Deckard's System Scanner v20071014.68 Run by Owner on 2008-05-20 18:54:56 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 25: 2008-05-20 22:55:52 UTC - RP297 - Deckard's System Scanner Restore Point 24: 2008-05-20 19:49:17 UTC - RP296 - Software Distribution Service 3.0 23: 2008-05-20 18:51:03 UTC - RP295 - Removed Microsoft Office Professional 2007 Trial 22: 2008-05-20 18:48:10 UTC - RP294 - Removed SAPI 5.1 Text-to-Speech 21: 2008-05-20 18:42:07 UTC - RP293 - Removed Microsoft Works 6.0 -- First Restore Point -- 1: 2008-05-15 05:41:35 UTC - RP273 - Software Distribution Service 3.0 Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:00:23 PM, on 5/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\LTMSG.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\VTTimer.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\clipsrv.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Owner\desktop\dss.exe C:\DOCUME~1\Owner\Desktop\fix\Owner.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user') O4 - .DEFAULT User Startup: Earthlink.lnk = ? (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1193626600328 O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.33.7/ttinst.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: AOL Spyware Protection Service (AOLService) - Advanced Micro Devices, Inc. - (no file) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing) O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 7867 bytes -- HijackThis Fixed Entries (C:\DOCUME~1\Owner\Desktop\fix\backups\) ----------- backup-20080520-042612-126 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) backup-20080520-042612-261 O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) - backup-20080520-042612-304 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local backup-20080520-042612-355 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = backup-20080520-042612-393 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k backup-20080520-042612-489 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com backup-20080520-042612-575 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = backup-20080520-042612-592 O4 - HKCU\..\Run: [NTSpool ] C:\WINDOWS\system32\NTSpool.exe backup-20080520-042612-658 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.811.com/saecs.html backup-20080520-052153-142 O4 - S-1-5-18 Startup: Earthlink.lnk = ? (User 'SYSTEM') backup-20080520-052153-251 O23 - Service: AOL Spyware Protection Service (AOLService) - Advanced Micro Devices, Inc. - (no file) backup-20080520-052153-681 O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - backup-20080520-052153-747 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = backup-20080520-052153-779 O4 - .DEFAULT User Startup: Earthlink.lnk = ? (User 'Default user') backup-20080520-052153-925 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.811.com/saecs.html backup-20080520-052153-957 O4 - .DEFAULT Startup: Earthlink.lnk = ? (User 'Default user') backup-20080520-052153-967 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = backup-20080520-052402-333 O4 - .DEFAULT User Startup: Earthlink.lnk = ? (User 'Default user') backup-20080520-092100-549 O4 - .DEFAULT User Startup: Earthlink.lnk = ? (User 'Default user') backup-20080520-092101-861 O23 - Service: AOL Spyware Protection Service (AOLService) - Advanced Micro Devices, Inc. - (no file) -- File Associations ----------------------------------------------------------- [COLOR=red].scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 BIOS - c:\windows\system32\drivers\bios.sys R1 BS_I2cIo - c:\windows\system32\drivers\bs_i2cio.sys R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys R1 NetworkX - c:\windows\system32\ckldrv.sys R1 USIUDF - c:\windows\system32\drivers\usiudf.sys R3 Freedom (FREEDOM Miniport) - c:\windows\system32\drivers\freedom.sys R3 SASENUM - c:\program files\superantispyware\sasenum.sys R3 wandrv (WAN Network Driver) - c:\windows\system32\drivers\wandrv.sys S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys (file missing) S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys (file missing) S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - c:\windows\system32\drivers\awrtrd.sys (file missing) S3 catchme - c:\docume~1\owner\locals~1\temp\catchme.sys (file missing) S3 cmuda (C-Media WDM Audio Interface) - c:\windows\system32\drivers\cmuda.sys S3 ezplay (VSO Software ezplay) - c:\windows\system32\drivers\ezplay.sys S3 iteio - c:\windows\system32\drivers\iteio.sys S3 PCDRDRV (Pcdr CPU Helper Driver) - c:\windows\system32\drivers\pcdrdrv.sys (file missing) S3 PcdrNt - c:\windows\system32\drivers\pcdrnt.sys (file missing) S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys S3 ULCDRHlp - c:\windows\system32\drivers\ulcdrhlp.sys S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" R2 Crypkey License - crypserv.exe R2 UserAccess7 (SecuROM User Access Service (V7)) - c:\windows\system32\uaservice7.exe S2 AOLService (AOL Spyware Protection Service) - S2 NVSvc (NVIDIA Driver Helper Service) - c:\windows\system32\nvsvc32.exe (file missing) S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Process