Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SD FIX report

Started by suzyokubo , Jun 27 2008 01:40 AM

  • Please log in to reply

#1
suzyokubo
Posted 27 June 2008 - 01:40 AM

suzyokubo

    New Member

  • Member
  • Pip
  • 2 posts
I a sending you the report from the SD fix Please help me solve this problem.
My computer is still infected
  • 0

Advertisements

#2
suzyokubo
Posted 27 June 2008 - 01:43 AM

suzyokubo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
SDFix: Version 1.194
Run by Owner on Fri 06/27/2008 at 07:41 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Owner\F245~1\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 08:04:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\xf892\5\5\x5c0\5\xf891\5 ?\x5c0\5\5״\5׀\5\x5f4\5 ?\xf892\5נ\5\xf88d\5״\5 ?P?C?I? ?\xf892\5\x5c1\5ס\5ׁ\5ׁ\5 ?D?P?8?3?8?1?5? ?\5\xf890\5 ?N?a?t?i?o?n?a?l? ?S?e?m?i?c?o?n?d?u?c?t?o?r?"=str(7):"1\0"
"\xf88d\5ײ\5\xf88d\5\x5c0\5\5 ?\x5c0\5\xf88d\5׀\5װ\5״\5\x5c0\5-?\x5c0\5\x5c3\5ס\5\xf891\5"=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?\16 1?3?9?4? ?N?e?t?\16 "=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?A?s?y?n?c? ?\5\xf890\5 ?R?A?S?"=str(7):"1\0"
"\xf892\5\xf88d\5׀\5\xf88d\5-?\xf88d\5ײ\5\xf88d\5\x5c0\5נ\5 ?\5\xf890\5 ?\xf892\5\5ע\5\xf892\5\xf893\5 ?\xf892\5׀\5ס\5\5"=str(7):"1\0002\0003\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\Shares]
"\xf892\5\x5c3\5װ\5ׁ\5\5"=str(7):"CSCFlags=0\0MaxUses=4294967295\0Path=Microsoft Office Document Image Writer,LocalsplOnly\0Permissions=0\0Remark=Microsoft Office Document Image Writer\0Type=1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\xf892\5\5\x5c0\5\xf891\5 ?\x5c0\5\5״\5׀\5\x5f4\5 ?\xf892\5נ\5\xf88d\5״\5 ?P?C?I? ?\xf892\5\x5c1\5ס\5ׁ\5ׁ\5 ?D?P?8?3?8?1?5? ?\5\xf890\5 ?N?a?t?i?o?n?a?l? ?S?e?m?i?c?o?n?d?u?c?t?o?r?"=str(7):"1\0"
"\xf88d\5ײ\5\xf88d\5\x5c0\5\5 ?\x5c0\5\xf88d\5׀\5װ\5״\5\x5c0\5-?\x5c0\5\x5c3\5ס\5\xf891\5"=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?\16 1?3?9?4? ?N?e?t?\16 "=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?A?s?y?n?c? ?\5\xf890\5 ?R?A?S?"=str(7):"1\0"
"\xf892\5\xf88d\5׀\5\xf88d\5-?\xf88d\5ײ\5\xf88d\5\x5c0\5נ\5 ?\5\xf890\5 ?\xf892\5\5ע\5\xf892\5\xf893\5 ?\xf892\5׀\5ס\5\5"=str(7):"1\0002\0003\0004\0"
"נ\5\5׳\5\xf893\5 ?B?l?u?e?t?o?o?t?h? ?(?״\5\5\5 ?\5׳\5\5ס\5״\5\5 ?\x5c0\5\xf88d\5\5\xf88d\5\5)?"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00025b013a34]
"000e7b2ac2f7"=hex:7c,f7,1d,0e,3f,54,24,97,40,57,3c,ec,0b,38,ec,a1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lanmanserver\Shares]
"\xf892\5\x5c3\5װ\5ׁ\5\5"=str(7):"CSCFlags=0\0MaxUses=4294967295\0Path=Microsoft Office Document Image Writer,LocalsplOnly\0Permissions=0\0Remark=Microsoft Office Document Image Writer\0Type=1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\xf892\5\5\x5c0\5\xf891\5 ?\x5c0\5\5״\5׀\5\x5f4\5 ?\xf892\5נ\5\xf88d\5״\5 ?P?C?I? ?\xf892\5\x5c1\5ס\5ׁ\5ׁ\5 ?D?P?8?3?8?1?5? ?\5\xf890\5 ?N?a?t?i?o?n?a?l? ?S?e?m?i?c?o?n?d?u?c?t?o?r?"=str(7):"1\0"
