Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hijack this log - please help

Started by ericaowens , Sep 12 2007 03:23 AM

  • Please log in to reply

#1
ericaowens
Posted 12 September 2007 - 03:23 AM

ericaowens

    Member

  • Member
  • PipPip
  • 10 posts
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
C:\Program Files\Common Files\AOL\1129708031\ee\AOLSoftware.exe
C:\Program Files\MSN\horydy22011.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\stickies\stickies.exe
c:\program files\common files\aol\1129708031\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\Documents and Settings\A....Erica\My Documents\My Music\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {0D6A1F17-7810-42E2-AA92-D927606F3FD3} - C:\Program Files\ComPlus Applications\lavu.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll (file missing)
O2 - BHO: (no name) - {3E60C74E-D613-4C5B-AA8D-F83815A5EB47} - C:\WINDOWS\system32\ddayx.dll (file missing)
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\iusirbvg.dll
O2 - BHO: (no name) - {E0B2F708-44E9-141F-EE5D-3B761E615394} - C:\WINDOWS\system32\lfh.dll
O2 - BHO: (no name) - {e6f777a9-80e9-4063-bac7-f6e4ed2fe572} - C:\WINDOWS\system32\kvstlguv.dll (file missing)
O2 - BHO: (no name) - {eb321af4-c7fc-4e35-8ba9-7e00e076f5c1} - C:\WINDOWS\system32\DESCOM.dll (file missing)
O2 - BHO: (no name) - {FC7E2D11-611F-4819-A9FB-D12A8ABC39D3} - C:\WINDOWS\system32\awvtt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129708031\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [{9C-CB-B2-2E-ZN}] c:\windows\system32\lldsrngk.exe CHD003
O4 - HKLM\..\Run: [horydy] C:\Program Files\MSN\horydy22011.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\ijprasdi.dll",forkonce
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSKAGENTEXE] c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Sen] "C:\PROGRA~1\COMMON~1\FNTS~1\msdtc.exe" -vt ndrv
O4 - HKCU\..\Run: [Iiigdit] C:\WINDOWS\SYSTEM32\S?mantec\m?config.exe
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.co...ne_Inst_Win.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.ai...AIM.9.5.1.8.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - file://E:\games\WebDriverFullInstall.exe
O20 - Winlogon Notify: bdryamys - bdryamys.dll (file missing)
O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll (file missing)
O20 - Winlogon Notify: ddcbxya - ddcbxya.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\ComPlus Applications\profsy.html

--
End of file - 7738 bytes
  • 0

Advertisements

#2
ericaowens
Posted 10 October 2007 - 05:40 AM

ericaowens

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Scan saved at 07:36:49 AM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1129708031\ee\AOLSoftware.exe
C:\Program Files\MSN\horydy22011.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
C:\Program Files\stickies\stickies.exe
c:\program files\common files\aol\1129708031\ee\aolsoftware.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\A....Erica\My Documents\My Music\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll (file missing)
O2 - BHO: (no name) - {3E60C74E-D613-4C5B-AA8D-F83815A5EB47} - C:\WINDOWS\system32\ddayx.dll (file missing)
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {82F07F43-3E34-496E-AAC2-C62114C88068} - C:\WINDOWS\system32\awvtt.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\xgxorcos.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: (no name) - {B6B2A35C-12BE-1A4C-B95D-3B76113401C6} - C:\WINDOWS\system32\qgog.dll
O2 - BHO: 0 - {BAC496AB-D3F8-4F1D-B48C-438F0348E922} - C:\Program Files\ComPlus Applications\lavu.dll
O2 - BHO: (no name) - {e6f777a9-80e9-4063-bac7-f6e4ed2fe572} - C:\WINDOWS\system32\kvstlguv.dll (file missing)
O2 - BHO: (no name) - {eb321af4-c7fc-4e35-8ba9-7e00e076f5c1} - C:\WINDOWS\system32\DESCOM.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129708031\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [{9C-CB-B2-2E-ZN}] c:\windows\system32\lldsrngk.exe CHD003
O4 - HKLM\..\Run: [horydy] C:\Program Files\MSN\horydy22011.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\bprmajvv.dll",sitypnow
O4 - HKLM\..\Run: [Runonce] C:\WINDOWS\system32\runouce.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSKAGENTEXE] c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [Sen] "C:\PROGRA~1\COMMON~1\FNTS~1\msdtc.exe" -vt ndrv
O4 - HKCU\..\Run: [Iiigdit] C:\WINDOWS\SYSTEM32\S?mantec\m?config.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O15 - Trusted Zone: *.amaena.com
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.co...ne_Inst_Win.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.ai...AIM.9.5.1.8.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - file://E:\games\WebDriverFullInstall.exe
O20 - Winlogon Notify: bdryamys - bdryamys.dll (file missing)
O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll (file missing)
O20 - Winlogon Notify: ddcbxya - ddcbxya.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\ComPlus Applications\profsy.html

