Deckard's System Scanner v20070905.67
Run by Owner on 2008-03-27 16:14:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
80: 2008-03-27 21:14:48 UTC - RP183 - Deckard's System Scanner Restore Point
79: 2008-03-27 02:39:09 UTC - RP182 - System Checkpoint
78: 2008-03-26 02:14:14 UTC - RP181 - Removed Google Earth.
77: 2008-03-26 02:13:46 UTC - RP180 - Installed Google Earth
76: 2008-03-25 16:11:14 UTC - RP179 - System Checkpoint
-- First Restore Point --
1: 2008-01-24 21:46:56 UTC - RP104 - Removed GameTap
Performed disk cleanup.
Total Physical Memory: 504 MiB (512 MiB recommended).-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:02 PM, on 3/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\desktop\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://omaha.cox.net/cci/homeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://a1540.g.akama...ex/qtplugin.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
http://pcpitstop.com...p/PCPitStop.CABO16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -
http://www.fileplane...C_2.3.6.108.cabO16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) -
http://www.nanoscan....s/ascstubie.cabO16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} -
http://www.vzwpix.co...loadControl.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
http://cdn2.zone.msn...ro.cab56649.cabO16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - c:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 7874 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\Trend Micro\HijackThis\backups\) ------
backup-20080124-190526-159 O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'Default user')
backup-20080124-190526-185 O4 - .DEFAULT Startup: Compaq Organize.lnk = ? (User 'Default user')
backup-20080124-190526-219 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
backup-20080124-190526-251 O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
backup-20080124-190526-428 O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
backup-20080124-190526-439 O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
backup-20080124-190526-518 O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
backup-20080124-190526-614 O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
backup-20080124-190526-632 O4 - .DEFAULT User Startup: Compaq Organize.lnk = ? (User 'Default user')
backup-20080124-190526-697 O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
backup-20080124-190526-804 O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
backup-20080124-190526-830 O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'Default user')
backup-20080124-190526-838 O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
backup-20080124-190606-681 O24 - Desktop Component 0: (no name) -
http://x.myspace.com...s/onlinenow.gifbackup-20080124-190847-233 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
http://www.popcap.co...aploader_v6.cabbackup-20080321-182940-102 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080321-182940-114 O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
backup-20080321-182940-128 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
backup-20080321-182940-334 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-qus9.hpwis.com/backup-20080321-182940-386 O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
backup-20080321-182940-802 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
backup-20080321-182940-920 O9 - Extra button: (no name) - AutorunsDisabled - (no file)
backup-20080321-182940-948 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-qus9.hpwis.com/-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S2 CSS DVP - c:\windows\system32\drivers\css-dvp.sys (file missing)
S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
S3 catchme - c:\docume~1\owner\locals~1\temp\catchme.sys (file missing)
S3 XDva009 - c:\windows\system32\xdva009.sys (file missing)
S3 XDva016 - c:\windows\system32\xdva016.sys (file missing)
S3 XDva020 - c:\windows\system32\xdva020.sys (file missing)
S3 XDva022 - c:\windows\system32\xdva022.sys (file missing)
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 dvpapi - "c:\program files\common files\command software\dvpapi.exe" <Not Verified; Command Software Systems, Inc.; Command AntiVirus for Windows>
R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
S2 omniserv (Softex OmniPass Service) - c:\program files\softex\omnipass\omniserv.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Process Modules -------------------------------------------------------------
C:\WINDOWS\system32\winlogon.exe (pid 500)
2007-04-19 12:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>
C:\WINDOWS\explorer.exe (pid 1664)
2004-11-23 17:51:04 192512 --a------ C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll <Not Verified; MarkAny Cooperation.; MACSMGR Module>
