Deckard's System Scanner v20071014.68 Run by Marie Klofenstine on 2008-05-25 09:11:27 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable...success. -- Last 1 Restore Point(s) -- 1: 2008-05-25 13:11:44 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Marie Klofenstine.exe) ----------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:21:19 AM, on 5/25/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\1XConfig.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RegSrvc.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Dell\Bluetooth Software\BTTray.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Marie Klofenstine\Desktop\Deckard.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Marie Klofenstine.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rcboe.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206665744287 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206665895705 O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://ecampus.phoenix.edu/secure/PhxStudent15.CAB O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://walmart.digitalcameradeveloping.com/upload/FujifilmUploadClient.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 9293 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 APPDRV - c:\windows\system32\drivers\appdrv.sys R1 OMCI - c:\windows\system32\drivers\omci.sys R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.2.1.0) - c:\windows\system32\drivers\mdc8021x.sys R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" R2 RegSrvc - c:\windows\system32\regsrvc.exe -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-05-25 08:59:15 486 --a------ C:\WINDOWS\Tasks\SDMsgUpdate (TE).job 2008-05-02 08:04:53 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-04-25 and 2008-05-25 ----------------------------- 2008-05-24 22:44:13 0 d-------- C:\Program Files\Trend Micro 2008-05-24 21:51:52 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-05-24 21:51:03 0 d-------- C:\Program Files\Security Task Manager 2008-05-24 20:42:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe 2008-05-24 16:17:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-24 14:57:01 0 d--hs---- C:\WINDOWS\CSC 2008-05-24 14:49:26 0 d-------- C:\Documents and Settings\Administrator\Favorites 2008-05-24 14:49:26 0 d-------- C:\Documents and Settings\Administrator\Desktop 2008-05-24 14:49:26 0 d--hs---- C:\Documents and Settings\Administrator\Cookies 2008-05-24 14:49:26 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2008-05-24 14:49:26 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2008-05-24 14:49:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer 2008-05-24 14:49:25 0 d--h----- C:\Documents and Settings\Administrator\Templates 2008-05-24 14:49:25 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2008-05-24 14:49:25 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2008-05-24 14:49:25 0 d--h----- C:\Documents and Settings\Administrator\Recent 2008-05-24 14:49:25 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2008-05-24 14:49:25 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2008-05-24 14:49:25 0 d-------- C:\Documents and Settings\Administrator\My Documents 2008-05-24 14:49:25 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2008-05-24 14:49:24 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2008-05-23 22:37:01 0 d-------- C:\Program Files\XPMedic 2008-05-23 10:52:28 0 d-------- C:\Documents and Settings\Marie Klofenstine\Outlook 2008-05-23 10:52:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-05-23 08:47:24 0 d-------- C:\WINDOWS\system32\NtmsData 2008-05-02 08:04:50 0 d-------- C:\Program Files\Apple Software Update 2008-04-27 11:03:45 0 d-------- C:\Documents and Settings\Marie Klofenstine\System 2008-04-27 11:03:45 0 d-------- C:\Documents and Settings\Marie Klofenstine\Application Data\SmartDraw 2008-04-27 11:00:56 0 d-------- C:\Program Files\SmartDraw 2008 -- Find3M Report --------------------------------------------------------------- 2008-05-25 08:59:16 0 d-------- C:\Program Files\Symantec AntiVirus 2008-05-09 21:15:22 11853 --a------ C:\WINDOWS\system32\nvModes.dat 2008-04-26 11:57:44 0 d-------- C:\Program Files\Microsoft Silverlight 2008-04-09 22:01:09 0 d-------- C:\Documents and Settings\Marie Klofenstine\Application Data\Apple Computer 2008-04-09 07:17:46 0 dr------- C:\Documents and Settings\Marie Klofenstine\Application Data\Brother 2008-04-08 22:21:35 0 d-------- C:\Program Files\iTunes 2008-04-08 22:21:25 0 d-------- C:\Program Files\iPod 2008-04-08 22:21:08 0 d-------- C:\Program Files\Bonjour 2008-04-08 22:21:02 0 d-------- C:\Program Files\QuickTime 2008-04-08 22:19:58 0 d-------- C:\Program Files\Common Files 2008-04-08 22:19:58 0 d-------- C:\Program Files\Common Files\Apple 2008-04-07 15:14:58 50 --a------ C:\WINDOWS\system32\bridf06a.dat 2008-04-07 15:14:28 0 d-------- C:\Program Files\Brother 2008-04-07 15:14:20 0 d-------- C:\Program Files\Common