I had to run this in safe mode
Deckard's System Scanner v20071014.68
Run by Kyle on 2008-05-18 16:50:16
Computer is in Safe Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
13: 2008-05-17 23:10:47 UTC - RP297 - Windows Update
12: 2008-05-17 00:12:00 UTC - RP296 - Windows Update
11: 2008-05-16 16:15:22 UTC - RP295 - Windows Update
10: 2008-05-16 01:21:37 UTC - RP294 - Scheduled Checkpoint
9: 2008-05-14 23:13:21 UTC - RP293 - Windows Update
-- First Restore Point --
1: 2008-05-06 21:41:38 UTC - RP285 - Windows Update
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Kyle.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:27 PM, on 18/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Users\Kyle\Desktop\dss.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kyle.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://en.ca.acer.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://en.ca.acer.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://ca.rd.yahoo.c...://ca.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: (no name) - {8648B8E9-D95F-44F5-A9C5-B96341F2078B} - C:\Windows\system32\aclu.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hid_start] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\gzmrotate.dll" DllVerify
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NI.UGDC_0001_N122M1912] "C:\Users\Kyle\Downloads\installer_en.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AntiSpyKit 5.3] "C:\Program Files\AntiSpyKit 5.3\AntiSpyKit 5.3.exe" /h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Startup: waffyqgqj.lnk = C:\Windows\System32\waffyqgqj.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} -
http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} -
http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.exe.imgfar...etup1.0.1.0.cabO16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) -
http://www.fileplane...C_2.3.6.108.cabO16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) -
http://gamedownload....Plugin11USA.cabO16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) -
http://www.trendsecu...asyInstallX.CABO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://www.adobe.com...obat/nos/gp.cabO23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 9420 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 NCPro - c:\windows\system32\drivers\mtictwl.sys
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
S3 MagicTune - c:\windows\system32\drivers\mtictwl.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S2 AcerMemUsageCheckService (ePerformance Service) - c:\acer\empowering technology\eperformance\memcheck.exe <Not Verified; ; MemCheck.Service>
S2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S2 eRecoveryService (eRecovery Service) - c:\acer\empowering technology\erecovery\erecoveryservice.exe <Not Verified; Acer Inc.; eRecoveryService>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\3&2411E6FE&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\3&2411E6FE&0
Service: i8042prt
-- Scheduled Tasks -------------------------------------------------------------
2008-05-12 03:00:00 494 --a------ C:\Windows\Tasks\AdwareAlert Scheduled Scan.job
-- Files created between 2008-04-18 and 2008-05-18 -----------------------------
2008-05-16 21:54:20 0 d-------- C:\327882R2FWJFW
2008-05-15 22:26:14 57344 --a------ C:\Windows\system32\waffyqgqj.exe <WAFFYQ~1.EXE> <Not Verified; Company; setup>
2008-05-14 23:42:52 0 d-------- C:\Program Files\LimeWire
2008-05-12 15:39:20 68096 --a------ C:\Windows\zip.exe
2008-05-12 15:39:20 49152 --a------ C:\Windows\VFind.exe
2008-05-12 15:39:20 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-12 15:39:20 98816 --a------ C:\Windows\sed.exe
2008-05-12 15:39:20 80412 --a------ C:\Windows\grep.exe
2008-05-12 15:39:20 73728 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-12 15:39:19 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-12 15:39:19 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-11 23:18:30 0 d-------- C:\Program Files\Trend Micro
2008-05-11 22:18:52 0 d-------- C:\BFU
2008-05-11 22:02:52 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-05-07 23:33:58 0 d-------- C:\Program Files\SCAR 3.12
2008-05-05 16:54:02 0 d-------- C:\Program Files\iPod
2008-05-05 16:53:43 0 d-------- C:\Program Files\iTunes
2008-05-05 16:51:53 0 d-------- C:\Program Files\QuickTime
