Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

INFECTED


  • Please log in to reply

#1
kbabyphat2

kbabyphat2

    New Member

  • Member
  • Pip
  • 7 posts
I HAVE WINDOWS XP AND NO START MENU ERROR MESSAGES LIKE CANNOT FIND WINDOWS SYSTEM32 WINUPDATE.EXE TRIED TO SYSTEM RECOVERY TO START FROM SCRATCH BUT CANT EVEN DO THAT HELLLLPP!!!!!!!!!

Deckard's System Scanner v20071014.68
Run by I lOvE nIkKi on 2008-03-01 12:48:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as I lOvE nIkKi.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:00 PM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\PROGRA~1\McAfee\MSC\McOEMMGr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Documents and Settings\I lOvE nIkKi\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\I lOvE nIkKi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe"
O2 - BHO: (no name) - {0380F6F6-4734-4885-9CD8-CB82E7144652} - C:\WINDOWS\system32\mljjh.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - (no file)
O2 - BHO: (no name) - {30F7927D-E3E6-48F0-887D-9EAC0E782A34} - C:\WINDOWS\system32\pmkji.dll (file missing)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: 0 - {87C95BC9-7AEA-4868-4D9C-79830CDB04A0} - C:\Program Files\ComPlus Applications\lavuhaw640.dll (file missing)
O2 - BHO: (no name) - {BC831C34-2B7C-4C8A-833A-6E7236C62DCC} - C:\Program Files\Common Files\hoken555077.dll (file missing)
O2 - BHO: (no name) - {bfaa9f81-923d-4d6f-9d86-6a7f7795c979} - C:\WINDOWS\system32\lsphkll.dll (file missing)
O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - C:\WINDOWS\system32\qomnlif.dll (file missing)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EVENTLISTENER] C:\Program Files\Common Files\FotoNation\EvLstnr.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\AVSystemCare\bm.exe" dm=http://[email protected] ad=http://[email protected] sd=http://[email protected]
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MWLExe] C:\PROGRA~1\Mcafee\MWL\MWLGuiSt.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [b4fe43bd] rundll32.exe "C:\WINDOWS\system32\wpnvdoaj.dll",b
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\Run: [BMb7cd7021] Rundll32.exe "C:\WINDOWS\system32\vxnbnnrn.dll",s
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKUS\S-1-5-21-3908285732-430737011-3835062590-1011\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3908285732-430737011-3835062590-1011\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?')
O4 - HKUS\S-1-5-21-3908285732-430737011-3835062590-1011\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-3908285732-430737011-3835062590-1011\..\Run: [IESet] IExplorer.dll .dbt (User '?')
O4 - HKUS\S-1-5-21-3908285732-430737011-3835062590-1011\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: RABCO - Auto Update.lnk = C:\Program Files\RABCO\RABCOse.exe (User '?')
O4 - .DEFAULT Startup: RABCO - Auto Update.lnk = C:\Program Files\RABCO\RABCOse.exe (User 'Default user')
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = ?
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: kcghuzos - kcghuzos.dll (file missing)
O20 - Winlogon Notify: qomnlif - qomnlif.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10463 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080329-111705-225 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://superiorads.biz/bc/123kah.php