Files\InstallShield 2008-04-07 15:14:11 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-03 20:17:12 0 d-------- C:\Documents and Settings\Marie Klofenstine\Application Data\Windows Desktop Search 2008-04-03 12:58:32 0 d-------- C:\Program Files\Windows Desktop Search 2008-04-03 12:34:52 0 d--h----- C:\Program Files\CanonBJ 2008-04-03 12:32:54 0 d-------- C:\Documents and Settings\Marie Klofenstine\Application Data\Gtek 2008-04-03 12:26:31 0 d-------- C:\Program Files\Canon 2008-04-01 21:01:40 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-04-01 10:54:37 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-04-01 10:53:15 0 d-------- C:\Program Files\Symantec 2008-04-01 10:46:19 0 d-------- C:\Program Files\Dell Printers 2008-03-31 10:47:51 0 d-------- C:\Program Files\Common Files\Outlook Security Manager 2008-03-31 10:41:16 0 d-------- C:\Documents and Settings\Marie Klofenstine\Application Data\R-Mail for Outlook Demo 2008-03-31 10:20:59 0 d-------- C:\Program Files\EASIS 2008-03-28 21:43:03 0 d-------- C:\Program Files\Microsoft Works 2008-03-28 21:42:39 0 d-------- C:\Program Files\Microsoft Small Business 2008-03-28 21:39:30 0 d-------- C:\Program Files\Microsoft.NET 2008-03-28 21:39:00 0 d-------- C:\Program Files\Microsoft SQL Server 2008-03-28 21:37:10 0 d-------- C:\Program Files\MSXML 6.0 2008-03-28 14:41:44 0 d-------- C:\Program Files\Messenger 2008-03-28 13:31:18 0 d-------- C:\Documents and Settings\Marie Klofenstine\Application Data\Adobe 2008-03-28 13:27:26 0 d-------- C:\Program Files\Common Files\Adobe 2008-03-27 21:35:00 0 d-------- C:\Program Files\ProPlus.WW 2008-03-27 21:09:49 0 d-------- C:\Documents and Settings\Marie Klofenstine\Application Data\Macromedia 2008-03-27 19:37:03 0 d-------- C:\Program Files\InterVideo 2008-03-27 18:39:29 0 d-------- C:\Documents and Settings\Marie Klofenstine\Application Data\Sun 2008-03-27 18:39:28 0 d-------- C:\Program Files\Java 2008-03-27 18:39:19 0 d-------- C:\Program Files\Common Files\Java 2008-03-27 18:37:56 4 -----n--- C:\Documents and Settings\Marie Klofenstine\Application Data\QSPMShare 2008-03-27 18:37:42 0 d-------- C:\Program Files\Dell 2008-03-27 18:36:11 0 d-------- C:\Program Files\Intel 2008-03-27 18:33:14 0 d-------- C:\Program Files\Broadcom 2008-03-27 18:31:02 0 d-------- C:\Program Files\SigmaTel 2008-03-27 18:30:17 0 d-------- C:\Program Files\Apoint 2008-03-27 18:29:20 0 d-------- C:\Program Files\CONEXANT 2008-03-27 18:20:17 0 d-------- C:\Program Files\Dell Computer Corporation 2008-03-25 21:11:23 0 d-------- C:\Documents and Settings\Marie Klofenstine\Application Data\Identities 2008-03-25 20:54:51 0 d-------- C:\Program Files\microsoft frontpage 2008-03-25 20:54:14 0 -r-hs---- C:\MSDOS.SYS 2008-03-25 20:54:14 0 -r-hs---- C:\IO.SYS 2008-03-25 20:54:14 0 -----n--- C:\CONFIG.SYS 2008-03-25 20:54:14 0 -----n--- C:\AUTOEXEC.BAT 2008-03-25 20:53:10 0 d--h----- C:\Program Files\WindowsUpdate 2008-03-25 20:52:25 0 d-------- C:\Program Files\Common Files\MSSoap 2008-03-25 20:52:16 0 d-------- C:\Program Files\Movie Maker 2008-03-25 20:51:31 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-03-25 20:51:14 0 d-------- C:\Program Files\Online Services 2008-03-25 20:51:07 0 d-------- C:\Program Files\MSN Gaming Zone 2008-03-25 20:50:59 0 d-------- C:\Program Files\Windows NT 2008-03-25 15:35:45 0 d-------- C:\Program Files\Common Files\ODBC 2008-03-25 15:35:43 0 d-------- C:\Program Files\Common Files\SpeechEngines 2008-03-25 15:35:21 62 ---hs---- C:\Documents and Settings\Marie Klofenstine\Application Data\desktop.ini -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 06:00 AM C:\WINDOWS\system32\bthprops.cpl] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/26/2004 01:01 PM] "nwiz"="nwiz.exe" [10/26/2004 01:01 PM C:\WINDOWS\system32\nwiz.exe] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/13/2004 12:33 PM] "PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [05/28/2003 06:32 PM] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [10/07/2004 08:44 PM] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06/02/2005 09:21 AM] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [06/23/2005 07:27 PM] "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [06/28/2006 07:46 AM] "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [06/29/2006 12:18 PM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\Dell\Bluetooth Software\BTTray.exe [4/26/2004 6:13:54 PM] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 3:40:46 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring] C:\WINDOWS\system32\LgNotify.dll 01/12/2004 07:55 AM 110592 C:\WINDOWS\system32\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74c197c0-268c-11dd-b39a-000cf15e5a44}] AutoRun\command- E:\Autorun.exe /run Shell00\Command- E:\Autorun.exe /run Shell01\Command- E:\Autorun.exe /action Shell02\Command- E:\Autorun.exe /uninstall -- End of Deckard's System Scanner: finished at 2008-05-25 09:27:22 ------------