Deckard's System Scanner v20071014.68 Run by Dominik on 2008-06-07 20:09:00 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable...success. -- Last 1 Restore Point(s) -- 1: 2008-06-08 00:09:14 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Dominik.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:12:38 PM, on 6/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\iftuyszv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\444.0 C:\Program Files\OpenSSH\bin\cygrunsrv.exe C:\WINDOWS\portsv.exe C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe C:\Program Files\OpenSSH\usr\sbin\sshd.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe C:\Documents and Settings\Dominik\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Dominik.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wildgames.com/ECS/htdocs/ecs_selectpackage.aspx?dp=hplaptop&itemname=polargolfer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:3128 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe, O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file) O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file) O2 - BHO: (no name) - {129FA2A1-408C-4824-83A4-5001581FD01E} - C:\WINDOWS\system32\cbXQkjgd.dll O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file) O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file) O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file) O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file) O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file) O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file) O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file) O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file) O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file) O2 - BHO: (no name) - {5B976551-9C85-451C-9E65-F145B52B5591} - C:\WINDOWS\system32\opnmNHXq.dll O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file) O2 - BHO: {e1829d9b-d50a-4e79-84a4-03b651ceda37} - {73adec15-6b30-4a48-97e4-a05db9d9281e} - C:\WINDOWS\system32\wrktwdtl.dll O2 - BHO: targetedbanner browser optimizer - {772df410-aa81-7b5d-85e8-86344ce27d70} - C:\WINDOWS\system32\{afd553a8-c339-23a5-aab0-c127e65b7a4e}.dll O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file) O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file) O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file) O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file) O2 - BHO: SBBho Class - {c9803b12-f0a0-11dc-95ff-0800200c9a66} - C:\WINDOWS\TinyBHO.dll O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file) O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file) O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file) O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file) O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file) O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file) O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175453733218 O16 - DPF: {87587503-20F0-4FF5-8DA3-0107C4C03FDC} (vmLaunch Class) - http://downloads.comcast.net/videomail/vmLauncher.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://caebmm.imgag.com/imgag/cp/install/crusher-cae.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {C738EA53-97C2-441B-AC52-DFBC597BCBE5} (Chess Control) - http://www.worldwinner.com/games/v50/chess/chess.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab O16 - DPF: {DCEA263C-75E9-4029-F6AA-37F011CC4EF1} (IM2Webconference) - http://dialcom.com/spontania/download/SpontaniaVideoCollaboration.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5312/mcfscan.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: cbXQkjgd - C:\WINDOWS\SYSTEM32\cbXQkjgd.