"\xf88d\5ײ\5\xf88d\5\x5c0\5\5 ?\x5c0\5\xf88d\5׀\5װ\5״\5\x5c0\5-?\x5c0\5\x5c3\5ס\5\xf891\5"=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?\16 1?3?9?4? ?N?e?t?\16 "=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?A?s?y?n?c? ?\5\xf890\5 ?R?A?S?"=str(7):"1\0"
"\xf892\5\xf88d\5׀\5\xf88d\5-?\xf88d\5ײ\5\xf88d\5\x5c0\5נ\5 ?\5\xf890\5 ?\xf892\5\5ע\5\xf892\5\xf893\5 ?\xf892\5׀\5ס\5\5"=str(7):"1\0002\0003\0004\0"
"נ\5\5׳\5\xf893\5 ?B?l?u?e?t?o?o?t?h? ?(?״\5\5\5 ?\5׳\5\5ס\5״\5\5 ?\x5c0\5\xf88d\5\5\xf88d\5\5)?"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b013a34]
"000e7b2ac2f7"=hex:7c,f7,1d,0e,3f,54,24,97,40,57,3c,ec,0b,38,ec,a1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares]
"\xf892\5\x5c3\5װ\5ׁ\5\5"=str(7):"CSCFlags=0\0MaxUses=4294967295\0Path=Microsoft Office Document Image Writer,LocalsplOnly\0Permissions=0\0Remark=Microsoft Office Document Image Writer\0Type=1\0"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\x5c1\5״\5\xf88d\5״\5\5 ?\xf892\5\x5f3\5\x5c3\5\xf890\5 ?\5\xf890\5 ?W?i?n?d?o?w?s?"="",,,,,,,,,,,,,""
"נ\5׀\5װ\5\5נ\5 ?\5\xf890\5 ?W?i?n?d?o?w?s?"=""C:\WINDOWS\Cursors\rainbow.ani,,C:\WINDOWS\Cursors\appstart.ani,C:\WINDOWS\Cursors\hourglas.ani,C:\WINDOWS\Cursors\cross.cur,,,,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,,""
"\xf890\5\x5c1\5\xf893\5 ?\5\xf890\5\5-?\xf892\5\xf88d\5\xf892\5\x5c3\5\xf88d\5"=""C:\WINDOWS\Cursors\3dwarro.cur,,C:\WINDOWS\Cursors\appstar3.ani,C:\WINDOWS\Cursors\hourgla3.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dwno.cur,C:\WINDOWS\Cursors\3dwns.cur,C:\WINDOWS\Cursors\3dwwe.cur,C:\WINDOWS\Cursors\3dwnwse.cur,C:\WINDOWS\Cursors\3dwnesw.cur,C:\WINDOWS\Cursors\3dwmove.cur,""
"\xf88d\5\x5c3\5\xf88d\5\xf88d\5\xf891\5 ?1?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\hand.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\hnodrop.cur,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
"\xf88d\5\x5c3\5\xf88d\5\xf88d\5\xf891\5 ?2?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\handwait.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\handno.ani,C:\WINDOWS\Cursors\handns.ani,C:\WINDOWS\Cursors\handwe.ani,C:\WINDOWS\Cursors\handnwse.ani,C:\WINDOWS\Cursors\handnesw.ani,C:\WINDOWS\Cursors\hmove.cur,""
"\x5c3\5\xf88d\5׀\5ס\5ע\5\x5c0\5ס\5״\5"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\dinosaur.ani,C:\WINDOWS\Cursors\dinosau2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\banana.ani,C:\WINDOWS\Cursors\3dsns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dsnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dsmove.cur,""
"ׁ\5\x5c2\5׀\5ס\5\xf893\5 ?\xf892\5\xf88d\5ס\5\5\xf893\5"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\horse.ani,C:\WINDOWS\Cursors\barber.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\coin.ani,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
