–
End of file - 11337 bytes
– Files created between 2008-01-23 and 2008-02-23 -----------------------------
2008-02-20 18:59:43 0 d-------- C:\Windows\pss
2008-02-18 17:00:21 0 d-------- C:\BackUpMSNCleaner
2008-02-18 14:20:56 0 d-------- C:\Program Files\Trend Micro
2008-02-09 11:16:10 0 d-------- C:\Program Files\iPod
2008-02-09 11:15:46 0 d-------- C:\Program Files\iTunes
2008-02-09 11:13:54 0 d-------- C:\Program Files\Bonjour
2008-02-09 11:12:46 0 d-------- C:\Program Files\QuickTime
2008-01-30 00:29:42 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-01-30 00:28:44 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-30 00:27:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-30 00:07:42 0 d-------- C:\Users\All Users\Adobe
2008-01-30 00:07:19 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-29 13:29:36 0 d-------- C:\Program Files\Common Files\Real
2008-01-24 20:30:37 0 d-------- C:\Users\All Users\Grisoft
– Find3M Report ---------------------------------------------------------------
2008-02-21 00:10:29 0 d-------- C:\Users\Annrick\AppData\Roaming\Corel
2008-02-19 23:10:54 38860 --a------ C:\Users\Annrick\AppData\Roaming\wklnhst.dat
2008-01-30 00:36:42 0 d-------- C:\Users\Annrick\AppData\Roaming\Adobe
2008-01-30 00:28:44 0 d-------- C:\Users\Annrick\AppData\Roaming\SUPERAntiSpyware.com
2008-01-30 00:27:41 0 d-------- C:\Program Files\Common Files
2008-01-29 20:22:19 0 d-------- C:\Users\Annrick\AppData\Roaming\Real
2008-01-24 20:30:46 0 d-------- C:\Users\Annrick\AppData\Roaming\Grisoft
2008-01-15 18:19:21 0 d-------- C:\Program Files\Windows Mail
2008-01-09 08:08:04 0 d-------- C:\Program Files\Windows Sidebar
– Registry Dump ---------------------------------------------------------------
Note empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“@”=“”
“MSConfig”=“C:\Windows\system32\msconfig.exe” [02/11/2006 04:45 AM]
“WPCUMI”=“C:\Windows\system32\WpcUmi.exe” [02/11/2006 07:35 AM]
“Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [16/06/2007 05:06 PM]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [25/09/2007 12:11 AM]
“SigmatelSysTrayApp”=“sttray.exe” [08/02/2007 12:16 AM C:\Windows\sttray.exe]
“RoxWatchTray”=“C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe” [05/11/2006 11:22 AM]
“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [31/01/2008 11:13 PM]
“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [04/02/2008 02:18 PM]
“ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [03/10/2006 11:37 AM]
“ISUSPM Startup”=“C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe” [03/10/2006 11:35 AM]
“IAAnotif”=“C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe” [29/09/2006 12:39 PM]
“HostManager”=“C:\Program Files\Common Files\AOL\1181290962\ee\AOLSoftware.exe” [25/09/2006 07:52 PM]
“Google Desktop Search”=“C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” [08/06/2007 03:28 AM]
“ECenter”=“c:\dell\E-Center\EULALauncher.exe” [16/03/2007 05:20 AM]
“dscactivate”=“C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe” [09/10/2007 05:57 PM]
“Corel Photo Downloader”=“C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe”
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [04/12/2007 08:00 AM]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [11/01/2008 10:16 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“@”=“”
“WindowsWelcomeCenter”=“oobefldr.dll,ShowWelcomeCenter”
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [21/06/2007 02:06 PM]
“StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [10/11/2006 12:35 PM]
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [09/01/2008 08:01 AM]
“MsnMsgr”=“C:\Program Files\MSN Messenger\msnmsgr.exe” [19/01/2007 11:54 AM]
“ehTray.exe”=“C:\Windows\ehome\ehTray.exe” [02/11/2006 07:35 AM]
“DellSupportCenter”=“C:\Program Files\Dell Support Center\bin\sprtcmd.exe” [09/10/2007 05:56 PM]
“DellSupport”=“C:\Program Files\DellSupport\DSAgnt.exe” [12/11/2006 02:19 AM]
“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [02/11/2006 07:36 AM]
[HKEY_USERS.default\software\microsoft\windows\currentversion\runonce]
“DelayShred”=“c:\program files\mcafee\mshr\ShrCL.EXE” /P7 /q C:\Users\Annrick\AppData\Local\Temp\HSPERF~1.SH!
[HKEY_USERS.default\software\microsoft\windows\currentversion\run]
“msnmsgr”=“C:\Program Files\MSN Messenger\msnmsgr.exe” /background
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 1:01:04 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“ConsentPromptBehaviorAdmin”=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“LogonHoursAction”=2 (0x2)
“DontDisplayLogonHoursWarnings”=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 01:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“appinit_dlls”=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@=“Service”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@=“Service”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@=“Service”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=“Service”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@=“Service”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@=“Service”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@=“Service”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@=“Service”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@=“Service”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@=“Service”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@=“Driver”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@=“Driver”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=“Volume shadow copy”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@=“IEEE 1394 Bus host controllers”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@=“SBP2 IEEE 1394 Devices”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@=“SecurityDevices”
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {65E6362A-B878-4A7B-86DA-D16F8DBD75C7} /qb
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
– End of Deckard’s System Scanner: finished at 2008-02-23 00:13:58 ------------