Modules ------------------------------------------------------------- C:\WINDOWS\SYSTEM32\winlogon.exe (pid 1412) 2006-08-25 11:45:55 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll C:\WINDOWS\SYSTEM32\svchost.exe (pid 1640) 2006-08-25 11:45:55 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll C:\WINDOWS\SYSTEM32\svchost.exe (pid 152) 2006-08-25 11:45:55 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 2006-02-28 12:42:30 94208 --a------ C:\Program Files\Bonjour\mdnsNSP.dll C:\WINDOWS\explorer.exe (pid 1884) 2006-08-25 11:45:55 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll C:\WINDOWS\SYSTEM32\svchost.exe (pid 2188) 2006-08-25 11:45:55 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll C:\WINDOWS\SYSTEM32\svchost.exe (pid 2536) 2006-08-25 11:45:55 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll -- Scheduled Tasks ------------------------------------------------------------- 2008-05-20 18:28:19 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job 2008-05-19 07:30:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-04-20 and 2008-05-20 ----------------------------- 2008-05-20 13:35:05 0 d-------- C:\Program Files\WinAVI MP4 Converter 2008-05-20 13:17:36 9502720 --a------ C:\Documents and Settings\Owner\ntuser.dat 2008-05-20 04:51:42 0 d-------- C:\Program Files\Alwil Software 2008-05-20 03:28:50 0 d-------- C:\NoLopBackups 2008-05-20 02:11:39 0 d-------- C:\WINDOWS\ERUNT 2008-05-19 17:11:57 0 d-------- C:\Program Files\Panda Security 2008-05-19 16:44:04 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-05-19 16:43:42 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-05-19 16:43:42 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com 2008-05-15 09:43:24 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes 2008-05-15 09:43:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-15 09:43:16 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-15 09:42:56 0 d-------- C:\Program Files\Common Files\Download Manager 2008-05-10 13:00:22 0 d-------- C:\Program Files\Common Files\xing shared 2008-05-09 16:08:42 262144 --a------ C:\Documents and Settings\Application Data\NTUSER.DAT 2008-05-03 18:45:04 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2008-04-30 19:53:29 0 d-------- C:\Program Files\Reference Assemblies 2008-04-30 17:15:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-26 13:01:03 0 d-------- C:\Program Files\Big Mutha Truckers -- Find3M Report --------------------------------------------------------------- 2008-05-20 14:33:04 0 d-------- C:\Program Files\NextUp-Acapela 2008-05-20 14:31:06 0 d-------- C:\Program Files\MySpace 2008-05-20 13:35:07 0 d-------- C:\Program Files\ExtractNow 2008-05-20 12:20:00 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-20 12:19:14 0 d-------- C:\Program Files\AFT software 2008-05-20 08:48:00 0 d-------- C:\Program Files\DigiMode 2008-05-20 03:32:30 0 d-------- C:\Program Files\811 Toolbar 2008-05-19 17:11:59 8239 --a----c- C:\WINDOWS\mozver.dat 2008-05-19 15:48:13 0 d-------- C:\Program Files\Java 2008-05-19 15:46:34 0 d-------- C:\Program Files\Common Files\Java 2008-05-18 19:10:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe 2008-05-15 09:42:56 0 d-a------ C:\Program Files\Common Files 2008-05-10 12:59:58 0 d-------- C:\Program Files\Common Files\Real 2008-05-02 14:52:22 0 d-------- C:\Program Files\Windows Defender 2008-04-30 19:54:44 0 d-------- C:\Program Files\MSBuild 2008-04-24 22:32:30 0 d-------- C:\Program Files\Apple Software Update 2008-04-19 10:02:41 0 d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent 2008-04-08 23:06:45 0 d-------- C:\Program Files\DivX 2008-04-03 22:38:41 0 d-------- C:\Program Files\iTunes 2008-04-03 22:35:21 0 d-------- C:\Program Files\QuickTime 2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll 2008-03-27 19:50:08 0 d-------- C:\Program Files\iPod 2008-03-27 19:47:00 0 d-------- C:\Program Files\HP 2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 07:19 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [] "LTMSG"="LTMSG.exe" [07/14/2003 11:52 AM C:\WINDOWS\ltmsg.exe] "KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 04:44 PM] "VTTimer"="VTTimer.exe" [09/21/2006 04:36 PM C:\WINDOWS\SYSTEM32\VTTimer.exe] "SoundMan"="SOUNDMAN.EXE" [04/16/2007 04:28 PM C:\WINDOWS\soundman.exe] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 08:00 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/12/2004 09:56 AM] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/20/2008 06:24 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe "tscuninstall"=%systemroot%\system32\tscupgrd.exe C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 5:45:42 AM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/20/2008 06:24 PM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 05/20/2008 06:24 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^hc_tray.lnk] backup=C:\WINDOWS\pss\hc_tray.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NTSpool ] *Newly Created Service* - SASDIFSV -- End of Deckard's System Scanner: finished at 2008-05-20 19:02:48 ------------