backup-20080329-111705-508 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
backup-20080329-111705-620 O8 - Extra context menu item: &Search - http://kl.bar.need2f...earch.html?p=KL
backup-20080329-111705-778 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - rtgertyjrg.exe %1
.reg - regfile - shell\edit\command - rtgertyjrg.exe %1
.txt - txtfile - shell\open\command - notepad.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 AgereSoftModem (Agere Systems Soft Modem) - c:\windows\system32\drivers\agrsm.sys <Not Verified; Agere Systems; Agere SoftModem Driver>
3 ALCXSENS (Service for WDM 3D Audio Driver) - c:\windows\system32\drivers\alcxsens.sys <Not Verified; Sensaura Ltd; >
3 DIGIRPS (Digi PortServer Driver) - c:\windows\system32\drivers\digirlpt.sys <Not Verified; Digi International, Inc.; Digi RealPort® Driver>
0 fasttx2k - c:\windows\system32\drivers\fasttx2k.sys <Not Verified; Promise Technology, Inc.; Promise FastTrak Series Driver>
3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT®>
2 irda (IrDA Protocol) - c:\windows\system32\drivers\irda.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
3 irsir (Microsoft Serial Infrared Driver) - c:\windows\system32\drivers\irsir.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
1 mupp - system32\drivers\mupp.sys (file missing)
2 NwlnkIpx (NWLink IPX/SPX/NetBIOS Compatible Transport Protocol) - c:\windows\system32\drivers\nwlnkipx.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2 NwlnkNb (NWLink NetBIOS) - c:\windows\system32\drivers\nwlnknb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2 NwlnkSpx (NWLink SPX/SPXII Protocol) - c:\windows\system32\drivers\nwlnkspx.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
3 Ps2 - c:\windows\system32\drivers\ps2.sys <Not Verified; Hewlett-Packard Company; Hewlett-Packard Company PS2 SYS>
3 Rasirda (WAN Miniport (IrDA)) - c:\windows\system32\drivers\rasirda.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
3 SiS315 - c:\windows\system32\drivers\sisgrp.sys <Not Verified; Silicon Integrated Systems Corporation; SiS ® Compatible Super VGA Miniport Driver for Windows XP>
1 SiSkp - c:\windows\system32\drivers\srvkp.sys <Not Verified; Silicon Integrated Systems Corporation; SiS ® WindowsXP Display Manager>
3 usb_rndisx (USB RNDIS Adapter) - c:\windows\system32\drivers\usb8023x.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
3 viagfx - c:\windows\system32\drivers\vtmini.sys <Not Verified; Copyright © VIA/S3 Graphics Co, Ltd.; UniChrome(Pro) IGP Driver>
3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys <Not Verified; America Online, Inc.; Wan Miniport (ATW)>
3 wceusbsh (Windows CE USB Serial Host Driver) - c:\windows\system32\drivers\wceusbsh.sys <Not Verified; Microsoft Corporation; Windows CE USB Serial Host Driver>
3 WscNetDr (MWL Filter Miniport) - c:\windows\system32\drivers\wscnetdr.sys <Not Verified; McAfee, Inc.; McAfee Wireless Home Network Security>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 aawservice (Ad-Aware 2007 Service) - c:\program files\lavasoft\ad-aware 2007\aawservice.exe
2 Irmon (Infrared Monitor) - c:\windows\system32\svchost.exe
2 MSK80Service (McAfee Anti-Spam Service) - c:\program files\mcafee\msk\msksrver.exe
2 NwSapAgent (SAP Agent) - c:\windows\system32\svchost.exe
2 sprtsvc_ddoctorv2 (SupportSoft Sprocket Service (ddoctorv2)) - c:\program files\comcast\desktop doctor\bin\sprtsvc.exe