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.0.exe (file missing) O23 - Service: OpenSSH Server (OpenSSHd) - Unknown owner - C:\Program Files\OpenSSH\bin\cygrunsrv.exe O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 16025 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing) S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing) S3 giveio - c:\windows\system32\giveio.sys S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\444.0 service R2 OpenSSHd (OpenSSH Server) - c:\program files\openssh\bin\cygrunsrv.exe R2 PlugPlayRPC (Plug and Play (RPC)) - c:\windows\portsv.exe service R2 SansaService (Sansa Updater Service) - c:\program files\sandisk\sansa updater\sansasvr.exe R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-06-07 13:46:58 344 --a------ C:\WINDOWS\Tasks\McDefragTask.job 2008-06-07 13:46:53 336 --a------ C:\WINDOWS\Tasks\McQcTask.job -- Files created between 2008-05-07 and 2008-06-07 ----------------------------- 2008-06-07 19:08:46 0 d-------- C:\Program Files\Trend Micro 2008-06-07 17:15:12 8448 --a------ C:\WINDOWS\sistem.exe 2008-06-07 17:15:09 17664 --a------ C:\WINDOWS\notepad32.exe 2008-06-07 17:15:09 19456 --a------ C:\WINDOWS\mtwirl32.dll 2008-06-07 17:15:06 8448 --a------ C:\WINDOWS\iexplorer.exe 2008-06-07 17:15:04 15360 --a------ C:\WINDOWS\explore.exe 2008-06-07 16:45:49 11520 --a------ C:\WINDOWS\y.exe 2008-06-07 16:45:49 31744 --a------ C:\WINDOWS\xplugin.dll 2008-06-07 16:45:49 15360 --a------ C:\WINDOWS\x.exe 2008-06-07 16:45:49 28160 --a------ C:\WINDOWS\winmgnt.exe 2008-06-07 16:45:49 14592 --a------ C:\WINDOWS\window.exe 2008-06-07 16:45:48 24064 --a------ C:\WINDOWS\winajbm.dll 2008-06-07 16:45:48 21248 --a------ C:\WINDOWS\win64.exe 2008-06-07 16:45:48 16128 --a------ C:\WINDOWS\win32e.exe 2008-06-07 16:45:48 30720 --a------ C:\WINDOWS\waol.exe 2008-06-07 16:45:48 31232 --a------ C:\WINDOWS\users32.exe 2008-06-07 16:45:47 11264 --a------ C:\WINDOWS\time.exe 2008-06-07 16:45:47 27392 --a------ C:\WINDOWS\systemcritical.exe 2008-06-07 16:45:47 10752 --a------ C:\WINDOWS\systeem.exe 2008-06-07 16:45:47 20736 --a------ C:\WINDOWS\olehelp.exe 2008-06-07 16:45:46 12800 --a------ C:\WINDOWS\cpan.dll 2008-06-07 16:45:45 29440 --a------ C:\WINDOWS\clrssn.exe 2008-06-07 16:45:45 8448 --a------ C:\WINDOWS\avpcc.dll 2008-06-07 16:45:45 13056 --a------ C:\WINDOWS\accesss.exe 2008-06-07 16:27:17 0 d-------- C:\WINDOWS\CSC 2008-06-07 15:47:44 0 d--h----- C:\WINDOWS\system32\GroupPolicy 2008-06-07 13:34:20 0 d-------- C:\Program Files\McAfee.com 2008-06-07 13:27:26 0 d-------- C:\Program Files\Common Files\McAfee 2008-06-07 13:26:20 0 d-------- C:\Program Files\McAfee 2008-06-07 12:45:24 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2008-06-07 10:54:41 0 d-------- C:\WINDOWS\McAfee.com 2008-06-07 10:25:55 92160 --a------ C:\WINDOWS\system32\roqbbuxv.dll 2008-06-07 10:19:46 108544 --a------ C:\WINDOWS\system32\wrktwdtl.dll 2008-06-07 10:15:22 101376 --a------ C:\WINDOWS\system32\irhwwtgo.dll 2008-06-07 09:53:22 0 d-------- C:\Documents and Settings\Administrator.KOMMIE\Cookies 2008-06-07 09:53:22 0 d-------- C:\Documents and Settings\Administrator.KOMMIE\Application Data 2008-06-07 09:53:22 0 d-------- C:\Documents and Settings\Administrator.KOMMIE\Application Data\Microsoft 2008-06-07 09:53:21 0 d-------- C:\Documents and Settings\Administrator.KOMMIE\Local Settings 2008-06-07 09:53:20 0 d-------- C:\Documents and Settings\Administrator.KOMMIE\Templates 2008-06-07 09:53:19 524288 --ah----- C:\Documents and Settings\Administrator.KOMMIE\NTUSER.DAT 2008-06-06 19:36:21 6291456 --a------ C:\Documents and Settings\Dominik\ntuser.dat 2008-06-06 19:36:18 233472 --a------ C:\Documents and Settings\LocalService\ntuser.dat 2008-06-06 19:35:44 742291 --ahs---- C:\WINDOWS\system32\qXHNmnpo.ini2 2008-06-06 19:35:39 347136 --a------ C:\WINDOWS\system32\opnmNHXq.dll 2008-06-06 19:33:42 0 d-------- C:\WINDOWS\system32\8376 2008-06-06 19:33:35 55808 --a------ C:\WINDOWS\portsv.exe 2008-06-06 18:34:29 16896 --a------ C:\WINDOWS\svcinit.exe 2008-06-06 18:34:29 16384 --a------ C:\WINDOWS\svchost32.exe 2008-06-06 18:34:28 18944 --a------ C:\WINDOWS\searchword.dll 2008-06-06 18:34:28 27648 --a------ C:\WINDOWS\rundll16.exe 2008-06-06 18:34:27 12032 --a------ C:\WINDOWS\quicken.exe 2008-06-06 18:34:27 8448 --a------ C:\WINDOWS\qttasks.exe 2008-06-06 18:34:25 28672 --a------ C:\WINDOWS\mswsc20.dll 2008-06-06 18:34:24 31744 --a------ C:\WINDOWS\mswsc10.dll 2008-06-06 18:34:24 25856 --a------ C:\WINDOWS\msupdate.exe 2008-06-06 18:34:23 28672 --a------ C:\WINDOWS\mssys.exe 2008-06-06 18:34:22 14080 --a------ C:\WINDOWS\msspi.dll 2008-06-06 18:34:22 18688 --a------ C:\WINDOWS\msconfd.dll 2008-06-06 18:34:22 17920 --a------ C:\WINDOWS\loader.exe 2008-06-06 18:34:22 26368 --a------ C:\WINDOWS\internet.exe 2008-06-06 18:34:21 9216 --a------ C:\WINDOWS\inetinf.exe 2008-06-06 18:34:21 22272 --a------ C:\WINDOWS\iedll.exe 2008-06-06 18:34:20 23808 --a------ C:\WINDOWS\helpcvs.exe 2008-06-06 18:34:20 17152 --a------ C:\WINDOWS\gfmnaaa.dll 2008-06-06 18:34:20 8448 --a------ C:\WINDOWS\funny.exe 2008-06-06 18:34:20 15104 --a------ C:\WINDOWS\funniest.exe 2008-06-06 18:34:20 22272 --a------ C:\WINDOWS\explorer32.exe 2008-06-06 18:34:19 16896 --a------ C:\WINDOWS\editpad.exe 2008-06-06 18:34:19 20736 --a------ C:\WINDOWS\dnsrelay.dll 2008-06-06 18:34:18 30720 --a------ C:\WINDOWS\directx32.exe 2008-06-06 18:34:18 13824 --a------ C:\WINDOWS\ctrlpan.dll 2008-06-06 18:34:17 29696 --a------ C:\WINDOWS\ctfmon32.exe 2008-06-06 18:26:52 0 d-------- C:\WINDOWS\system32\xrem 2008-06-06 18:26:52 0 d-------- C:\WINDOWS\system32\NMP 2008-06-06 18:26:52 0 d-------- C:\WINDOWS\system32\inet2 2008-06-06 18:26:52 0 d-------- C:\WINDOWS\system32\expo 2008-06-06 18:26:52 0 d-------- C:\WINDOWS\system32\105772 2008-06-06 18:26:51 0 d-------- C:\WINDOWS\system32\btz 2008-06-06 18:26:41 0 d-------- C:\WINDOWS\system32\vntiho06 2008-06-06 18:25:48 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia 2008-06-06 18:25:12 4 --a------ C:\WINDOWS\system32\hljwugsf.bin 2008-06-06 18:24:54 87511 --a------ C:\WINDOWS\system32\iftuyszv.exe 2008-06-06 18:24:31 0 --a------ C:\WINDOWS\system32\lpcywinp.exe 2008-06-06 18:24:06 42496 --a------ C:\WINDOWS\system32\qoMfgDVn.dll 2008-06-06 18:24:06 42496 --a------ C:\WINDOWS\system32\ddcCSKeB.dll 2008-06-06 18:23:33 58880 --a------ C:\WINDOWS\system32\efcYQGyW.dll 2008-06-06 18:23:31 58880 --a------ C:\WINDOWS\system32\fccbBSji.dll 2008-06-06 18:23:20 42496 --a------ C:\WINDOWS\system32\qoMEvUoO.dll 2008-06-06 18:23:18 42496 --a------ C:\WINDOWS\system32\jkkIyyYP.dll 2008-06-06 18:22:49 58880 --a------ C:\WINDOWS\system32\fccyXQih.dll 2008-06-06 18:22:48 58880 --a------ C:\WINDOWS\system32\urqPfDUL.dll 2008-06-06 18:21:24 59392 --a------ C:\WINDOWS\system32\cbXQkjgd.dll 2008-05-26 11:54:44 366080 --a------ C:\WINDOWS\system32\{afd553a8-c339-23a5-aab0-c127e65b7a4e}.dll 2008-05-18 00:47:52 0 d-------- C:\Program Files\EA GAMES 2008-05-18 00:47:51 442368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2008-05-14 14:13:54 77824 --a------ C:\WINDOWS\h8907435.exe 2008-05-14 13:08:04 217088 --a------ C:\WINDOWS\TinyBHO.dll -- Find3M Report --------------------------------------------------------------- 2008-06-07 19:52:12 0 d-------- C:\Program Files\DAEMON Tools 2008-06-07 13:27:26 0 d-------- C:\Program Files\Common Files 2008-06-06 18:26:40 0 d-------- C:\Documents and Settings\Dominik\Application Data\uTorrent 2008-06-06 18:25:33 0 d-------- C:\Program Files\mIRC 2008-06-06 18:10:15 0 d-------- C:\Documents and Settings\Dominik\Application Data\Skype 2008-06-02 00:00:04 0 d-------- C:\Documents and Settings\Dominik\Application Data\skypePM 2008-05-10 09:30:20 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-04 15:59:16 0 d-------- C:\Program Files\DOSBox-0.72 2008-05-02 20:28:07 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-05-02 20:26:48 0 d-------- C:\Program Files\Common Files\Skype 2008-04-26 22:43:18 0 d-------- C:\Program Files\Starcraft 2008-04-25 20:38:39 0 d-------- C:\Documents and Settings\Dominik\Application Data\LimeWire 2008-04-23 06:26:04 0 d-------- C:\Program Files\TomTom HOME 2 2008-04-18 00:13:56 0 d-------- C:\Documents and Settings\Dominik\Application Data\Gadu-Gadu 2008-04-09 15:13:41 0 d-------- C:\Documents and Settings\Dominik\Application Data\Snapfish 2008-03-09 13:48:12 34807 --a------ C:\WINDOWS\scunin.dat 2008-03-09 13:48:09 967 --a------ C:\WINDOWS\ScUnin.pif 2008-03-09 13:48:09 70656 --a------ C:\WINDOWS\ScUnin.