Deckard's System Scanner v20071014.68 Run by ennitti on 2008-06-26 11:02:45 Computer is in Normal Mode. -------------------------------------------------------------------------------- [color=red]System Drive C: has 3.46 GiB (less than 15%) free.[/color] -- HijackThis (run as ennitti.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:03:00 AM, on 6/26/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Program Files\Norman\Npm\Bin\Elogsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\Program Files\Norman\npm\bin\nvoy.exe C:\Windows\system32\svchost.exe C:\Program Files\Norman\npf\bin\npfsvc32.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Windows\System32\rundll32.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Norman\Npm\Bin\Zlh.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Telenor\Mobilt Kontor\Mobilt Kontor.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Program Files\Norman\Nvc\BIN\NIP.EXE C:\Windows\system32\svchost.exe C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE C:\Program Files\Norman\Npm\bin\NJEEVES.EXE C:\Program Files\Norman\Nvc\bin\nvcoas.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Norman\Nvc\bin\cclaw.exe C:\Windows\system32\taskeng.exe C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Norman\npf\bin\npfuser.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\QuickTime\QuickTimePlayer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\download\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\ennitti.exe C:\Windows\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ennitti.com/7 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Mobilt Kontor.lnk = C:\Program Files\Telenor\Mobilt Kontor\Mobilt Kontor.exe O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Program Files\Norman\npf\bin\npfsvc32.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9675 bytes -- Files created between 2008-05-26 and 2008-06-26 ----------------------------- 2008-06-15 13:23:45 1438178 --a------ C:\SDFix.exe 2008-06-10 12:56:33 0 d-------- C:\MSNCleaner 2008-06-09 17:38:06 0 d-------- C:\Users\All Users\Malwarebytes 2008-06-09 17:38:05 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-09 13:01:13 0 d-------- C:\Program Files\Sun 2008-06-09 12:42:42 0 d-------- C:\Program Files\Trend Micro 2008-06-09 11:59:18 286090 --a------ C:\Pass2.cmd 2008-06-09 11:57:34 25600 --a------ C:\Windows\system32\WS2Fix.exe 2008-06-09 11:57:34 289144 --a------ C:\Windows\system32\VCCLSID.exe 2008-06-09 11:57:34 86528 --a------ C:\Windows\system32\VACFix.exe 2008-06-09 11:57:34 288417 --a------ C:\Windows\system32\SrchSTS.exe 2008-06-09 11:57:34 53248 --a------ C:\Windows\system32\Process.exe 2008-06-09 11:57:34 82944 --a------ C:\Windows\system32\IEDFix.exe 2008-06-09 11:57:34 51200 --a------ C:\Windows\system32\dumphive.exe 2008-06-09 11:57:34 82944 --a------ C:\Windows\system32\404Fix.exe 2008-06-09 11:40:46 0 d-------- C:\Program Files\Quick StartUp 2008-06-09 11:40:13 5092 --a------ C:\Windows\system32\tmp.reg 2008-06-09 11:24:22 0 d-------- C:\Program Files\TweakNow RegCleaner Std 2008-06-09 10:39:56 0 d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-06-09 00:54:36 0 d-------- C:\Windows\system32\7951 2008-06-07 04:10:09 0 d-------- C:\Temp 2008-06-01 11:13:18 0 d-------- C:\BluRay 2008-05-31 01:22:48 802816 --a------ C:\Windows\system32\divx_xx11.dll 2008-05-31 01:22:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll 2008-05-31 01:22:48 823296 --a------ C:\Windows\system32\divx_xx07.dll 2008-05-31 01:22:46 815104 --a------ C:\Windows\system32\divx_xx0a.dll 2008-05-31 01:22:46 683520 --a------ C:\Windows\system32\DivX.dll 2008-05-26 21:38:51 0 d-------- C:\Program Files\PokerStove -- Find3M Report --------------------------------------------------------------- 2008-06-26 05:17:31 452704 --a------ C:\Windows\system32\perfh014.dat 2008-06-26 05:17:31 76640 --a------ C:\Windows\system32\perfc014.dat 2008-06-26 05:16:29 0 d-------- C:\Users\ennitti\AppData\Roaming\uTorrent 2008-06-26 04:59:33 0 d-------- C:\Program Files\Poker Tracker V2 2008-06-26 04:55:49 0 d-------- C:\Users\ennitti\AppData\Roaming\Skype 2008-06-26 03:01:54 0 d-------- C:\Users\ennitti\AppData\Roaming\skypePM 2008-06-25 23:57:43 0 d-------- C:\Program Files\Betsafe Poker 2008-06-25 12:30:30 54503 --a------ C:\Users\ennitti\AppData\Roaming\nvModes.001 2008-06-25 12:30:29 54503 --a------ C:\Users\ennitti\AppData\Roaming\nvModes.dat 2008-06-24 20:01:43 0 d-------- C:\Program Files\Norman 2008-06-24 17:28:13 2484 --a------ C:\Windows\bthservsdp.dat 2008-06-24 10:29:49 0 d-------- C:\Users\ennitti\AppData\Roaming\mIRC 2008-06-24 10:29:08 0 d-------- C:\Program Files\mIRC 2008-06-23 00:29:11 0 d-------- C:\Program Files\Full Tilt Poker 2008-06-19 01:24:26 0 d-------- C:\Program Files\InterPoker 2008-06-19 01:20:21 0 d-------- C:\Program Files\SunPoker.com 2008-06-18 13:08:47 1222 --a------ C:\Users\ennitti\AppData\Roaming\wklnhst.dat 2008-06-12 16:40:58 0 d-------- C:\Program Files\DivX 2008-06-10 06:09:46 0 d-------- C:\Program Files\Windows Mail 2008-06-09 17:38:09 0 d-------- C:\Users\ennitti\AppData\Roaming\Malwarebytes 2008-06-09 13:01:05 0 d-------- C:\Program Files\Java 2008-06-01 22:05:53 0 d-------- C:\Program Files\PokerStars 2008-05-23 00:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll 2008-05-23 00:19:46 196608 --a------ C:\Windows\system32\dtu100.dll 2008-05-23 00:19:46 81920 --a------ C:\Windows\system32\dpl100.dll 2008-05-23 00:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll 2008-05-15 14:35:49 0 d-------- C:\Program Files\Common Files\Adobe 2008-05-13 17:34:06 0 d-------- C:\Program Files\TmNationsForever 2008-05-11 01:18:53 0 d-------- C:\Program Files\Recover Files 2008-04-27 12:18:35 0 d--h----- C:\Program Files\InstallShield Installation Information -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/13/2007 05:36 AM] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [02/13/2007 11:38 AM] "NvSvc"="C:\Windows\system32\nvsvc.dll" [07/09/2007 04:57 AM] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [07/09/2007 04:57 AM] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [07/09/2007 04:57 AM] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [03/01/2007 01:18 PM] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [01/10/2007 04:12 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM] "Norman ZANDA"="C:\Program Files\Norman\Npm\bin\ZLH.exe" [12/17/2007 03:37 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 02:36 PM] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [3/29/2007 2:11:50 PM] Mobilt Kontor.lnk - C:\Program Files\Telenor\Mobilt Kontor\Mobilt Kontor.exe [5/10/2007 10:38:58 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableLUA"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum bthsvcs BthServ GPSvcGroup GPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] AutoRun\command- G:\.\start.bat *Newly Created Service* - MBAMCATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-06-26 11:03:54 ------------