2008-05-05 16:38:43 0 d-------- C:\Program Files\Apple Software Update
2008-05-04 17:43:48 0 d-------- C:\Windows\.jagex_cache_32
2008-05-04 16:22:44 0 d-------- C:\Windows\Sun
2008-04-28 18:31:09 0 d-------- C:\Users\Kyle\Documents
2008-04-28 15:57:37 0 d-------- C:\Program Files\GameSpy Arcade
2008-04-24 23:16:03 0 d-------- C:\Program Files\SpeederXP
2008-04-19 15:31:02 0 d-------- C:\Program Files\directx
-- Find3M Report ---------------------------------------------------------------
2008-05-15 22:29:16 0 d-------- C:\Users\Kyle\AppData\Roaming\LimeWire
2008-05-13 21:56:46 0 d-------- C:\Program Files\Windows Mail
2008-05-11 23:17:36 0 d-------- C:\Users\Kyle\AppData\Roaming\TrojanHunter
2008-05-11 22:27:28 0 d-------- C:\Users\Kyle\AppData\Roaming\Xfire
2008-05-11 22:26:17 0 d-------- C:\Program Files\Cheat Engine
2008-05-10 16:30:59 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-05-01 15:59:33 0 d-------- C:\Program Files\Microsoft Games
2008-04-30 15:26:01 0 d-------- C:\Program Files\Xfire
2008-04-28 18:16:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-22 18:40:29 0 d-------- C:\Program Files\Norton 360
2008-04-14 21:54:58 0 d-------- C:\Users\Kyle\AppData\Roaming\GetRightToGo
2008-04-14 21:54:30 0 d-------- C:\Program Files\CoolSpeech
2008-04-11 23:12:16 0 d-------- C:\Program Files\AntiSpyKit 5.3
2008-04-07 16:47:05 235413 --a------ C:\Windows\hpqins16.dat
2008-04-07 16:46:33 0 d-------- C:\Program Files\HP
2008-04-02 22:08:57 0 d-------- C:\Program Files\World of Warcraft
2008-03-30 21:28:38 0 d-------- C:\Program Files\Gpotato
2008-03-22 15:41:26 0 d-------- C:\Program Files\Java
2008-03-20 14:37:45 0 d-------- C:\Program Files\Helper
2008-03-04 16:34:21 130987 --a------ C:\Windows\hpoins12.dat
2008-03-01 21:20:41 0 --a------ C:\Windows\nsreg.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8648B8E9-D95F-44F5-A9C5-B96341F2078B}]
C:\Windows\system32\aclu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [16/08/2007 10:49 PM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [06/04/2007 12:21 AM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [06/04/2007 12:21 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [06/04/2007 12:21 AM]
"RtHDVCpl"="RtHDVCpl.exe" [15/02/2007 03:07 AM C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [24/01/2007 11:27 AM]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [07/02/2007 01:04 AM]
"Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" [02/02/2007 01:24 PM]
"Acer Assist Launcher"="C:\Program Files\Acer Assist\launcher.exe" [02/02/2007 12:05 PM]
"eRecoveryService"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [10/12/2006 09:52 PM]
"hid_start"="C:\Windows\system32\gzmrotate.dll" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [09/03/2007 12:09 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [17/07/2007 07:54 PM]
"NI.UGDC_0001_N122M1912"="C:\Users\Kyle\Downloads\installer_en.exe" []
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 06:38 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 10:16 PM]
"AntiSpyKit 5.3"="C:\Program Files\AntiSpyKit 5.3\AntiSpyKit 5.3.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36 AM]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [25/03/2008 07:08 PM]
"MRT"="C:\Windows\system32\MRT.exe" [09/05/2008 03:35 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [08/01/2008 11:41 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 06:35 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [05/03/2007 03:57 PM]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [15/02/2007 07:39 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Seekmo\Startup\
waffyqgqj.lnk - C:\Windows\System32\waffyqgqj.exe [15/05/2008 10:26:14 PM]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [30/04/2007 4:18:28 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [02/01/2007 9:40:10 PM]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [16/08/2007 10:10:43 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [28/04/2008 11:20:00 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e95458b-4c69-11dc-b728-806e6f6e6963}]
AutoRun\command- E:\setup.exe /autorun
directx\command- E:\DirectX\dxsetup.exe
setup\command- E:\setup.exe
*Newly Created Service* - COMHOST
*Newly Created Service* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2008-05-18 16:52:38 ------------