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2008-03-31 14:02:00 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-03-01 19:04:59 354 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-03-01 19:04:58 346 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-02-01 and 2008-03-01 -----------------------------

2008-03-31 15:21:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-03-31 15:21:02 0 d-------- C:\Documents and Settings\I lOvE nIkKi\Application Data\Azureus
2008-03-31 15:13:30 0 d-------- C:\Program Files\Azureus
2008-03-30 11:42:58 0 dr-h----- C:\$VAULT$.AVG
2008-03-30 11:39:44 0 d-------- C:\Documents and Settings\I lOvE nIkKi\Application Data\AVG7
2008-03-30 11:38:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-30 11:35:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-30 11:35:49 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-29 12:00:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-03-29 11:59:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-03-29 10:50:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-03-29 10:50:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-03-29 10:50:35 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-29 10:50:35 0 dr------- C:\Documents and Settings\Administrator\My Documents <MYDOCU~1>
2008-03-29 10:50:35 0 d--h----- C:\Documents and Settings\Administrator\Local Settings <LOCALS~1>
2008-03-29 10:50:35 0 dr------- C:\Documents and Settings\Administrator\Favorites <FAVORI~1>
2008-03-29 10:50:35 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-03-29 10:50:35 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-03-29 10:50:35 0 dr-h----- C:\Documents and Settings\Administrator\Application Data <APPLIC~1>
2008-03-29 10:50:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-03-29 10:50:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-03-29 10:50:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-03-29 10:50:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-03-29 10:50:35 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-29 10:50:34 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-03-29 10:50:34 0 d--h----- C:\Documents and Settings\Administrator\Templates <TEMPLA~1>
2008-03-29 10:50:34 0 dr------- C:\Documents and Settings\Administrator\Start Menu <STARTM~1>
2008-03-29 10:50:34 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-03-29 10:50:34 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-03-29 10:50:34 0 d--h----- C:\Documents and Settings\Administrator\PrintHood <PRINTH~1>
2008-03-29 10:50:33 2097152 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-29 10:23:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 10:18:47 38400 --a------ C:\WINDOWS\system32\opnlmkj.dll
2008-03-29 10:13:06 0 d-------- C:\Program Files\Trend Micro
2008-03-28 10:52:08 87616 --a------ C:\WINDOWS\system32\vxnbnnrn.dll
2008-03-25 11:48:35 0 d-------- C:\WINDOWS\system32\aqVreo01
2008-03-25 11:48:31 38400 --a------ C:\WINDOWS\system32\pmnkiji.dll
2008-03-24 23:04:00 0 d-------- C:\Documents and Settings\Rob\Program Files
2008-03-24 23:03:56 0 d-------- C:\Documents and Settings\Rob\Application Data\BitTorrent
2008-03-24 22:49:00 91200 --a------ C:\WINDOWS\system32\nbyaugma.dll
2008-03-24 21:56:24 91200 --a------ C:\WINDOWS\system32\scaxxhxl.dll
2008-03-24 20:47:10 91200 --a------ C:\WINDOWS\system32\txjyopcq.dll
2008-03-24 20:32:46 91200 --a------ C:\WINDOWS\system32\mrbocicm.dll