--
End of file - 8090 bytes
  • 0

#3
ericaowens
Posted 10 October 2007 - 05:24 PM

ericaowens

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ComboFix 07-10-11.1 - A....Erica 2007-10-10 18:50:08.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.147 [GMT -4:00]
Running from: C:\Documents and Settings\A....Erica\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\A....Erica\Application Data\DOBE~1
C:\Documents and Settings\A....Erica\Application Data\install.dat
C:\Documents and Settings\A....Erica\Application Data\install.dat
C:\Documents and Settings\A....Erica\Application Data\macromedia\Flash Player\#SharedObjects\GGPW9WRT\www.broadcaster.com
C:\Documents and Settings\A....Erica\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\A....Erica\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\A....Erica\Application Data\WinAntiSpyware 2007 Free
C:\Documents and Settings\A....Erica\Application Data\WinAntiSpyware 2007 Free\DownloadUWAS7.url
C:\Documents and Settings\A....Erica\Application Data\WinAntiSpyware 2007 Free\DownloadUWAS7.url
C:\Documents and Settings\A....Erica\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\A....Erica\Application Data\WinAntiSpyware 2007\Logs\update.log
C:\Documents and Settings\A....Erica\Application Data\WinAntiSpyware 2007\Logs\update.log
C:\Documents and Settings\A....Erica\Application Data\YMANTE~1
C:\Documents and Settings\A....Erica\My Documents\SEMBLY~1
C:\Documents and Settings\A....Erica\Start Menu\Programs\Outerinfo
C:\Documents and Settings\A....Erica\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\A....Erica\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\fnts~1\F?nts\
C:\Program Files\ComPlus Applications\lavu.dll
C:\Program Files\ComPlus Applications\lavu198.dll
C:\Program Files\ComPlus Applications\lavu706.dll
C:\Program Files\ComPlus Applications\profsy.html
C:\tempc2
C:\tempc2\tmpFF.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N99M2908NetInstaller.exe
C:\WINDOWS\mantec~1
C:\WINDOWS\system32\A1
C:\WINDOWS\system32\A1\kq22011.exe
C:\WINDOWS\system32\ajfmdkdt.dll
C:\WINDOWS\SYSTEM32\alndlgjj.ini
C:\WINDOWS\system32\amiejtya.exe
C:\WINDOWS\system32\awtsr.exe
C:\WINDOWS\SYSTEM32\awvtt.dll
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\B1
C:\WINDOWS\system32\bfiuyxwd.exe
C:\WINDOWS\system32\bioedvbb.exe
C:\WINDOWS\system32\biydqspv.exe
C:\WINDOWS\system32\bjinoubo.exe
C:\WINDOWS\system32\bmqbpfph.exe
C:\WINDOWS\system32\bprmajvv.dll
C:\WINDOWS\SYSTEM32\bvktpebh.ini
C:\WINDOWS\system32\bwooqciq.exe
C:\WINDOWS\SYSTEM32\byjypaww.ini
C:\WINDOWS\system32\cfphofsk.dll
C:\WINDOWS\system32\chjrraef.exe
C:\WINDOWS\system32\configs
C:\WINDOWS\system32\cqeudxmn.exe
C:\WINDOWS\system32\dcpiexqw.exe
C:\WINDOWS\system32\defecjhp.exe
C:\WINDOWS\system32\dloofkav.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\dwbpytab.exe
C:\WINDOWS\system32\dxekkiak.exe
C:\WINDOWS\system32\dxywqjlt.dll
C:\WINDOWS\system32\dyypuovx.exe
C:\WINDOWS\system32\edwtdmex.exe
C:\WINDOWS\system32\elomcixd.exe
C:\WINDOWS\SYSTEM32\encidfoo.ini
C:\WINDOWS\system32\eqydyqtd.exe
C:\WINDOWS\system32\erbuwweq.exe
C:\WINDOWS\system32\ERSMEM.dll
C:\WINDOWS\SYSTEM32\esoususr.ini
C:\WINDOWS\system32\euadbfxa.exe
C:\WINDOWS\SYSTEM32\evoepect.ini
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\fgvldtct.exe
C:\WINDOWS\system32\fomqylnp.exe
C:\WINDOWS\system32\fpnmcpco.exe
C:\WINDOWS\system32\frihuiaq.exe
C:\WINDOWS\system32\fsktgfow.exe
C:\WINDOWS\system32\fuowyvbe.exe
C:\WINDOWS\system32\fyyvjotx.dll
C:\WINDOWS\system32\gbwaebqu.exe
C:\WINDOWS\system32\gdeammat.exe
C:\WINDOWS\system32\geolgffg.exe
C:\WINDOWS\system32\gfcshabo.exe
C:\WINDOWS\system32\gheffgmk.exe
C:\WINDOWS\system32\gqfmkrkv.exe
C:\WINDOWS\system32\gssibuxs.exe
C:\WINDOWS\system32\hbeptkvb.dll
C:\WINDOWS\system32\HELOST.dll
C:\WINDOWS\system32\hjjjftbm.exe
C:\WINDOWS\system32\hldnslac.exe
C:\WINDOWS\system32\hlpobugk.dll
C:\WINDOWS\system32\hnvutqyv.exe
C:\WINDOWS\system32\homakcmd.exe
C:\WINDOWS\system32\hrsyckwu.exe
C:\WINDOWS\system32\icclicdf.exe
C:\WINDOWS\system32\icplvgxu.dll
C:\WINDOWS\system32\ilexqofo.exe
C:\WINDOWS\system32\ilyllgjs.exe
C:\WINDOWS\system32\imjsxaju.exe
C:\WINDOWS\system32\inkhsdmk.dll
C:\WINDOWS\system32\itdmbcwy.exe
C:\WINDOWS\system32\ituffjdt.exe
C:\WINDOWS\system32\ityfqtfv.exe
C:\WINDOWS\system32\iwefjhrx.dll
C:\WINDOWS\system32\iyarsbbq.exe
C:\WINDOWS\system32\jjgldnla.dll
C:\WINDOWS\system32\jjpjgejf.exe
C:\WINDOWS\system32\kdbwgixv.exe
C:\WINDOWS\system32\kdrlwcfk.exe
C:\WINDOWS\system32\kexigccd.exe
C:\WINDOWS\system32\kkhyshuc.exe
C:\WINDOWS\SYSTEM32\kmdshkni.ini
C:\WINDOWS\system32\koaajoxd.exe
C:\WINDOWS\system32\lleqcmrg.exe
C:\WINDOWS\system32\lllirvmq.exe
C:\WINDOWS\system32\lordjkjb.exe
C:\WINDOWS\system32\lqaeqqhh.exe
C:\WINDOWS\system32\ltanaulv.exe
C:\WINDOWS\system32\lusggadi.exe
C:\WINDOWS\system32\lveihfhd.exe
C:\WINDOWS\system32\lxkdgjdf.exe
C:\WINDOWS\system32\mdqybung.exe
C:\WINDOWS\system32\mdrxfbab.exe
C:\WINDOWS\system32\mhkdvmdk.exe
C:\WINDOWS\system32\msewvmwe.exe
C:\WINDOWS\system32\mtmdfmcs.exe
C:\WINDOWS\system32\nbfspmst.exe
C:\WINDOWS\system32\neswccne.exe
C:\WINDOWS\system32\niqiivmc.exe
C:\WINDOWS\system32\nobftuyg.exe
C:\WINDOWS\system32\nppuyysh.exe
C:\WINDOWS\system32\nrvjpggl.exe
C:\WINDOWS\system32\ofuksaxo.exe
C:\WINDOWS\system32\ohmtaydx.dll
C:\WINDOWS\system32\ohwguast.exe
C:\WINDOWS\system32\ombstepm.exe
C:\WINDOWS\system32\oofdicne.dll
C:\WINDOWS\system32\osqyoesw.exe
C:\WINDOWS\system32\oujowhfb.dll
C:\WINDOWS\system32\oybwsexs.exe
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pdwpnihn.dll
C:\WINDOWS\system32\pevbnlon.exe
C:\WINDOWS\system32\pkefkjan.exe
C:\WINDOWS\SYSTEM32\pnlpewpx.ini
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\pulvhdjq.exe
C:\WINDOWS\system32\qaasspme.exe
C:\WINDOWS\system32\qgog.dll
C:\WINDOWS\system32\qiihsfel.dll
C:\WINDOWS\system32\qikvyvmn.exe
C:\WINDOWS\system32\qjsovwtt.exe
C:\WINDOWS\system32\qlstupnf.exe
C:\WINDOWS\system32\qmnqgwvc.exe
C:\WINDOWS\system32\qptidnai.exe
C:\WINDOWS\system32\rcxorvnm.exe
C:\WINDOWS\system32\rlrhlktb.exe
C:\WINDOWS\system32\rlvsamer.exe
C:\WINDOWS\system32\rsusuose.dll
C:\WINDOWS\system32\rsvngdyl.exe
C:\WINDOWS\SYSTEM32\sbthmoxs.ini
C:\WINDOWS\system32\skpvxkkw.exe
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\smante~1\m?config.exe
C:\WINDOWS\system32\sopxmyjf.exe
C:\WINDOWS\system32\spavrbrq.exe
C:\WINDOWS\system32\sxomhtbs.dll
C:\WINDOWS\system32\tacwfssa.exe
C:\WINDOWS\system32\tbcfofeu.exe
C:\WINDOWS\system32\tcepeove.dll
C:\WINDOWS\system32\tdiqcrqv.exe
C:\WINDOWS\SYSTEM32\tdkdmfja.ini
C:\WINDOWS\system32\tfnxfohd.exe
C:\WINDOWS\system32\tfpwjofs.exe
C:\WINDOWS\SYSTEM32\tljqwyxd.ini
C:\WINDOWS\system32\tplxwyon.exe
C:\WINDOWS\system32\trpagrmv.exe
C:\WINDOWS\SYSTEM32\ttvwa.bak1
C:\WINDOWS\SYSTEM32\ttvwa.bak1
C:\WINDOWS\SYSTEM32\ttvwa.bak1
C:\WINDOWS\SYSTEM32\ttvwa.bak2
C:\WINDOWS\SYSTEM32\ttvwa.bak2
C:\WINDOWS\SYSTEM32\ttvwa.bak2
C:\WINDOWS\SYSTEM32\ttvwa.ini
C:\WINDOWS\SYSTEM32\ttvwa.ini
C:\WINDOWS\SYSTEM32\ttvwa.ini
C:\WINDOWS\SYSTEM32\ttvwa.ini2
C:\WINDOWS\SYSTEM32\ttvwa.ini2
C:\WINDOWS\SYSTEM32\ttvwa.ini2
C:\WINDOWS\SYSTEM32\ttvwa.tmp
C:\WINDOWS\SYSTEM32\ttvwa.tmp
C:\WINDOWS\SYSTEM32\ttvwa.tmp
C:\WINDOWS\system32\txcymkrq.exe
C:\WINDOWS\system32\txygxnwm.exe
C:\WINDOWS\system32\uevwogkm.exe
C:\WINDOWS\system32\upfktasc.exe
C:\WINDOWS\system32\upwyrxta.exe
C:\WINDOWS\system32\vbycqtbi.exe
C:\WINDOWS\system32\vbyiwcom.exe
C:\WINDOWS\system32\vgexduis.exe
C:\WINDOWS\system32\vtutu.exe
C:\WINDOWS\SYSTEM32\vvjamrpb.ini
C:\WINDOWS\system32\wchplmmk.exe
C:\WINDOWS\system32\win
C:\WINDOWS\system32\win\w7q.exe
C:\WINDOWS\system32\wnsapisv32.exe
C:\WINDOWS\system32\wnsapisv32.exe
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wphimldd.exe
C:\WINDOWS\system32\wwapyjyb.dll
C:\WINDOWS\system32\wwifhkgk.exe
C:\WINDOWS\system32\X1
C:\WINDOWS\system32\X11
C:\WINDOWS\system32\X11\z553.exe
C:\WINDOWS\system32\X3
C:\WINDOWS\system32\X3\wr731.exe
C:\WINDOWS\system32\X7
C:\WINDOWS\system32\xbxihues.exe
C:\WINDOWS\system32\xducucmm.exe
C:\WINDOWS\SYSTEM32\xdyatmho.ini
C:\WINDOWS\system32\xemiaqqh.exe
C:\WINDOWS\system32\xgxorcos.dll
C:\WINDOWS\system32\xjhmwwiy.exe
C:\WINDOWS\system32\xmkqgnff.exe
C:\WINDOWS\system32\xnowriyk.exe
C:\WINDOWS\system32\xpweplnp.dll
C:\WINDOWS\SYSTEM32\xrhjfewi.ini
C:\WINDOWS\SYSTEM32\xtojvyyf.ini
C:\WINDOWS\system32\xxujowes.exe
C:\WINDOWS\system32\yafxtulh.exe
C:\WINDOWS\system32\ydpwlvcs.exe
C:\WINDOWS\system32\yjhepglk.exe
C:\WINDOWS\system32\yrvxlpks.exe
C:\WINDOWS\system32\yvdfailx.exe
C:\WINDOWS\system32\yxvemqkd.exe
C:\WINDOWS\tk58.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FOPN
-------\LEGACY_IPRIP
-------\LEGACY_NPF
-------\NPF


((((((((((((((((((((((((( Files Created from 2007-09-11 to 2007-10-11 )))))))))))))))))))))))))))))))
.

2007-10-10 07:13 <DIR> d-------- C:\Documents and Settings\A....Erica\Application Data\acccore
2007-10-10 07:09 <DIR> d-------- C:\Program Files\AIM6
2007-09-27 17:07 4,096 -rahs---- C:\WINDOWS\SYSTEM32\runouce.exe
2007-09-27 17:05 64,052 --a------ C:\WINDOWS\SYSTEM32\p2pex.zip.exe
2007-09-27 15:43 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\U3
2007-09-27 15:43 21,504 --a------ C:\WINDOWS\SYSTEM32\hidserv.dll
2007-09-27 15:43 21,504 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-11 23:19 --------- d-----w C:\Program Files\Plaxo
2007-10-10 14:14 --------- d-----w C:\Program Files\WellCraftedSimplyStickies
2007-10-10 11:27 --------- d-----w C:\Program Files\Modem Helper
2007-10-10 11:27 --------- d-----w C:\Program Files\Microsoft Works
2007-10-10 11:27 --------- d-----w C:\Program Files\Microsoft Streets and Trips
2007-10-10 11:26 --------- d-----w C:\Program Files\FileZilla
2007-10-10 11:11 --------- d-----w C:\Program Files\Viewpoint
2007-10-09 04:56 364 ----a-w C:\Documents and Settings\Guest\Application Data\wklnhst.dat
2007-10-08 09:49 23,804 ----a-w C:\Documents and Settings\A....Erica\Application Data\wklnhst.dat
2007-09-27 21:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2007-09-27 21:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-09-24 18:07 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
2007-09-16 00:27 --------- d-----w C:\Program Files\Lx_cats
2007-09-01 16:58 --------- d-----w C:\Documents and Settings\Guest\Application Data\CyberLink
2007-09-01 01:27 --------- d-----w C:\Documents and Settings\Guest\Application Data\acccore
2007-09-01 00:30 --------- d-----w C:\Documents and Settings\Guest\Application Data\MySpace
2007-08-26 11:29 81,288 ----a-w C:\Documents and Settings\A....Erica\Application Data\GDIPFONTCACHEV1.DAT
2007-08-23 07:22 --------- d-----w C:\Program Files\Common Files\AOL
2007-08-23 07:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-08-23 07:18 --------- d-----w C:\Program Files\AOL 9.0
2007-08-23 07:18 --------- d-----w C:\Documents and Settings\A....Erica\Application Data\AOL
2007-08-22 09:24 --------- d-----w C:\Documents and Settings\Guest\Application Data\Aim
2007-08-22 02:25 --------- d-----w C:\Documents and Settings\Guest\Application Data\FaxCtr
2007-08-21 23:06 --------- d-----w C:\Documents and Settings\Guest\Application Data\Viewpoint
2007-08-17 07:30 --------- d-----w C:\Documents and Settings\A....Erica\Application Data\Move Networks
2007-08-16 01:30 --------- d-----w C:\Program Files\Flock
2007-08-16 01:27 --------- d-----w C:\Documents and Settings\A....Erica\Application Data\Flock
2007-08-15 20:32 --------- d-----w C:\Program Files\AIM
2007-08-15 20:32 --------- d-----w C:\Documents and Settings\A....Erica\Application Data\Aim
2007-08-15 20:31 --------- d-----w C:\Program Files\AOD
2007-08-11 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-09-03 15:57:29 56 --sh--r C:\WINDOWS\SYSTEM32\68F38ACA7E.sys
2006-04-05 02:18:13 671,834 --sha-w C:\WINDOWS\SYSTEM32\hjjlm.bak1
2006-04-06 02:19:09 677,775 --sha-w C:\WINDOWS\SYSTEM32\hjjlm.bak2
2006-04-06 08:32:07 677,396 --sha-w C:\WINDOWS\SYSTEM32\hjjlm.ini2
2006-09-03 15:57:30 3,350 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E60C74E-D613-4C5B-AA8D-F83815A5EB47}]
C:\WINDOWS\system32\ddayx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e6f777a9-80e9-4063-bac7-f6e4ed2fe572}]
C:\WINDOWS\system32\kvstlguv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{eb321af4-c7fc-4e35-8ba9-7e00e076f5c1}]
C:\WINDOWS\system32\DESCOM.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 09:46]
"Runonce"="C:\WINDOWS\system32\runouce.exe" [2007-10-10 10:14]
"MSKAGENTEXE"="C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe" [2005-09-26 10:26]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-04-26 19:43]
"HostManager"="C:\Program Files\Common Files\AOL\1129708031\ee\AOLSoftware.exe" [2006-09-25 20:52]
"{9C-CB-B2-2E-ZN}"="c:\windows\system32\lldsrngk.exe" []
"horydy"="C:\Program Files\MSN\horydy22011.exe" [2007-08-07 16:30]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"MSKAGENTEXE"="c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe" [2005-09-26 10:26]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"PlaxoUpdate"="C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe" [2006-11-16 13:42]
"Sen"="C:\PROGRA~1\COMMON~1\FNTS~1\msdtc.exe" []
"Iiigdit"="C:\WINDOWS\SYSTEM32\S?mantec\m?config.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-09-29 16:22]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]

C:\Documents and Settings\A....Erica\Start Menu\Programs\Startup\
Stickies.lnk - C:\Program Files\stickies\stickies.exe [2006-03-29 21:03:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bdryamys]
bdryamys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayx]
C:\WINDOWS\system32\ddayx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbxya]
ddcbxya.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=C:\WINDOWS\pss\Personal Coach.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]
"C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"C:\Program Files\Lexmark 4300 Series\ezprint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1129708031\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcemon.exe]
"C:\Program Files\Lexmark 4300 Series\lxcemon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"SPTISRV"=3 (0x3)
"PACSPTISVR"=3 (0x3)
"NetSvc"=3 (0x3)
"MskService"=2 (0x2)
"MpfService"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"lxce_device"=3 (0x3)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"DSBrokerService"=3 (0x3)
"dlbt_device"=3 (0x3)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)

R3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

.
Contents of the 'Scheduled Tasks' folder
"2007-09-24 18:21:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-11 19:18:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Runonce = C:\WINDOWS\system32\runouce.exe?^??????????????q???????????????????q????????????<???]???'??|??D~??F~??D~p???0u?????????|????????????????p???H??????????|,??|!???x??????????|D???????????????????????????????????????????????????????????????????t???x???p???ZfE

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-11 19:22:01 - machine was rebooted
.
--- E O F ---
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP