SmitFraudFix v2.309
Scan done at 18:51:41.53, Wed 04/02/2008
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\mnonwrup\ivsfqbqx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ytyncbip.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Multimedia Keyboard & Mouse Driver\MouseDrv.exe
C:\Program Files\Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\dwltqnmx.exe FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1
C:\DOCUME~1\Owner\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\Owner\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\Owner\FAVORI~1\Spyware?Malware Protection.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\akl\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
[!] Suspicious: sxfnewqb.dll
SSODL: sxfnewqb - {E0644451-5980-42B8-A775-5CC000830150}
[!] Suspicious: fkdnrwsv.dll
SSODL: fkdnrwsv - {46DAEBB8-9361-4039-95D7-E5C2F3B99C7F}
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{49570036-000A-4132-8430-CE3E7B70ABA1}: DhcpNameServer=192.168.2.1 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{49570036-000A-4132-8430-CE3E7B70ABA1}: DhcpNameServer=192.168.2.1 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{49570036-000A-4132-8430-CE3E7B70ABA1}: DhcpNameServer=192.168.2.1 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-02 18:56:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:52 PM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\mnonwrup\ivsfqbqx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ytyncbip.exe
C:\Program Files\Multimedia Keyboard & Mouse Driver\MouseDrv.exe
C:\Program Files\Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarerefer...=...6Ojg5&lid=2R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.comR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GNX Bingo - {5B9512A7-C919-4035-A08D-8888AA6F5F7A} - C:\WINDOWS\svpekgongrk.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: (no name) - {695F6434-6E09-4AD4-B3F6-3DD9C3AC1501} - C:\WINDOWS\system32\awtuttTM.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {fbc9b46b-3345-0cfb-e5a4-f61429fc6ad7} - {7da6cf92-416f-4a5e-bfc0-5433b64b9cbf} - C:\WINDOWS\system32\mcuddutk.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {94BC3D1D-22E9-4744-8ED1-3E08A3B74078} - C:\WINDOWS\system32\iiffeEWo.dll
O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E0E9202C-F2DD-4561-8627-F74C892618BB} - C:\WINDOWS\system32\pmnmklkl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O3 - Toolbar: stfngdvw - {BE39F01C-46FB-4111-9AE9-2F11DC22AF69} - C:\WINDOWS\stfngdvw.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Keyboard & Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Keyboard & Mouse Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [0032209f] rundll32.exe "C:\WINDOWS\system32\orvrmawt.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [otgaucfd] C:\WINDOWS\system32\ytyncbip.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKLM\..\Policies\Explorer\Run: [4QT02qQ1o2] C:\Documents and Settings\All Users\Application Data\mnonwrup\ivsfqbqx.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Search -
http://edits.mywebse...?p=ZJxdm035MHUSO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: Yahoo! Hearts -
http://download2.gam...nts/y/ht1_x.cabO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://a1540.g.akama...ex/qtplugin.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.exe.imgfar...p1.0.0.15-3.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1005.cabO16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -
http://ipgweb.cce.hp...ads/sysinfo.cabO16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} -
http://www.infospace...pointsSetup.exeO16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -
https://webdl.symant...ex/symdlmgr.cabO16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -
http://launch.gamesp...nch/alaunch.cabO16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
https://h17000.www1....loadManager.ocxO20 - Winlogon Notify: iiffeEWo - C:\WINDOWS\SYSTEM32\iiffeEWo.dll
O21 - SSODL: sxfnewqb - {E0644451-5980-42B8-A775-5CC000830150} - C:\WINDOWS\sxfnewqb.dll
O21 - SSODL: fkdnrwsv - {46DAEBB8-9361-4039-95D7-E5C2F3B99C7F} - C:\WINDOWS\fkdnrwsv.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Lexar SG20 (LxrSG20s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSG20s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 11804 bytes
-- Files created between 2008-03-02 and 2008-04-02 -----------------------------
2008-04-02 18:52:13 4766 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-02 18:51:21 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-02 18:51:21 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-02 18:51:21 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-02 18:51:21 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-02 18:51:20 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-02 18:51:20 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-04-02 18:51:20 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-02 18:49:26 91712 --a------ C:\WINDOWS\system32\mcuddutk.dll
2008-04-02 18:47:44 83520 --a------ C:\WINDOWS\system32\orvrmawt.dll
2008-04-01 18:14:28 0 d-------- C:\Program Files\Trend Micro
2008-04-01 13:35:57 90688 --a------ C:\WINDOWS\system32\ptqcebhm.dll
2008-04-01 13:32:55 85568 -----n--- C:\WINDOWS\system32\qhxsjxlc.dll
2008-03-31 18:07:26 0 d-------- C:\ie-spyad_zo
2008-03-31 17:52:30 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-03-31 13:35:21 0 --a------ C:\WINDOWS\system32\qrpdlpse.dll
2008-03-31 13:31:15 0 --a------ C:\WINDOWS\system32\tkwtjatx.dll
2008-03-30 19:20:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-03-30 19:03:57 0 d-------- C:\Program Files\Exterminate It!