2008-03-21 17:25:57 91712 --a------ C:\WINDOWS\system32\akebvwmw.dll
2008-03-18 18:51:05 0 d-------- C:\Documents and Settings\Rob\Application Data\vlc
2008-03-15 18:55:47 98368 --a------ C:\WINDOWS\system32\fwkffyfc.dll
2008-03-15 18:17:31 0 d-------- C:\Program Files\LimeWire
2008-03-15 17:48:26 0 dr------- C:\Shared
2008-03-14 18:33:36 275769 --ahs---- C:\WINDOWS\system32\ijkmp.ini2
2008-03-09 23:01:52 0 d-------- C:\Documents and Settings\[email protected]\Application Data\vlc
2008-03-09 22:44:28 0 d-------- C:\Program Files\VideoLAN
2008-03-06 23:19:59 0 d-------- C:\Documents and Settings\[email protected]\Application Data\BitTorrent
2008-03-06 23:19:30 0 d-------- C:\Program Files\DNA
2008-03-06 23:19:30 0 d-------- C:\Documents and Settings\[email protected]\Application Data\DNA
2008-03-06 18:31:33 0 d-------- C:\Documents and Settings\[email protected]\Application Data\Adobe
2008-03-05 19:13:20 0 d---s---- C:\Documents and Settings\Rob\UserData
2008-03-05 18:49:57 0 d-------- C:\Documents and Settings\Rob\Application Data\acccore
2008-03-05 18:32:59 0 d-------- C:\Documents and Settings\Rob\Application Data\Adobe
2008-03-05 18:31:15 0 d-------- C:\Documents and Settings\Rob\Application Data\Macromedia
2008-03-05 18:26:54 0 d-------- C:\Documents and Settings\Rob\Application Data\Google
2008-03-05 18:26:51 0 d-------- C:\Documents and Settings\Rob\Application Data\COMCASTTOOLBAR
2008-03-05 18:26:26 0 d-------- C:\Documents and Settings\Rob\Application Data\Talkback
2008-03-05 18:26:01 0 d-------- C:\Documents and Settings\Rob\Application Data\Mozilla
2008-03-05 18:22:26 0 dr------- C:\Documents and Settings\Rob\Favorites <FAVORI~1>
2008-03-05 18:22:26 0 d-------- C:\Documents and Settings\Rob\Desktop
2008-03-05 18:22:26 0 d---s---- C:\Documents and Settings\Rob\Cookies
2008-03-05 18:22:26 0 dr-h----- C:\Documents and Settings\Rob\Application Data <APPLIC~1>
2008-03-05 18:22:26 0 d-------- C:\Documents and Settings\Rob\Application Data\Symantec
2008-03-05 18:22:26 0 d-------- C:\Documents and Settings\Rob\Application Data\Sun
2008-03-05 18:22:26 0 d-------- C:\Documents and Settings\Rob\Application Data\SampleView
2008-03-05 18:22:26 0 d-------- C:\Documents and Settings\Rob\Application Data\Real
2008-03-05 18:22:26 0 d---s---- C:\Documents and Settings\Rob\Application Data\Microsoft
2008-03-05 18:22:26 0 d-------- C:\Documents and Settings\Rob\Application Data\Identities
2008-03-05 18:22:26 0 d-------- C:\Documents and Settings\Rob\Application Data\Apple Computer
2008-03-05 18:22:25 0 d-------- C:\Documents and Settings\Rob\WINDOWS
2008-03-05 18:22:25 0 d--h----- C:\Documents and Settings\Rob\Templates <TEMPLA~1>
2008-03-05 18:22:25 0 dr------- C:\Documents and Settings\Rob\Start Menu <STARTM~1>
2008-03-05 18:22:25 0 dr-h----- C:\Documents and Settings\Rob\SendTo
2008-03-05 18:22:25 0 dr-h----- C:\Documents and Settings\Rob\Recent
2008-03-05 18:22:25 0 d--h----- C:\Documents and Settings\Rob\PrintHood <PRINTH~1>
2008-03-05 18:22:25 0 d--h----- C:\Documents and Settings\Rob\NetHood
2008-03-05 18:22:25 0 dr------- C:\Documents and Settings\Rob\My Documents <MYDOCU~1>
2008-03-05 18:22:25 0 d--h----- C:\Documents and Settings\Rob\Local Settings <LOCALS~1>
2008-03-05 18:22:24 2170880 --a------ C:\Documents and Settings\Rob\NTUSER.DAT
2008-03-04 20:23:05 1167 --a------ C:\WINDOWS\mozver.dat
2008-03-04 16:12:14 0 d-------- C:\Documents and Settings\I lOvE nIkKi\Application Data\AdobeUM