2006-12-20 12:55:48 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>
2006-04-07 10:00:00 5120 --a------ C:\Program Files\WinZip\WZSHLSTB.DLL <Not Verified; WinZip Computing LP; WinZip>
2007-02-27 11:39:26 61440 --a------ C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware Context Menu Extension>
2007-09-20 18:34:58 129024 --a------ C:\Program Files\WinRAR\RarExt.dll
-- Scheduled Tasks -------------------------------------------------------------
2008-03-21 17:15:00 376 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
-- Files created between 2008-02-27 and 2008-03-27 -----------------------------
2008-03-26 07:03:38 0 d-------- C:\WINDOWS\LastGood
2008-03-25 21:16:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-24 23:25:07 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-03-21 18:50:28 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-21 18:50:14 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-21 18:49:36 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-21 18:33:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-03-21 18:33:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-20 20:50:33 0 d-------- C:\Program Files\Viewpoint
2008-03-17 23:45:23 0 d-------- C:\Documents and Settings\Owner\Application Data\skypePM
2008-03-17 23:45:23 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-16 21:08:50 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-03-16 20:37:27 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-16 20:37:14 0 d-------- C:\Program Files\Windows Live
2008-03-16 20:36:35 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-14 03:04:23 0 d-------- C:\Program Files\MSXML 6.0
2008-03-12 17:03:59 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-12 17:01:40 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-03-12 16:58:11 0 d-------- C:\f3ecfe40b74543bc84e9d151
2008-03-09 11:03:02 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 3
2008-03-07 18:07:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Emulators
2008-03-06 18:18:20 0 d-------- C:\Program Files\iTunes
2008-03-06 18:13:33 0 d-------- C:\Program Files\Common Files\Apple
2008-03-05 21:11:12 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-02-29 21:53:26 0 d--hs---- C:\found.000
2008-02-28 15:09:09 0 d-------- C:\Program Files\Disney
-- Find3M Report ---------------------------------------------------------------
2008-03-26 21:15:55 0 d-------- C:\Program Files\Dl_cats
2008-03-26 20:59:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-03-26 19:08:01 0 d-------- C:\Documents and Settings\Owner\Application Data\Intuit
2008-03-26 07:04:36 0 d-------- C:\Program Files\Panda Security
2008-03-26 07:03:04 10046 --a------ C:\WINDOWS\mozver.dat
2008-03-25 21:16:08 0 d-------- C:\Program Files\Google
2008-03-23 18:38:30 0 d-------- C:\Program Files\SpywareBlaster
2008-03-21 18:50:14 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-03-21 18:49:36 0 d-------- C:\Program Files\Common Files
2008-03-20 20:50:52 0 d-------- C:\Program Files\AIM6
2008-03-20 17:33:34 0 d-------- C:\Program Files\WM Converter
2008-03-19 20:16:30 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-03-19 20:16:26 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-19 20:13:30 0 d-------- C:\Program Files\TurboTax
2008-03-18 10:27:54 0 d-------- C:\Program Files\KXploit Tool
2008-03-17 23:45:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-03-17 23:44:36 0 d-------- C:\Program Files\Common Files\Skype
2008-03-16 20:30:34 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-09 11:03:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-03-06 18:18:41 0 d-------- C:\Program Files\iPod
2008-03-06 18:17:06 0 d-------- C:\Program Files\QuickTime
2008-02-14 17:53:34 0 d-------- C:\Program Files\FirstClass
2008-02-10 12:15:41 0 d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo
2008-02-02 16:47:52 0 d-------- C:\Program Files\Common Files\AOL
2008-01-31 22:19:59 0 d-------- C:\Program Files\Zune
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/13/2002 11:42 PM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [07/31/2002 10:28 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 08:00 AM]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [11/09/2004 04:41 PM]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [01/11/2008 06:54 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/14/2007 11:39 PM]
"LTMSG"="LTMSG.exe" [07/14/2003 10:52 AM C:\WINDOWS\ltmsg.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [3/25/2008 9:16:06 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [11/23/2004 05:51 PM 192512]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
*Newly Created Service* - GUSVC
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{19081054-F27C-28E3-0207-030202010102}]
C:\WINDOWS\system32\windowsplug.exe
-- End of Deckard's System Scanner: finished at 2008-03-27 16:19:52 ------------