thx for responding here is the log u requested
Deckard's System Scanner v20071014.68
Run by John Le on 2008-07-31 17:22:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as John Le.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:24 PM, on 31/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Documents and Settings\John Le\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JOHNLE~1.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://au.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://au.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://au.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<<
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {43924C9C-DC4D-4C90-BD4A-0D9F6BCE536E} - C:\WINDOWS\system32\khfDtQKb.dll (file missing)
O2 - BHO: (no name) - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?bcedacc655764656a9da93988bf51eca
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?bcedacc655764656a9da93988bf51eca
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} -
http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://javadl.sun.com/webapps/downlo...BundleId=21871
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\Mabinogi\npkcmsvc.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
--
End of file - 10640 bytes
-- Files created between 2008-06-30 and 2008-07-31 -----------------------------
2008-07-30 22:15:38 0 dr-h----- C:\Documents and Settings\John Le\Recent
2008-07-26 19:13:55 0 d-------- C:\Program Files\RegCure
2008-07-26 17:59:10 0 d-------- C:\Archivos de programa
2008-07-23 18:02:06 0 d-------- C:\Program Files\Panda Security
2008-07-23 17:58:17 0 d-------- C:\ie-spyad_zo
2008-07-23 17:38:25 0 d-------- C:\Program Files\Trend Micro
2008-07-23 17:26:52 0 d-------- C:\Program Files\SpywareBlaster
2008-07-23 17:18:10 0 d-------- C:\Program Files\CCleaner
2008-07-23 16:30:39 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-23 16:30:29 0 d-------- C:\Documents and Settings\John Le\Application Data\DAEMON Tools
2008-07-22 21:47:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-22 21:47:00 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-22 21:47:00 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-22 21:47:00 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-22 21:47:00 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-22 21:47:00 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-22 21:47:00 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-22 21:47:00 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-22 21:47:00 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-22 21:47:00 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-22 18:57:17 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-22 18:55:25 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-22 18:55:24 0 d-------- C:\Documents and Settings\John Le\Application Data\SUPERAntiSpyware.com
2008-07-22 18:54:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-22 18:20:50 0 d-------- C:\Program Files\Alwil Software
2008-07-22 17:53:42 0 d-------- C:\VundoFix Backups
2008-07-22 17:15:47 0 d-------- C:\Program Files\SpeedOptimizer
2008-07-19 17:33:26 417648 --ahs---- C:\WINDOWS\system32\bKQtDfhk.ini2
2008-07-17 21:12:57 0 d-------- C:\WoW-2.0.0-enUS-Installer
2008-07-17 21:12:42 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-07-17 13:57:17 0 d-------- C:\Documents and Settings\John Le\Application Data\My Games
2008-07-17 12:56:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2008-07-16 13:02:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-07-14 18:27:50 0 d-------- C:\Program Files\GamesCampus
2008-07-13 21:17:26 0 d-------- C:\Documents and Settings\John Le\Application Data\Wildfire
2008-07-13 14:29:36 4096 --a------ C:\WINDOWS\d3dx.dat
2008-07-13 14:16:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-13 14:16:31 0 d-------- C:\Program Files\GamesCafe.com
2008-07-13 14:15:14 0 d-------- C:\Program Files\eMule
2008-07-13 14:12:14 0 d-------- C:\Program Files\RealArcade
2008-07-11 09:31:44 0 d-------- C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-07-11 09:31:39 0 d-------- C:\Documents and Settings\John Le\Application Data\SpeedBit
2008-07-09 14:39:19 0 d-------- C:\Program Files\Messenger Plus! Live
2008-07-07 16:14:49 0 d--h----- C:\WINDOWS\PIF
