C:\Documents and Settings\joxaal\Desktop\jt\crap\setup_ares.exe moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03212008_215711
Deckard's System Scanner v20071014.68
Run by joxaal on 2008-03-21 21:58:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
84: 2008-03-22 02:58:32 UTC - RP566 - Deckard's System Scanner Restore Point
83: 2008-03-21 23:22:10 UTC - RP565 - Installed Java 6 Update 5
82: 2008-03-21 21:16:44 UTC - RP564 - Installed SUPERAntiSpyware Free Edition
81: 2008-03-21 18:01:19 UTC - RP563 - Deckard's System Scanner Restore Point
80: 2008-03-21 09:46:58 UTC - RP562 - System Checkpoint
-- First Restore Point --
1: 2008-01-08 06:34:31 UTC - RP483 - System Checkpoint
Performed disk cleanup.
System Drive C: has 9.88 GiB (less than 15%) free.
-- HijackThis (run as joxaal.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:40 PM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\joxaal\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\joxaal.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8823 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080321-150449-317 O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
backup-20080321-150449-789 O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker\RunApp.exe (file missing)
backup-20080321-150449-943 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker\RunApp.exe (file missing)
backup-20080321-161147-943 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe"%1" %*
.scr - scrfile - shell\open\command - "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Process Modules -------------------------------------------------------------
C:\WINDOWS\SYSTEM32\winlogon.exe (pid 716)
2007-04-19 12:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>
C:\WINDOWS\explorer.exe (pid 2516)
2006-12-20 12:55:48 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>
-- Scheduled Tasks -------------------------------------------------------------
2008-03-21 20:06:58 566 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - joxaal.job
2008-03-21 18:13:24 440 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-03-21 10:18:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-03-20 07:05:15 374 --a------ C:\WINDOWS\Tasks\RegCure.job
-- Files created between 2008-02-21 and 2008-03-21 -----------------------------
2008-03-21 18:29:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-21 18:29:33 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-21 18:29:32 0 d-------- C:\WINDOWS\LastGood
2008-03-21 16:17:02 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-21 16:16:45 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-21 16:16:45 0 d-------- C:\Documents and Settings\joxaal\Application Data\SUPERAntiSpyware.com
2008-03-21 15:29:40 0 d-------- C:\Documents and Settings\joxaal\Application Data\Malwarebytes
2008-03-21 15:29:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-21 15:29:13 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-21 14:18:53 3694 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-15 23:53:13 0 d-------- C:\Program Files\RegCure
2008-03-15 23:43:13 0 d-------- C:\Program Files\RegistryFix
2008-03-15 23:34:59 0 d-------- C:\Documents and Settings\joxaal\Application Data\Uniblue
2008-03-15 23:34:55 0 d-------- C:\Program Files\Uniblue
2008-03-14 21:41:35 0 d-------- C:\WINDOWS\system32\appmgmt
2008-03-09 16:11:35 0 d-------- C:\WINDOWS\network diagnostic
2008-03-09 15:16:42 0 d-------- C:\Program Files\Trend Micro
2008-03-09 14:25:43 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-09 14:25:43 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-09 14:25:43 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-09 14:25:43 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-09 12:46:47 0 d-------- C:\Program Files\Enigma Software Group
2008-03-09 02:26:09 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-09 02:26:09 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-09 02:26:09 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-09 02:26:09 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-09 02:26:09 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-09 02:26:09 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-09 02:26:08 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-08 23:50:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-08 23:18:27 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-02-25 19:08:09 266240 -----n--- C:\WINDOWS\SBCDSL.exe <Not Verified; TODO: <Company name>; TODO: <Product name>>
-- Find3M Report ---------------------------------------------------------------
2008-03-21 18:25:18 0 d-------- C:\Program Files\Java
2008-03-21 18:15:36 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-21 16:16:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-15 21:34:03 0 d-------- C:\Program Files\SolidWorks
2008-03-15 21:21:42 0 d-------- C:\Program Files\Jasc Software Inc
2008-03-15 21:15:24 0 d-------- C:\Program Files\Common Files\aolshare
2008-03-14 21:42:01 0 d-------- C:\Program Files\Common Files
2008-03-14 21:29:06 0 d-------- C:\Program Files\Ahead
2008-03-14 21:28:50 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-14 21:11:16 0 d-------- C:\Program Files\Viewpoint
2008-03-10 19:13:56 0 d-------- C:\Program Files\Norton Internet Security
2008-03-08 23:50:40 0 d-------- C:\Program Files\Lavasoft
2008-03-08 15:30:49 0 d-------- C:\Program Files\Symantec
2008-02-27 19:43:43 0 d-------- C:\Documents and Settings\joxaal\Application Data\Adobe
2008-02-19 21:29:55 0 d-------- C:\Program Files\Zoom
2008-02-19 21:29:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-15 23:35:33 0 d-------- C:\Documents and Settings\joxaal\Application Data\Identities
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 10:43 AM]
"P17Helper"="P17.dll" [06/10/2004 11:51 AM C:\WINDOWS\SYSTEM32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 08:12 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/28/2004 07:21 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/25/2006 03:54 PM]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [03/23/2004 12:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/24/2006 04:24 AM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 08:15 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/11/2004 11:43 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/05/2005 10:05 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/28/2006 10:51 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [09/05/2006 09:22 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 06:38 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Steam"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]
C:\Documents and Settings\joxaal\Start Menu\Programs\Startup\
DESKTOP.INI [3/20/2004 12:58:38 PM]
PowerReg Scheduler.exe [1/28/2005 9:02:35 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/21/2004 9:30:38 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
*Newly Created Service* - COMHOST
-- End of Deckard's System Scanner: finished at 2008-03-21 21:59:44 ------------