HERE YOU GO.
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1014.48 MiB / 658.57 MiB
Pagefile Memory (total/avail): 1674.64 MiB / 1422.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.15 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 0.81 GiB free.
D: is CDROM (No Media)
E: is Network (NTFS)
F: is Network (NTFS)
L: is Network (NTFS)
N: is Network (NTFS)
\\.\PHYSICALDRIVE0 - HDS728040PLA320 40Y9027LEN - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\qua-optim\Application Data
CLASSPATH=C:\PVSW\BIN\PVJDBC2X.JAR;C:\PVSW\BIN\PVJDBC2.JAR
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=Q
ComSpec=C:\WINDOWS\system32\cmd.exe
CUR=11
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\q
LOGONSERVER=\\A8
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\PVSW\BIN;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\Downloaded Program Files;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PMCBED="T1S|"
PMCCFG=n:\PMCSYS\
PMCDEV=1
PMCMENU=SETME
PMCWS=1
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\QUA-OP~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\QUA-OP~1\LOCALS~1\Temp
USERDNSDOMAIN=A
USERDOMAIN=A
USERNAME=q
USERPROFILE=C:\Documents and Settings\q
VSL=C:\PVSW\BIN
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
deleted by me.
-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
HijackThis 1.99.1 --> G:\ronny\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Virtual PC 2004 --> MsiExec.exe /X{CCCAFDDE-ECEC-4AE4-BD97-047076BBD4A9}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Pervasive.SQL 2000i Workstation v7.94 --> C:\WINDOWS\IsUninst.exe -fC:\PVSW\DeIsL1.isu -c"C:\PVSW\W32PTKUN.DLL" -mpsql.mif
PMCSyncMate --> MsiExec.exe /I{24EEF338-24BC-4993-AED7-0172CD0E9638}
PrintKey2000 --> C:\PROGRA~1\PRINTK~1\UNWISE.EXE C:\PROGRA~1\PRINTK~1\INSTALL.LOG
RMRptBRp --> C:\WINDOWS\st6unst.exe -n "C:\PMCSoft\ST6UNST.LOG"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
VNC 4.0 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type12356 / Warning
Event Submitted/Written: 06/03/2008 08:17:25 AM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, PolicyAgentInstanceProvider, has been registered in the WMI namespace, ROOT\ccm\policy\S_1_5_21_3159313733_352247347_3953735146_1003, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Event Record #/Type12355 / Warning
Event Submitted/Written: 06/03/2008 08:17:25 AM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, PolicyAgentInstanceProvider, has been registered in the WMI namespace, ROOT\ccm\policy\S_1_5_21_3159313733_352247347_3953735146_1003, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Event Record #/Type12354 / Error
Event Submitted/Written: 06/03/2008 08:10:08 AM
Event ID/Source: 3024 / Windows Search Service
Event Description:
The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.
Context: Windows Application, SystemIndex Catalog
Event Record #/Type12353 / Warning
Event Submitted/Written: 06/03/2008 08:10:08 AM
Event ID/Source: 3036 / Windows Search Service
Event Description:
The content source <outlookexpress://{s-1-5-21-701462823-513570533-11539462-18901}/{8f677785-6969-4388-9fae-58be77cf7347}/> cannot be accessed.
Context: Windows Application, SystemIndex Catalog
Details:
(0x81270005)
Event Record #/Type12345 / Warning
Event Submitted/Written: 06/02/2008 02:27:32 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, PolicyAgentInstanceProvider, has been registered in the WMI namespace, ROOT\ccm\policy\S_1_5_21_701462823_513570533_11539462_18901, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type9203 / Warning
Event Submitted/Written: 06/02/2008 03:41:12 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver Kyocera Mita KM-3035 KX for Windows NT x86 Version-3 was added or updated. Files:- KMUC31EO.DLL, KMUU31EO.DLL, KMK00610.MDX, KMFS31EO.DLL, KMRG31EO.DLL, KMRC31EO.DLL, KM3D31EO.DLL, KMPE31EO.DLL, KCMV3D.INI, KMWM31EO.DLL, KMPF31EO.DLL, KMWTEN20.HLP, KMXL31EO.DLL, KM5E31EO.DLL, KM5C31EO.DLL, KMPS31EO.DLL, KMAGFA1.FDF, KMPRE2.FDF, KM321710.DAT, KMKHEN20.CHM.
Event Record #/Type9202 / Warning
Event Submitted/Written: 06/02/2008 03:41:09 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver HP LaserJet 8000 Series PCL for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, HPLJ8000.GPD, UNIDRV.HLP, hpmopyui.ini, hpoemui.dll, HPCFONT.DLL, ttfsub.gpd, STDNAMES.GPD, hpcljx.hlp, pcl5eres.dll, UNIRES.DLL.
Event Record #/Type9099 / Warning
Event Submitted/Written: 06/02/2008 11:17:11 AM
Event ID/Source: 20 / Print
Event Description:
Printer Driver HP LaserJet 1200 Series PCL for Windows NT x86 Version-3 was added or updated. Files:- %4.
Event Record #/Type9098 / Warning
Event Submitted/Written: 06/02/2008 11:17:11 AM
Event ID/Source: 20 / Print
Event Description:
Printer Driver HP LaserJet 8000 Series PCL for Windows NT x86 Version-3 was added or updated. Files:- %4.
Event Record #/Type9097 / Warning
Event Submitted/Written: 06/02/2008 11:17:11 AM
Event ID/Source: 20 / Print
Event Description:
Printer Driver Microsoft XPS Document Writer for Windows NT x86 Version-3 was added or updated. Files:- %4.
