Deckard's System Scanner v20071014.68 Run by numan asghar on 2008-06-21 21:58:59 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 11: 2008-06-20 14:33:23 UTC - RP31 - Installed WOT for Internet Explorer 10: 2008-06-20 08:53:18 UTC - RP63 - Windows Vista Service Pack 1 9: 2008-06-15 04:45:27 UTC - RP30 - Windows Update 8: 2008-06-14 05:23:44 UTC - RP29 - Scheduled Checkpoint 7: 2008-06-13 15:29:33 UTC - RP28 - Windows Update -- First Restore Point -- 1: 2008-06-12 04:05:01 UTC - RP22 - Scheduled Checkpoint Backed up registry hives. Performed disk cleanup. [color=red]Total Physical Memory: 1023 MiB (1024 MiB recommended).[/color] -- HijackThis (run as numan asghar.exe) ---------------------------------------- Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-06-21 22:01:25 Platform: Windows Vista (6.00.6000) MSIE: Internet Explorer (7.00.6000.16386) Boot mode: Normal Running processes: C:\Windows\System32\dwm.exe C:\Windows\System32\taskeng.exe C:\Windows\explorer.exe C:\Program Files\McAfee.com\Agent\mcagent.exe E:\aarzi\CleanUp\dss.exe C:\Windows\System32\conime.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\microsoft office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\microsoft office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\microsoft office\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: C:\Windows\System32\wpclsp.dll O10 - Unknown file in Winsock LSP: C:\Windows\System32\wpclsp.dll O10 - Unknown file in Winsock LSP: C:\Windows\System32\wpclsp.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor2/sis/mjolauncher.cab O16 - DPF: {8A4943CC-1950-44F9-9045-D3D428FD3948} (SecureX Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\microsoft office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe O23 - Service: NBService - Unknown owner - C:\Program Files\nero\Nero 7\Nero O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\System32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\System32\PnkBstrA.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 7957 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- All drivers whitelisted. -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-06-06 18:49:52 346 --a------ C:\Windows\Tasks\McQcTask.job 2008-06-06 18:49:52 354 --a------ C:\Windows\Tasks\McDefragTask.job -- Files created between 2008-05-21 and 2008-06-21 ----------------------------- 2008-06-20 22:50:52 0 d-------- C:\Program Files\Internet Tracks Washer 2008-06-20 22:35:06 0 d-------- C:\Program Files\WOT 2008-06-20 22:30:45 0 d-------- C:\Program Files\Innovative Solutions 2008-06-18 19:08:15 0 d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-06-18 16:41:33 0 d-------- C:\Program Files\Windows Live Safety Center 2008-06-15 18:23:48 57344 --a------ C:\Windows\system32\dDsttuvu.dll 2008-06-14 16:56:51 1203 --a------ C:\Windows\mozver.dat 2008-06-12 18:26:41 0 d-------- C:\Users\All Users\MumboJumbo 2008-06-12 15:48:45 0 d-------- C:\Program Files\Common Files\xing shared 2008-06-07 19:44:45 0 d-------- C:\Windows\system32\Adobe 2008-06-07 17:18:16 0 d-------- C:\Users\All Users\PopCap Games 2008-06-06 23:13:02 0 d-------- C:\Users\All Users\Nero 2008-06-06 20:53:53 0 d-------- C:\Local Settings 2008-06-06 19:25:23 0 d-------- C:\c4efd85f24a77578f922955132 2008-06-06 18:22:16 0 d-------- C:\Program Files\McAfee.com 2008-06-06 18:22:14 0 d-------- C:\Program Files\Common Files\McAfee 2008-06-06 18:22:12 0 d-------- C:\Program Files\McAfee 2008-06-06 18:16:38 0 d-------- C:\Users\All Users\McAfee 2008-06-06 15:50:43 0 d-------- C:\Windows\Panther 2008-06-06 15:49:16 0 d-------- C:\Windows\Debug 2008-06-06 15:37:42 0 d--h----- C:\$WINDOWS.