Deckard's System Scanner v20071014.68 Run by Dean on 2008-05-12 14:06:42 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 36: 2008-05-12 09:23:25 UTC - RP710 - ComboFix created restore point 35: 2008-05-11 14:11:40 UTC - RP709 - Windows Defender Checkpoint 34: 2008-05-10 13:41:37 UTC - RP707 - Made by Registry Mechanic 33: 2008-05-10 12:07:52 UTC - RP705 - Installed SUPERAntiSpyware Professional 32: 2008-05-09 10:22:45 UTC - RP704 - Windows Update -- First Restore Point -- 1: 2008-04-15 06:46:40 UTC - RP659 - Shockwave Player Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Dean.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:07, on 2008-05-12 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\rundll32.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Users\Dean\Desktop\dss.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Dean\Desktop\Dean.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\4516\toolbaru.dll R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O1 - Hosts: ::1 localhost O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\4516\toolbaru.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\4516\toolbaru.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-2882924703-1901972603-1568058881-501\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Gast') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: AutorunsDisabled O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing) O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 9508 bytes -- HijackThis Fixed Entries (C:\Users\Dean\Desktop\backups\) ------------------- backup-20080512-110728-249 O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll backup-20080512-110729-360 O4 - HKCU\..\Run: [qhdgenkic] c:\users\dean\appdata\local\qhdgenkic.exe qhdgenkic -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- S3 PSI - c:\windows\system32\drivers\psi_mf.sys S3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys S3 z520mdfl (Sony Ericsson 520 USB WMC Modem Filter) - c:\windows\system32\drivers\z520mdfl.sys S3 z520mdm (Sony Ericsson 520 USB WMC Modem Drivers) - c:\windows\system32\drivers\z520mdm.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" R2 Bonjour Service (Bonjour-Dienst) - "c:\program files\bonjour\mdnsresponder.exe" R2 IJPLMSVC (PIXMA Extended Survey Program) - c:\program files\canon\ijplm\ijplmsvc.exe R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe S3 NMIndexingService - "c:\program files\common files\nero\lib\nmindexingservice.exe" (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-05-12 14:05:29 416 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{86815DAC-522D-45AA-9D56-D49FBC84033A}.job 2008-05-12 13:29:01 256 --a------ C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job -- Files created between 2008-04-12 and 2008-05-12 ----------------------------- 2008-05-12 13:47:56 161792 --a------ C:\Windows\swreg.exe 2008-05-12 13:47:06 68096 --a------ C:\Windows\zip.exe 2008-05-12 13:47:06 49152 --a------ C:\Windows\VFind.exe 2008-05-12 13:47:06 136704 --a------ C:\Windows\swsc.exe 2008-05-12 13:47:06 98816 --a------ C:\Windows\sed.exe 2008-05-12 13:47:06 80412 --a------ C:\Windows\grep.exe 2008-05-12 13:47:06 73728 --a------ C:\Windows\fdsv.exe 2008-05-12 13:46:45 212480 --a------ C:\Windows\swxcacls.exe 2008-05-11 16:20:59 0 d-------- C:\Program Files\BearShare 2008-05-11 11:16:13 356352 --a------ C:\Windows\Adlerflug3DUninstaller.exe 2008-05-11 11:16:13 10039296 --a------ C:\Windows\Adlerflug3D.scr 2008-05-10 14:08:40 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-05-10 14:08:25 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-05-09 21:53:10 0 d-------- C:\Users\All Users\Messenger Plus! 2008-05-09 21:49:47 0 d-------- C:\Program Files\Messenger Plus! Live 2008-05-09 21:35:34 0 d-------- C:\Program Files\StuffPlug3 2008-05-05 18:38:43 0 d-------- C:\Program Files\Lavasoft 2008-05-05 18:38:42 0 d-------- C:\Users\All Users\Lavasoft 2008-05-03 22:06:26 0 d-------- C:\Users\All Users\SweetIM 2008-05-03 22:06:26 0 d-------- C:\Program Files\SweetIM 2008-04-23 17:26:17 0 d-------- C:\Program Files\Flash Slideshow Maker Professional 2008-04-19 21:25:41 0 d-------- C:\Windows\system32\URTTEMP 2008-04-19 18:35:41 0 d-------- C:\MicrosoftKB928080 2008-04-16 17:22:45 0 d-------- C:\X-Plane 9.00r2 2008-04-15 08:47:16 0 d-------- C:\Windows\system32\Adobe 2008-04-12 10:33:34 0 d-------- C:\Users\Dean\.thumbnails -- Find3M Report --------------------------------------------------------------- 2008-05-11 19:23:29 0 d-------- C:\Program Files\BearShare Applications 