2008-03-30 13:36:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-03-30 12:59:22 0 d-------- C:\VundoFix Backups
2008-03-30 12:51:37 0 --a------ C:\WINDOWS\system32\ytfxtayq.dll
2008-03-30 12:50:54 187665 --ahs---- C:\WINDOWS\system32\lklkmnmp.ini2
2008-03-30 12:50:50 268288 --a------ C:\WINDOWS\system32\pmnmklkl.dll
2008-03-30 12:15:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-03-30 10:53:01 204551 --ahs---- C:\WINDOWS\system32\mpXwaGgh.ini2
2008-03-30 10:28:36 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-30 10:28:09 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-30 10:28:09 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-03-30 08:32:40 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-03-30 08:32:40 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-03-30 08:32:40 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-03-30 08:32:40 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-03-30 08:32:40 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-03-30 08:32:40 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-30 08:32:40 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-03-30 08:32:40 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-30 08:32:40 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-03-30 08:32:40 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-03-30 08:32:40 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-03-30 08:32:40 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-03-30 08:32:40 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-30 08:32:39 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-30 07:44:26 1152 --a------ C:\WINDOWS\system32\windrv.sys
2008-03-29 15:07:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-03-29 15:01:48 0 d-------- C:\Program Files\Windows Sidebar
2008-03-29 14:58:41 0 d-------- C:\Program Files\Norton Internet Security
2008-03-28 21:19:47 189532 --ahs---- C:\WINDOWS\system32\MTttutwa.ini2
2008-03-28 20:33:23 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-03-28 20:33:23 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-03-28 20:33:23 4096 --a------ C:\WINDOWS\system32taack.exe
2008-03-28 20:33:23 4096 --a------ C:\WINDOWS\system32taack.dat
2008-03-28 20:33:23 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-03-28 20:33:23 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-03-28 20:33:23 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-03-28 20:33:23 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-03-28 20:33:23 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-03-28 20:33:23 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-03-28 20:33:23 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-03-28 20:33:23 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-03-28 20:33:23 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-03-28 20:33:23 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-03-28 20:33:23 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-03-28 20:33:23 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-03-28 20:33:23 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-03-28 20:33:23 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-03-28 20:33:23 4096 --a------ C:\WINDOWS\a.bat
2008-03-28 20:33:23 0 d-------- C:\Documents and Settings\Owner\Desktopvirii
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\winsystem.exe
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32thun.dll
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-03-28 20:33:22 0 d-------- C:\WINDOWS\system32smp
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32netode.exe
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32bdn.com
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\mssecu.exe
2008-03-28 20:33:22 4096 --a------ C:\WINDOWS\bdn.com
2008-03-28 20:33:22 0 d-------- C:\Program Files\Inet Delivery
2008-03-28 20:33:22 4096 --a------ C:\Documents and Settings\Owner\DesktopFWebdEditor.exe
2008-03-28 20:33:22 4096 --a------ C:\Documents and Settings\Owner\Desktopfwebd.exe
2008-03-28 20:33:22 4096 --a------ C:\Documents and Settings\Owner\Desktopfilemanagerclient.exe
2008-03-28 20:33:21 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-03-28 20:33:21 0 d-------- C:\WINDOWS\mslagent
2008-03-28 20:33:21 0 d-------- C:\Program Files\akl
2008-03-28 20:33:16 266240 --a------ C:\WINDOWS\sxfnewqb.dll
2008-03-28 20:33:16 245760 --a------ C:\WINDOWS\fkdnrwsv.dll
2008-03-28 20:33:16 0 --a------ C:\WINDOWS\dwltqnmx.exe
2008-03-28 20:33:05 110592 --a------ C:\WINDOWS\system32\ytyncbip.exe
2008-03-28 20:33:05 0 d-------- C:\Documents and Settings\All Users\Application Data\mnonwrup
2008-03-28 20:33:00 40448 --a------ C:\WINDOWS\system32\iiffeEWo.dll
-- Find3M Report ---------------------------------------------------------------
2008-04-02 13:25:26 0 d-------- C:\Program Files\YPOPs
2008-04-02 07:28:18 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-01 18:08:29 0 d-------- C:\Program Files\Common Files
2008-03-31 22:21:37 1682 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-30 20:57:58 0 d-------- C:\Program Files\Java
2008-03-29 15:04:10 0 d-------- C:\Program Files\Symantec
2008-03-25 20:06:34 0 d-------- C:\Program Files\EA Games
2008-03-15 23:55:52 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-02 23:29:55 0 d-------- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2008-03-02 16:06:08 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-01 02:34:52 0 d-------- C:\Program Files\Napster
2008-02-28 22:27:36 0 d-------- C:\Program Files\SonicWallES
2008-02-28 22:23:56 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2008-02-28 17:57:55 0 d-------- C:\Program Files\PlayMP3z
2008-02-28 17:57:30 0 d-------- C:\Program Files\GameSpy Arcade
2008-02-28 00:09:33 0 d-------- C:\Program Files\Lavasoft
2008-02-24 01:32:11 0 d-------- C:\Program Files\WordPerfect Office X3
2008-02-24 01:28:36 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-02-19 23:26:45 0 d-------- C:\Program Files\Panicware
2008-02-18 19:47:27 0 d-------- C:\Program Files\Alex Feinman
2008-02-17 16:32:34 0 d-------- C:\Documents and Settings\Owner\Application Data\mypoints
2008-02-17 16:32:11 0 d-------- C:\Program Files\mypoints
2008-02-07 18:52:15 0 d-------- C:\Program Files\LimeWire
2008-02-02 16:03:55 0 d-------- C:\Documents and Settings\Owner\Application Data\Move Networks
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B9512A7-C919-4035-A08D-8888AA6F5F7A}]
C:\WINDOWS\svpekgongrk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
02/06/2008 11:05 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{695F6434-6E09-4AD4-B3F6-3DD9C3AC1501}]
C:\WINDOWS\system32\awtuttTM.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
03/29/2008 03:00 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7da6cf92-416f-4a5e-bfc0-5433b64b9cbf}]
04/02/2008 06:49 PM 91712 --a------ C:\WINDOWS\system32\mcuddutk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94BC3D1D-22E9-4744-8ED1-3E08A3B74078}]
03/28/2008 08:33 PM 40448 --a------ C:\WINDOWS\system32\iiffeEWo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CEC4-75A487FD6484}]
10/02/2007 03:31 PM 1909248 --a------ C:\PROGRA~1\mypoints\mypoints.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0E9202C-F2DD-4561-8627-F74C892618BB}]
03/30/2008 12:50 PM 268288 --a------ C:\WINDOWS\system32\pmnmklkl.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= C:\PROGRA~1\mypoints\mypoints.dll [10/02/2007 03:31 PM 1909248]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [02/06/2008 11:05 PM 349552]
[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-CEC4-75A487FD6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]
[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 07:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 07:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 07:00 AM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 04:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [07/05/2006 03:01 AM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [10/23/2003 10:51 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [09/01/2003 06:42 AM]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [05/21/2003 09:37 PM]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 11:26 PM]
"WireLessMouse"="C:\Program Files\Multimedia Keyboard & Mouse Driver\StartAutorun.exe" [11/30/2005 12:48 PM]
"WireLessKeyboard"="C:\Program Files\Multimedia Keyboard & Mouse Driver\StartAutorun.exe" [11/30/2005 12:48 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/14/2007 11:07 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" []
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 01:37 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [02/07/2008 01:49 AM]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"0032209f"="C:\WINDOWS\system32\orvrmawt.dll" [04/02/2008 06:47 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" []
"otgaucfd"="C:\WINDOWS\system32\ytyncbip.exe" [03/28/2008 08:33 PM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"4QT02qQ1o2"=C:\Documents and Settings\All Users\Application Data\mnonwrup\ivsfqbqx.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{94BC3D1D-22E9-4744-8ED1-3E08A3B74078}"= C:\WINDOWS\system32\iiffeEWo.dll [03/28/2008 08:33 PM 40448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"sxfnewqb"= {E0644451-5980-42B8-A775-5CC000830150} - C:\WINDOWS\sxfnewqb.dll [03/28/2008 07:19 PM 266240]
"fkdnrwsv"= {46DAEBB8-9361-4039-95D7-E5C2F3B99C7F} - C:\WINDOWS\fkdnrwsv.dll [03/28/2008 07:19 PM 245760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffeEWo]
iiffeEWo.dll 03/28/2008 08:33 PM 40448 C:\WINDOWS\system32\iiffeEWo.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnmklkl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlackBerry Desktop Redirector.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlackBerry Desktop Redirector.lnk
backup=C:\WINDOWS\pss\BlackBerry Desktop Redirector.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerGrid.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerGrid.lnk
backup=C:\WINDOWS\pss\PowerGrid.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
"C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{779512c8-c958-11db-a14d-000c6eb389ed}]
AutoRun\command- J:\JDSecure\Windows\JDSecure20.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83f12402-d8d6-11db-a19b-000c6eb389ed}]
AutoRun\command- K:\JDSecure\Windows\JDSecure20.exe
*Newly Created Service* - COMHOST
-- End of Deckard's System Scanner: finished at 2008-04-02 19:00:50 ------------
Edited by pgtl_10, 02 April 2008 - 06:20 PM.