~Q 2008-06-06 15:33:14 0 d--h----- C:\$INPLACE.~TR 2008-06-06 14:53:28 0 d-------- C:\2515ed04a7a8c68f892fae50ff7e 2008-06-06 00:26:05 0 d-------- C:\Users\Default\video 2008-06-06 00:00:14 0 dr------- C:\Users\numan asghar\Videos 2008-06-06 00:00:14 0 d--hs---- C:\Users\numan asghar\Templates 2008-06-06 00:00:14 0 d--hs---- C:\Users\numan asghar\Start Menu 2008-06-06 00:00:14 0 d--hs---- C:\Users\numan asghar\SendTo 2008-06-06 00:00:14 0 dr------- C:\Users\numan asghar\Saved Games 2008-06-06 00:00:14 0 d--hs---- C:\Users\numan asghar\Recent 2008-06-06 00:00:14 0 d--hs---- C:\Users\numan asghar\PrintHood 2008-06-06 00:00:14 0 dr------- C:\Users\numan asghar\Pictures 2008-06-06 00:00:14 6029312 --ahs---- C:\Users\numan asghar\NTUSER.DAT 2008-06-06 00:00:14 0 d--hs---- C:\Users\numan asghar\NetHood 2008-06-06 00:00:14 0 d--hs---- C:\Users\numan asghar\My Documents 2008-06-06 00:00:14 0 dr------- C:\Users\numan asghar\Music 2008-06-06 00:00:14 0 d--hs---- C:\Users\numan asghar\Local Settings 2008-06-06 00:00:14 0 dr------- C:\Users\numan asghar\Links 2008-06-06 00:00:14 0 dr------- C:\Users\numan asghar\Favorites 2008-06-06 00:00:14 0 dr------- C:\Users\numan asghar\Downloads 2008-06-06 00:00:14 0 dr------- C:\Users\numan asghar\Documents 2008-06-06 00:00:14 0 dr------- C:\Users\numan asghar\Desktop 2008-06-06 00:00:14 0 d--hs---- C:\Users\numan asghar\Cookies 2008-06-06 00:00:14 0 d--hs---- C:\Users\numan asghar\Application Data 2008-06-06 00:00:14 0 d--h----- C:\Users\numan asghar\AppData 2008-06-05 23:52:03 0 d-------- C:\Windows\Prefetch 2008-06-02 14:42:20 0 d-------- C:\Program Files\CCleaner 2008-05-26 16:28:05 0 d-------- C:\Users\numan asghar\048298C9A4D3490B9FF9AB023A9238F3.TMP -- Find3M Report --------------------------------------------------------------- 2008-06-20 21:43:08 0 d-------- C:\Program Files\Steam 2008-06-15 20:56:43 0 d-------- C:\Users\numan asghar\AppData\Roaming\Azureus 2008-06-13 23:31:10 0 d-------- C:\Program Files\Windows Mail 2008-06-12 15:48:45 0 d-------- C:\Program Files\Common Files 2008-06-12 15:48:30 0 d-------- C:\Program Files\Common Files\Real 2008-06-12 11:09:51 0 d-------- C:\Program Files\Common Files\Steam 2008-06-07 13:24:41 0 d-------- C:\Program Files\Azureus 2008-06-06 23:16:58 0 d-------- C:\Program Files\Common Files\Ahead 2008-06-06 19:52:08 174 --ahs---- C:\Program Files\desktop.ini 2008-06-06 18:31:59 0 d-------- C:\Users\numan asghar\AppData\Roaming\Identities 2008-06-06 17:36:14 0 d-------- C:\Program Files\Windows Calendar 2008-06-06 17:36:10 0 d-------- C:\Program Files\Windows Defender 2008-06-06 16:35:01 0 d-------- C:\Program Files\Windows Sidebar 2008-06-06 00:32:56 21412 --a------ C:\Windows\system32\emptyregdb.dat 2008-06-06 00:24:36 0 d-------- C:\Users\numan asghar\AppData\Roaming\Voipwise 2008-06-06 00:24:36 0 d-------- C:\Users\numan asghar\AppData\Roaming\VoipStunt 2008-06-06 00:24:36 0 d-------- C:\Users\numan asghar\AppData\Roaming\Talkback 2008-06-06 00:24:36 0 d-------- C:\Users\numan asghar\AppData\Roaming\ReGet Software 2008-06-06 00:24:35 0 d-------- C:\Users\numan asghar\AppData\Roaming\Real 2008-06-06 00:24:35 0 d-------- C:\Users\numan asghar\AppData\Roaming\PC Suite 2008-06-06 00:24:34 0 d-------- C:\Users\numan asghar\AppData\Roaming\Nokia 2008-06-06 00:24:34 0 d-------- C:\Users\numan asghar\AppData\Roaming\MusicNet 2008-06-06 00:24:31 0 d-------- C:\Users\numan asghar\AppData\Roaming\Mozilla 2008-06-06 00:24:29 0 d-------- C:\Users\numan