2008-03-04 16:11:25 0 d-------- C:\Documents and Settings\I lOvE nIkKi\Application Data\Adobe
2008-03-04 15:59:50 159744 --a------ C:\WINDOWS\system32\igfxres.dll <Not Verified; Intel Corporation; Intel® Common User Interface>
2008-03-02 19:03:55 0 d-------- C:\Documents and Settings\I lOvE nIkKi\Application Data\Talkback
2008-03-02 18:29:09 0 d-------- C:\Documents and Settings\I lOvE nIkKi\Application Data\Mozilla
2008-03-02 16:05:45 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-02 15:53:03 0 d-------- C:\WINDOWS\system32\PreInstall
2008-03-01 22:11:08 0 d-------- C:\Documents and Settings\[email protected]\Application Data\acccore
2008-03-01 19:51:52 23040 --a------ C:\p9kels.exe
2008-03-01 19:44:03 0 d-------- C:\Documents and Settings\I lOvE nIkKi\Application Data\acccore
2008-03-01 19:42:14 0 d-------- C:\Program Files\AIM6
2008-03-01 19:37:19 23040 --a------ C:\0q19rp.exe
2008-03-01 19:21:51 86848 --a------ C:\WINDOWS\system32\drivers\WscNetDr.sys <Not Verified; McAfee, Inc.; McAfee Wireless Home Network Security>
2008-03-01 19:19:06 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-03-01 19:02:46 0 d-------- C:\Program Files\McAfee.com
2008-03-01 19:01:27 0 d-------- C:\Program Files\Common Files\McAfee
2008-03-01 19:00:46 0 d-------- C:\Program Files\McAfee
2008-03-01 19:00:28 0 d-------- C:\Program Files\Lavasoft
2008-03-01 19:00:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-01 18:56:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 18:47:51 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-01 18:41:45 0 d--hs---- C:\Documents and Settings\I lOvE nIkKi\UserData
2008-03-01 17:54:25 0 d-------- C:\Documents and Settings\[email protected]\Application Data\MSNInstaller
2008-03-01 13:26:01 0 d---s---- C:\Documents and Settings\[email protected]\UserData
2008-03-01 11:21:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-03-01 10:49:37 0 d-------- C:\Program Files\Fisher-Price
2008-03-01 10:39:16 9600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-01 10:38:41 24960 --a------ C:\WINDOWS\system32\drivers\hidparse.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-01 10:38:33 20992 --a------ C:\WINDOWS\system32\hid.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-01 10:38:21 36224 --a------ C:\WINDOWS\system32\drivers\hidclass.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-01 10:37:32 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-01 10:37:00 36352 --a------ C:\WINDOWS\system32\drivers\disk.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-01 10:37:00 0 d-------- C:\WINDOWS\LastGood
2008-02-29 23:14:07 0 d-------- C:\Documents and Settings\I lOvE nIkKi\Application Data\Macromedia
2008-02-29 23:10:49 0 d-------- C:\Documents and Settings\I lOvE nIkKi\Application Data\COMCASTTOOLBAR
2008-02-29 23:09:52 0 d-------- C:\Documents and Settings\I lOvE nIkKi\Application Data\AVSystemCare
2008-02-29 22:37:55 0 d-------- C:\Documents and Settings\[email protected]\Application Data\Viewpoint
2008-02-29 21:53:57 0 d-------- C:\Documents and Settings\[email protected]\Application Data\Sammsoft
2008-02-29 21:12:15 0 d-------- C:\Documents and Settings\[email protected]\Application Data\AVSystemCare
2008-02-29 21:11:49 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-29 21:11:43 0 d-------- C:\WINDOWS\system32\NtmsData
2008-02-29 20:40:27 280554 --ahs---- C:\WINDOWS\system32\hjjlm.ini2
2008-02-29 20:34:49 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2008-02-29 20:31:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-02-29 20:30:11 0 d-------- C:\Program Files\Outerinfo
2008-02-29 20:30:10 0 d-------- C:\Program Files\s?curity
2008-02-29 20:29:48 0 d-------- C:\Documents and Settings\NetworkService\Application Data\NetMon
2008-02-29 20:29:44 0 d--hs---- C:\WINDOWS\IA
2008-02-29 20:29:35 0 d-------- C:\WINDOWS\system32\x3
2008-02-29 20:29:35 0 d-------- C:\WINDOWS\system32\s7
2008-02-29 20:29:35 0 d-------- C:\WINDOWS\system32\k8
2008-02-29 20:29:35 0 d-------- C:\WINDOWS\system32\c4
2008-02-29 20:29:35 0 d-------- C:\WINDOWS\system32\c2
2008-02-29 20:29:34 0 d-------- C:\Program Files\Common Files\a?sembly
2008-02-29 20:29:31 0 d-------- C:\WINDOWS\system32\iDlo01
2008-02-29 20:08:40 0 d-------- C:\Program Files\AIMTunes
2008-02-29 20:07:42 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-29 19:47:50 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-02-29 19:47:24 0 d-------- C:\Documents and Settings\[email protected]\Application Data\AVG7
2008-02-29 19:42:19 0 d-------- C:\Program Files\ComcastToolbar
2008-02-29 19:42:19 0 d-------- C:\Documents and Settings\[email protected]\Application Data\ComcastToolbar
2008-02-29 19:41:26 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-02-29 19:41:16 0 d-------- C:\Program Files\Comcast
2008-02-10 04:53:28 0 d-------- C:\Documents and Settings\I lOvE nIkKi\Application Data\PlayFirst
2008-02-02 04:41:46 0 d-------- C:\Documents and Settings\I lOvE nIkKi\Application Data\Template
2008-02-02 04:26:57 0 d-------- C:\Documents and Settings\I lOvE nIkKi\Application Data\Google
2008-02-02 04:26:24 0 d-------- C:\Documents and Settings\I lOvE nIkKi\Application Data\Apple Computer
2008-02-02 04:26:23 0 d-------- C:\Documents and Settings\I lOvE nIkKi\WINDOWS
2008-02-02 04:26:23 0 d--h----- C:\Documents and Settings\I lOvE nIkKi\Templates <TEMPLA~1>
2008-02-02 04:26:23 0 dr------- C:\Documents and Settings\I lOvE nIkKi\Start Menu <STARTM~1>
2008-02-02 04:26:23 0 dr-h----- C:\Documents and Settings\I lOvE nIkKi\SendTo
2008-02-02 04:26:23 0 dr-h----- C:\Documents and Settings\I lOvE nIkKi\Recent
2008-02-02 04:26:23 0 d--h----- C:\Documents and Settings\I lOvE nIkKi\PrintHood <PRINTH~1>
2008-02-02 04:26:23 0 d--h----- C:\Documents and Settings\I lOvE nIkKi\NetHood
2008-02-02 04:26:23 0 dr------- C:\Documents and Settings\I lOvE nIkKi\My Documents <MYDOCU~1>
2008-02-02 04:26:23 0 d--h----- C:\Documents and Settings\I lOvE nIkKi\Local Settings <LOCALS~1>
2008-02-02 04:26:23 0 dr------- C:\Documents and Settings\I lOvE nIkKi\Favorites <FAVORI~1>
2008-02-02 04:26:23 0 d-------- C:\Documents and Settings\I lOvE nIkKi\Desktop
2008-02-02 04:26:23 0 d--hs---- C:\Documents and Settings\I lOvE nIkKi\Cookies
2008-02-02 04:26:23 0 dr-h----- C:\Documents and Settings\I lOvE nIkKi\Application Data <APPLIC~1>
2008-02-02 04:26:23 0 d-------- C:\Documents and Settings\I lOvE nIkKi\Application Data\Symantec
2008-02-02 04:26:23 0 d-------- C:\Documents and Settings\I lOvE nIkKi\Application Data\Sun
2008-02-02 04:26:23 0 d-------- C:\Documents and Settings\I lOvE nIkKi\Application Data\SampleView
2008-02-02 04:26:23 0 d-------- C:\Documents and Settings\I lOvE nIkKi\Application Data\Real
2008-02-02 04:26:23 0 d-------- C:\Documents and Settings\I lOvE nIkKi\Application Data\Identities
2008-02-02 04:26:22 4718592 --ah----- C:\Documents and Settings\I lOvE nIkKi\NTUSER.DAT
2008-02-02 04:15:48 106496 --a------ C:\WINDOWS\system32\ssdinerdash2.scr