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{129FA2A1-408C-4824-83A4-5001581FD01E}] 06/06/2008 06:21 PM 59392 --a------ C:\WINDOWS\system32\cbXQkjgd.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B976551-9C85-451C-9E65-F145B52B5591}] 06/06/2008 07:35 PM 347136 --a------ C:\WINDOWS\system32\opnmNHXq.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73adec15-6b30-4a48-97e4-a05db9d9281e}] 06/07/2008 10:19 AM 108544 --a------ C:\WINDOWS\system32\wrktwdtl.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{772df410-aa81-7b5d-85e8-86344ce27d70}] 05/26/2008 11:54 AM 366080 --a------ C:\WINDOWS\system32\{afd553a8-c339-23a5-aab0-c127e65b7a4e}.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c9803b12-f0a0-11dc-95ff-0800200c9a66}] 05/14/2008 01:08 PM 217088 --a------ C:\WINDOWS\TinyBHO.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [04/03/2007 06:29 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 04:00 PM] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/17/2007 03:48 AM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [4/1/2007 9:00:07 PM] HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [9/24/2005 1:39:30 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme "DisableTaskMgr"=1 (0x1) "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=1 (0x1) "NoDispAppearancePage"=0 (0x0) "NoColorChoice"=0 (0x0) "NoSizeChoice"=0 (0x0) "NoDispBackgroundPage"=0 (0x0) "NoDispScrSavPage"=0 (0x0) "NoDispCPL"=0 (0x0) "NoVisualStyleChoice"=0 (0x0) "NoDispSettingsPage"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktopChanges"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWindowsUpdate"=0 (0x0) "NoSaveSettings"=0 (0x0) "NoThemesTab"=0 (0x0) "NoBandCustomize"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [10/09/2004 03:18 PM 49152] "{129FA2A1-408C-4824-83A4-5001581FD01E}"= C:\WINDOWS\system32\cbXQkjgd.dll [06/06/2008 06:21 PM 59392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe," "System"=" " [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXQkjgd] cbXQkjgd.dll 06/06/2008 06:21 PM 59392 C:\WINDOWS\system32\cbXQkjgd.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\opnmNHXq [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMef3da55b] Rundll32.exe "C:\WINDOWS\system32\irhwwtgo.dll",s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch] C:\WINDOWS\system32\taskswitch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ec0e96c7] rundll32.exe "C:\WINDOWS\system32\roqbbuxv.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyInsights] "C:\Program Files\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000] C:\WINDOWS\vVX3000.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000] C:\WINDOWS\vVX6000.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{f063af96-1ced-976e-fcf8-31e32391e179}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{afd553a8-c339-23a5-aab0-c127e65b7a4e}.dll" DllStart [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62a70133-be2d-11dc-b823-0014a5e36fb2}] AutoRun\command- H:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ef45742-e041-11db-b7c7-806d6172696f}] AutoRun\command- D:\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc72b809-952b-11dc-b80e-0014a5e36fb2}] AutoRun\command- H:\InstallTomTomHOME.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{035C8BE1-1A47-D921-0606-030204040601}] C:\WINDOWS\system32\vspool.exe -- End of Deckard's System Scanner: finished at 2008-06-07 20:17:07 ------------