asghar\AppData\Roaming\Media Player Classic 2008-06-06 00:24:29 0 d-------- C:\Users\numan asghar\AppData\Roaming\Macromedia 2008-06-06 00:22:43 0 d-------- C:\Users\numan asghar\AppData\Roaming\Apple Computer 2008-06-06 00:22:43 0 d-------- C:\Users\numan asghar\AppData\Roaming\Ahead 2008-06-06 00:22:43 0 d-------- C:\Users\numan asghar\AppData\Roaming\Adobe 2008-06-06 00:07:32 0 d-------- C:\Program Files\WinAce 2008-06-06 00:07:30 0 d-------- C:\Program Files\Voipwise.com 2008-06-06 00:07:30 0 d-------- C:\Program Files\VoipStunt.com 2008-06-06 00:07:25 0 d-------- C:\Program Files\Veoh Networks 2008-06-06 00:06:07 0 d-------- C:\Program Files\ReGetPro 2008-06-06 00:06:07 0 d-------- C:\Program Files\real 2008-06-06 00:05:59 0 d-------- C:\Program Files\QuickTime 2008-06-06 00:05:47 0 d-------- C:\Program Files\PC Connectivity Solution 2008-06-06 00:05:46 0 d-------- C:\Program Files\Nokia 2008-06-06 00:05:28 0 d-------- C:\Program Files\nero 2008-06-06 00:05:27 0 d-------- C:\Program Files\MTV Networks 2008-06-06 00:05:27 0 d-------- C:\Program Files\MSN Messenger 2008-06-06 00:05:26 0 d-------- C:\Program Files\MSBuild 2008-06-06 00:05:23 0 d-------- C:\Program Files\Motorola 2008-06-06 00:05:23 0 d-------- C:\Program Files\Microsoft.NET 2008-06-06 00:05:23 0 d-------- C:\Program Files\Microsoft Works 2008-06-06 00:05:23 0 d-------- C:\Program Files\Microsoft Visual Studio 8 2008-06-06 00:04:30 0 d-------- C:\Program Files\KingMania 2008-06-06 00:04:28 0 d-------- C:\Program Files\K-Lite Codec Pack 2008-06-06 00:04:19 0 d-------- C:\Program Files\Java 2008-06-06 00:04:05 0 d-------- C:\Program Files\iTunes 2008-06-06 00:03:59 0 d-------- C:\Program Files\iPod 2008-06-06 00:03:59 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-06-06 00:03:54 0 d-------- C:\Program Files\Infogrames 2008-06-06 00:03:54 0 d-------- C:\Program Files\Golden FTP Server 2008-06-06 00:03:54 0 d-------- C:\Program Files\DIFX 2008-06-06 00:03:54 0 d-------- C:\Program Files\Creative 2008-06-06 00:03:52 0 d-------- C:\Program Files\Common Files\ReGet Shared 2008-06-06 00:03:50 0 d-------- C:\Program Files\Common Files\PCSuite 2008-06-06 00:03:40 0 d-------- C:\Program Files\Common Files\Java 2008-06-06 00:03:40 0 d-------- C:\Program Files\Common Files\InstallShield 2008-06-06 00:03:20 0 d-------- C:\Program Files\Common Files\Apple 2008-06-06 00:03:13 0 d-------- C:\Program Files\Common Files\Adobe 2008-06-06 00:03:00 0 d-------- C:\Program Files\ATI 2008-06-06 00:02:59 0 d-------- C:\Program Files\Apple Software Update -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}] 05/20/2008 11:31 AM 2343584 --a------ C:\Program Files\WOT\WOT.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{71576546-354D-41C9-AAE8-31F2EC22BF0D}"= C:\Program Files\WOT\WOT.dll [05/20/2008 11:31 AM 2343584] [-HKEY_CLASSES_ROOT\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}] [HKEY_CLASSES_ROOT\WOT.WOTBar.1] [HKEY_CLASSES_ROOT\WOT.WOTBar] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DontDisplayLogonHoursWarnings"=1 (0x1) "LogonHoursAction"=2 (0x2) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{14370F76-7676-44A2-AD11-93A31C5FC9FC}"= C:\Windows\system32\dDsttuvu.dll [06/15/2008 06:23 PM 57344] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "c:\program files\steam\steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe "Steam"="c:\program files\steam\steam.exe" -silent "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 8744 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-06-21 22:08:19 ------------