2008-05-11 16:20:29 0 d-------- C:\Users\Dean\AppData\Roaming\AVG7 2008-05-10 21:09:39 632160 --a------ C:\Windows\system32\perfh007.dat 2008-05-10 21:09:39 128224 --a------ C:\Windows\system32\perfc007.dat 2008-05-10 14:08:25 0 d-------- C:\Users\Dean\AppData\Roaming\SUPERAntiSpyware.com 2008-05-10 14:07:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-09 18:22:06 0 d-------- C:\Program Files\ICQ6 2008-05-09 16:45:16 0 d-------- C:\Program Files\ICQToolbar 2008-05-09 16:41:20 0 d-------- C:\Users\Dean\AppData\Roaming\ICQ 2008-04-22 14:22:54 0 d-------- C:\Program Files\Safari 2008-04-22 14:21:19 0 d-------- C:\Program Files\Apple Software Update 2008-04-21 14:37:50 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-21 14:12:24 0 d-------- C:\Program Files\Microsoft Games 2008-04-21 14:04:39 0 d-------- C:\Program Files\Windows Installer Clean Up 2008-04-21 14:03:30 0 d-------- C:\Program Files\MSECACHE 2008-04-18 10:31:21 0 d-------- C:\Program Files\Common Files\Logishrd 2008-04-12 10:33:34 0 d-------- C:\Users\Dean\AppData\Roaming\gtk-2.0 2008-04-10 12:40:27 0 d-------- C:\Users\Dean\AppData\Roaming\Opera 2008-04-10 12:40:03 0 d-------- C:\Program Files\Opera 2008-04-06 16:45:11 0 d-------- C:\Program Files\Common Files 2008-04-06 16:45:11 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-04-03 09:38:44 0 d-------- C:\Program Files\iTunes 2008-04-03 09:38:24 0 d-------- C:\Program Files\iPod 2008-04-03 09:37:19 0 d-------- C:\Program Files\QuickTime 2008-04-02 16:47:56 0 d-------- C:\Users\Dean\AppData\Roaming\U3 2008-04-02 11:31:57 0 d-------- C:\Users\Dean\AppData\Roaming\Real 2008-04-02 11:26:45 0 d-------- C:\Program Files\Common Files\xing shared 2008-04-02 11:26:41 0 d-------- C:\Program Files\Common Files\Real 2008-04-02 11:26:29 0 d-------- C:\Program Files\Real 2008-03-28 16:40:27 0 d-------- C:\Users\Dean\AppData\Roaming\UpdateStar 2008-03-24 19:06:18 0 d-------- C:\Program Files\MessengerSkinner 2008-03-24 16:27:25 0 d-------- C:\Program Files\InternetGameBox 2008-03-21 14:24:37 0 d-------- C:\Program Files\Secunia 2008-03-20 11:07:01 0 d-------- C:\Program Files\Java 2008-03-20 09:56:54 0 d-------- C:\Program Files\IKEA HomePlanner 2008-03-19 10:21:51 174 --ahs---- C:\Program Files\desktop.ini 2008-03-19 10:11:53 0 d-------- C:\Program Files\Windows Calendar 2008-03-19 10:11:52 0 d-------- C:\Program Files\Windows Sidebar 2008-03-19 10:11:52 0 d-------- C:\Program Files\Movie Maker 2008-03-19 10:11:50 0 d-------- C:\Program Files\Windows Mail 2008-03-19 10:11:47 0 d-------- C:\Program Files\Windows Collaboration 2008-03-19 10:11:45 0 d-------- C:\Program Files\Windows Journal 2008-03-19 10:11:44 0 d-------- C:\Program Files\Windows Photo Gallery 2008-03-19 10:11:33 0 d-------- C:\Program Files\Windows Defender 2008-03-19 08:40:34 0 d-------- C:\Program Files\Nero 2008-03-18 15:15:35 0 d-------- C:\Program Files\NeroInstall.bak 2008-03-14 08:34:09 0 d-------- C:\Users\Dean\AppData\Roaming\Mozilla 2008-03-14 08:33:51 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 4 -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RegistryMechanic"="" [] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-02 11:26] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25] "RtHDVCpl"="RtHDVCpl.exe" [2007-02-16 07:07 C:\Windows\RtHDVCpl.exe] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-13 01:00] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-13 01:00] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-13 01:00] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 C:\Windows\KHALMNPR.Exe] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 15:46] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "@"="" [] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [24.09.2007 13:46:40] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [27.02.2008 08:48:15] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"=0 (0x0) "EnableUIADesktopToggle"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "disableregistrytools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 2007-03-01 06:51 9216 C:\Windows\System32\avgwlntf.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum WudfServiceGroup WUDFSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{557c2d43-c72d-11db-9d09-806e6f6e6963}] AutoRun\command- D:\autorun.exe directx\command- D:\DirectX9\dxsetup.exe setup\command- D:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df1b9623-008c-11dd-8dce-0017316c1bc6}] AutoRun\command- L:\LaunchU3.exe -a [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-05-12 14:08:49 ------------