-- Find3M Report ---------------------------------------------------------------

2008-03-27 13:14:26 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-27 11:20:23 0 d-------- C:\Program Files\WildTangent
2008-03-14 12:28:44 0 d-------- C:\Program Files\Common Files
2008-03-07 20:47:30 0 d-------- C:\Program Files\Google
2008-03-07 20:25:55 0 d-------- C:\Program Files\UNO Freeware
2008-03-07 20:25:55 0 d-------- C:\Program Files\SilverCreekCommonFiles
2008-03-07 20:25:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-07 20:25:15 0 d-------- C:\Program Files\DAP
2008-03-07 20:25:13 0 d-------- C:\Program Files\Common Files\aolshare
2008-03-07 20:25:09 0 d-------- C:\Program Files\AOL 9.0
2008-03-03 15:47:55 0 d-------- C:\Program Files\Messenger
2008-03-01 22:08:41 0 d-------- C:\Program Files\Common Files\a?sembly
2008-03-01 18:00:44 0 d-------- C:\Program Files\Common Files\AOL
2008-03-01 17:56:01 0 d-------- C:\Program Files\Motorola
2008-03-01 17:33:14 10 --a------ C:\WINDOWS\smdat32m.sys
2008-03-01 17:17:35 0 d-------- C:\Program Files\Hardwood Spades
2008-03-01 17:11:55 0 d-------- C:\Program Files\Easy Internet signup
2008-02-29 23:13:06 256 --a------ C:\Documents and Settings\I lOvE nIkKi\Application Data\urlredir.cfg
2008-02-29 23:11:51 292 --a------ C:\WINDOWS\smdat32a.sys
2008-02-29 20:58:35 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-29 20:58:33 0 d-------- C:\Program Files\Symantec
2008-02-29 20:30:10 0 d-------- C:\Program Files\s?curity
2008-02-29 19:42:21 0 d-------- C:\Program Files\Common Files\Scanner
2008-02-10 05:27:22 2528 --a------ C:\Documents and Settings\I lOvE nIkKi\Application Data\$_hpcst$.hpc
2008-01-08 11:55:08 208896 --a------ C:\WINDOWS\ss245sd.exe <Not Verified; ; ss245sd>
2008-01-01 20:45:10 0 d-------- C:\Program Files\Nikon
2008-01-01 20:45:10 0 d-------- C:\Program Files\Common Files\FotoNation
2007-12-04 13:38:13 550912 --a------ C:\WINDOWS\system32\oleaut32.dll <Not Verified; Microsoft Corporation; >


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0380F6F6-4734-4885-9CD8-CB82E7144652}]
C:\WINDOWS\system32\mljjh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D8282E6-BC4F-469B-AAED-7E4FF077AD93}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F7927D-E3E6-48F0-887D-9EAC0E782A34}]
C:\WINDOWS\system32\pmkji.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
09/19/2007 09:15 AM 329032 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87C95BC9-7AEA-4868-4D9C-79830CDB04A0}]
C:\Program Files\ComPlus Applications\lavuhaw640.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC831C34-2B7C-4C8A-833A-6E7236C62DCC}]
C:\Program Files\Common Files\hoken555077.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bfaa9f81-923d-4d6f-9d86-6a7f7795c979}]
C:\WINDOWS\system32\lsphkll.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9383002-FC55-4330-B9C9-67E03BC5C840}]
C:\WINDOWS\system32\qomnlif.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [12/07/2004 12:31 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/07/2004 04:03 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [04/21/2004 08:28 PM]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 07:06 PM C:\WINDOWS\AGRSMMSG.exe]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/20/2004 09:40 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [08/07/2004 04:20 PM]
"EVENTLISTENER"="C:\Program Files\Common Files\FotoNation\EvLstnr.exe" [06/20/2000 10:46 PM]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [04/19/2007 05:21 PM]
"@"="" []
"bm"="C:\Program Files\Common Files\AVSystemCare\bm.exe" []
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 01:33 AM]
"MWLExe"="C:\PROGRA~1\Mcafee\MWL\MWLGuiSt.exe" [07/28/2007 12:32 PM]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [07/22/2007 11:29 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 04:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" []
"runner1"="C:\WINDOWS\mrofinu572.exe" []
"MDNS"="C:\WINDOWS\system32\service.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/30/2008 11:36 AM]
"b4fe43bd"="C:\WINDOWS\system32\wpnvdoaj.dll" []
"IESet"="IExplorer.dll" []
"BMb7cd7021"="C:\WINDOWS\system32\vxnbnnrn.dll" [03/28/2008 10:52 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:00 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 11:15 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 10:43 AM]
"IESet"="IExplorer.dll" []
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [03/30/2008 11:36 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"IESet"=IExplorer.dll .dbt

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)
"NoActiveDesktopChanges"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E9383002-FC55-4330-B9C9-67E03BC5C840}"= C:\WINDOWS\system32\qomnlif.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kcghuzos]
kcghuzos.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnlif]
qomnlif.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkji.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f6aaba0-c564-11dc-86bd-00038a000015}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8073 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-03-01 12:53:22 ------------
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP