"=1 (0x1) "AllowUnhashedWebView"=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG] BCMSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] C:\WINDOWS\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /installquiet [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WLTRYSVC"=2 (0x2) "ose"=3 (0x3) "McTaskManager"=2 (0x2) "McShield"=2 (0x2) "McAfeeFramework"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a88aefd-8d49-11dc-89d1-009096f26f1f}] AutoRun\command- wscript.exe invisible.vbs copy.bat open\command- wscript.exe invisible.vbs copy.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de65c91a-fca5-11d9-876b-b22f73ddb233}] AutoRun\command- E:\setupSNK.exe -- End of Deckard's System Scanner: finished at 2008-04-23 17:21:33 ------------