-- End of Deckard's System Scanner: finished at 2008-06-03 08:28:03 ------------
Deckard's System Scanner v20071014.68
Run by qua-optim on 2008-06-03 08:21:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 2 Restore Point(s) --
2: 2008-06-03 12:21:46 UTC - RP805 - Deckard's System Scanner Restore Point
1: 2008-06-02 19:24:24 UTC - RP804 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 0.81 GiB (less than 15%) free.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-03 08:25:49
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PVSW\Bin\W3DBSMGR.EXE
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\qua-optim\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://03/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: net use printer.lnk = C:\printer.bat
O4 - Global Startup: Pervasive.SQL Workstation Engine.lnk = C:\PVSW\Bin\W3DBSMGR.EXE
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\Software\..\Telephony: DomainName = a
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = a
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = a
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = a
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\winvnc4.exe
--
End of file - 3464 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 WinVNC4 (VNC Server Version 4) - "c:\program files\realvnc\vnc4\winvnc4.exe" -service <Not Verified; RealVNC Ltd.; VNC Server 4.0>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-05-03 and 2008-06-03 -----------------------------
2008-06-03 08:17:35 0 d-------- C:\Documents and Settings\afgadmin\Application Data\Windows Desktop Search
2008-06-03 08:08:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-02 14:28:08 0 d-------- C:\Documents and Settings\r\Application Data\Windows Desktop Search
2008-06-02 14:27:47 0 d-------- C:\Documents and Settings\r\Application Data\Identities
2008-06-02 14:27:19 0 d--h----- C:\Documents and Settings\r\Templates
2008-06-02 14:27:19 0 dr------- C:\Documents and Settings\r\Start Menu
2008-06-02 14:27:19 0 dr-h----- C:\Documents and Settings\r\SendTo
2008-06-02 14:27:19 0 dr-h----- C:\Documents and Settings\r\Recent
2008-06-02 14:27:19 0 d--h----- C:\Documents and Settings\r\PrintHood
2008-06-02 14:27:19 786432 --ah----- C:\Documents and Settings\r\NTUSER.DAT
2008-06-02 14:27:19 0 d--h----- C:\Documents and Settings\r\NetHood
2008-06-02 14:27:19 0 dr------- C:\Documents and Settings\r\My Documents
2008-06-02 14:27:19 0 d--h----- C:\Documents and Settings\r\Local Settings
2008-06-02 14:27:19 0 dr------- C:\Documents and Settings\r\Favorites
2008-06-02 14:27:19 0 d-------- C:\Documents and Settings\rDesktop
2008-06-02 14:27:19 0 d---s---- C:\Documents and Settings\r\Cookies
2008-06-02 14:27:19 0 dr-h----- C:\Documents and Settings\r\Application Data
2008-06-02 14:27:19 0 d---s---- C:\Documents and Settings\r\Application Data\Microsoft
2008-06-02 14:21:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-02 14:18:22 0 dr-h----- C:\Documents and Settings\q\Recent
2008-06-02 14:17:24 0 d-------- C:\Program Files\Yahoo!
2008-06-02 14:17:17 0 d-------- C:\Program Files\CCleaner
2008-06-02 14:00:46 0 d-------- C:\VundoFix Backups
2008-06-02 13:59:55 414 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-02 13:59:19 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-02 13:59:19 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-02 13:59:19 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-02 13:59:19 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
Beyond Logic; Command Line Process Utility>
2008-06-02 13:59:19 77824 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-02 13:59:19 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-02 13:59:17 0 d-------- C:\Documents and Settings\qua-optim\SmitfraudFix
2008-06-02 11:15:58 0 d-------- C:\WINDOWS\Prefetch
2008-06-02 11:10:02 0 d-------- C:\WINDOWS\system32\scripting
2008-06-02 11:10:02 0 d-------- C:\WINDOWS\system32\en
2008-06-02 11:10:02 0 d-------- C:\WINDOWS\system32\bits
2008-06-02 11:10:02 0 d-------- C:\WINDOWS\l2schemas
2008-06-02 11:07:34 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-02 11:04:56 0 d-------- C:\WINDOWS\network diagnostic
2008-06-02 11:02:56 0 d-------- C:\WINDOWS\system32\ReinstallBackups
-- Find3M Report ---------------------------------------------------------------
2008-06-02 11:10:17 0 d-------- C:\Program Files\Messenger
2008-06-02 11:10:02 0 d-------- C:\Program Files\Movie Maker
2008-06-02 11:07:13 0 d-------- C:\Program Files\Windows NT
2008-06-02 10:33:13 0 d-------- C:\Program Files\Common Files
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/08/2004 11:31 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/08/2004 11:27 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
C:\Documents and Settings\qua-optim\Start Menu\Programs\Startup\
net use printer.lnk - C:\printer.bat [3/23/2006 3:57:42 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Pervasive.SQL Workstation Engine.lnk - C:\PVSW\Bin\W3DBSMGR.EXE [4/12/2006 2:40:16 PM]
Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [6/10/2005 8:38:51 AM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 3:40:46 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"MaxGPOScriptWait"=60 (0x3c)
"RunLogonScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AEB9D4A0-199B-4dfa-A18D-E2DD5D989EDF}]
rundll32.exe advpack.dll,LaunchINFSectionEx %SystemDrive%\DOCUME~1\AFGADM~1.AFG\LOCALS~1\Temp\winmesrm.inf,RemoveReg
-- End of Deckard's System Scanner: finished at 2008-06-03 08:28:03 ------------