2008-07-06 13:47:24 0 d-------- C:\Program Files\Chicken Invaders 3
2008-07-06 13:47:15 0 d-------- C:\Program Files\ReflexiveArcade
-- Find3M Report ---------------------------------------------------------------
2008-07-31 16:59:44 0 d-------- C:\Documents and Settings\John Le\Application Data\DMCache
2008-07-30 22:24:59 40 --a------ C:\WINDOWS\system32\profile.dat
2008-07-30 21:27:17 0 d-------- C:\Documents and Settings\John Le\Application Data\Vso
2008-07-30 21:27:16 668 --a------ C:\Documents and Settings\John Le\Application Data\vso_ts_preview.xml
2008-07-25 20:01:19 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-23 21:57:51 0 d-------- C:\Documents and Settings\John Le\Application Data\uTorrent
2008-07-23 17:26:29 0 d-------- C:\Program Files\Shockwave.com
2008-07-22 18:54:48 0 d-------- C:\Program Files\Common Files
2008-07-22 17:25:06 0 d-------- C:\Documents and Settings\John Le\Application Data\Azureus
2008-07-19 17:17:04 0 d-------- C:\Program Files\Azureus
2008-07-19 16:53:04 0 d-------- C:\Documents and Settings\John Le\Application Data\BitTorrent
2008-07-13 21:01:40 0 d-------- C:\Documents and Settings\John Le\Application Data\dvdcss
2008-07-09 14:39:19 0 d-------- C:\Program Files\Windows Live
2008-07-09 14:39:19 0 d-------- C:\Program Files\MSN Messenger
2008-06-28 20:39:02 0 d-------- C:\Documents and Settings\John Le\Application Data\PlayFirst
2008-06-14 19:15:28 0 d-------- C:\Program Files\Sun
2008-06-14 19:15:07 0 d-------- C:\Program Files\Java
2008-06-12 21:31:05 0 d-------- C:\Documents and Settings\John Le\Application Data\IDM
2008-06-11 18:53:43 0 d-------- C:\Documents and Settings\John Le\Application Data\Adobe
2008-06-11 18:53:03 1291 --a------ C:\WINDOWS\mozver.dat
2008-06-11 08:29:26 0 d-------- C:\Program Files\Incomplete
2008-06-10 17:46:06 0 d-------- C:\Program Files\uTorrent
2008-06-10 17:17:58 0 d-------- C:\Program Files\AskSBar
2008-06-10 17:13:10 0 d-------- C:\Documents and Settings\John Le\Application Data\LimeWire
2008-06-10 17:12:49 0 d-------- C:\Program Files\LimeWire
2008-06-07 13:39:04 0 d-------- C:\Program Files\ChickenInvadersTNWXmasdemo
2008-05-21 17:10:18 34 --a------ C:\Documents and Settings\John Le\Application Data\pcouffin.log
2008-05-21 17:10:00 47360 --a------ C:\Documents and Settings\John Le\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-21 17:10:00 1144 --a------ C:\Documents and Settings\John Le\Application Data\pcouffin.inf
2008-05-21 17:10:00 7887 --a------ C:\Documents and Settings\John Le\Application Data\pcouffin.cat
2008-05-12 18:42:48 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-05-07 18:16:07 299 --a------ C:\WINDOWS\EReg515.dat
2008-05-06 17:02:54 0 --a------ C:\WINDOWS\nsreg.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43924C9C-DC4D-4C90-BD4A-0D9F6BCE536E}]
C:\WINDOWS\system32\khfDtQKb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
10/06/2008 05:17 PM 262144 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [10/06/2008 05:17 PM 262144]
[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [05/07/2007 06:08 PM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [15/06/2007 06:45 PM C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 08:43 PM C:\WINDOWS\Alcmtr.exe]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [02/11/2004 07:24 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [04/10/2005 11:42 AM]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [15/11/2005 12:28 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28 AM]
"EPSON Stylus Photo R230 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.exe" [09/03/2005 02:00 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 09:19 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 10:00 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/06/2008 09:49 AM]
"IDMan"="C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe" [21/12/2007 07:16 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33 AM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
"Magnify"=Magnify.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 AM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d73cefbc-1721-11dd-9db3-001d7d71803e}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
-- End of Deckard's System Scanner: finished at 2008-07-31 17:23:02 ------------
End of file - 10737 bytes