"\xf892\5׀\5ײ\5\x5f3\5"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\drum.ani,C:\WINDOWS\Cursors\metronom.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\piano.ani,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
"\xf892\5ס\5\x5c2\5\x5c3\5\xf890\5"=""C:\WINDOWS\Cursors\larrow.cur,,C:\WINDOWS\Cursors\lappstrt.cur,C:\WINDOWS\Cursors\lwait.cur,C:\WINDOWS\Cursors\lcross.cur,C:\WINDOWS\Cursors\libeam.cur,,C:\WINDOWS\Cursors\lnodrop.cur,C:\WINDOWS\Cursors\lns.cur,C:\WINDOWS\Cursors\lwe.cur,C:\WINDOWS\Cursors\lnwse.cur,C:\WINDOWS\Cursors\lnesw.cur,C:\WINDOWS\Cursors\lmove.cur,""
"\5\xf88d\5׀\5ס\5\xf88d\5\xf88d\5\xf891\5"=""C:\WINDOWS\Cursors\fillitup.ani,,C:\WINDOWS\Cursors\raindrop.ani,C:\WINDOWS\Cursors\counter.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\wagtail.ani,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,""
"\x5c0\5״\5\x5c3\5 ?\5\xf890\5\5-?\xf892\5\xf88d\5\xf892\5\x5c3\5\xf88d\5"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\appstar2.ani,C:\WINDOWS\Cursors\hourgla2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dgno.cur,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
"\5\x5f3\5ס\5״\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\5\x5f3\5ס\5״\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\5\x5f3\5ס\5״\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5 ?\xf892\5\x5c0\5ס\5\x5c3\5)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
"ײ\5\x5c1\5ׂ\5\xf88d\5\xf891\5 ?נ\5װ\5ס\5\xf88f\5\xf88d\5\xf891\5 ?\5\xf890\5 ?W?i?n?d?o?w?s?"="C:\WINDOWS\cursors\arrow_i.cur,C:\WINDOWS\cursors\help_i.cur,C:\WINDOWS\cursors\wait_i.cur,C:\WINDOWS\cursors\busy_i.cur,C:\WINDOWS\cursors\cross_i.cur,C:\WINDOWS\cursors\beam_i.cur,C:\WINDOWS\cursors\pen_i.cur,C:\WINDOWS\cursors\no_i.cur,C:\WINDOWS\cursors\size4_i.cur,C:\WINDOWS\cursors\size3_i.cur,C:\WINDOWS\cursors\size2_i.cur,C:\WINDOWS\cursors\size1_i.cur,C:\WINDOWS\cursors\move_i.cur,C:\WINDOWS\cursors\up_i.cur"
"ײ\5\x5c1\5ׂ\5\xf88d\5\xf891\5 ?נ\5װ\5ס\5\xf88f\5\xf88d\5\xf891\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5)?"="C:\WINDOWS\cursors\arrow_im.cur,C:\WINDOWS\cursors\help_im.cur,C:\WINDOWS\cursors\wait_im.cur,C:\WINDOWS\cursors\busy_im.cur,C:\WINDOWS\cursors\cross_im.cur,C:\WINDOWS\cursors\beam_im.cur,C:\WINDOWS\cursors\pen_im.cur,C:\WINDOWS\cursors\no_im.cur,C:\WINDOWS\cursors\size4_im.cur,C:\WINDOWS\cursors\size3_im.cur,C:\WINDOWS\cursors\size2_im.cur,C:\WINDOWS\cursors\size1_im.cur,C:\WINDOWS\cursors\move_im.cur,C:\WINDOWS\cursors\up_im.cur"
"ײ\5\x5c1\5ׂ\5\xf88d\5\xf891\5 ?נ\5װ\5ס\5\xf88f\5\xf88d\5\xf891\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5 ?\xf892\5\x5c0\5ס\5\x5c3\5)?"="C:\WINDOWS\cursors\arrow_il.cur,C:\WINDOWS\cursors\help_il.cur,C:\WINDOWS\cursors\wait_il.cur,C:\WINDOWS\cursors\busy_il.cur,C:\WINDOWS\cursors\cross_il.cur,C:\WINDOWS\cursors\beam_il.cur,C:\WINDOWS\cursors\pen_il.cur,C:\WINDOWS\cursors\no_il.cur,C:\WINDOWS\cursors\size4_il.cur,C:\WINDOWS\cursors\size3_il.cur,C:\WINDOWS\cursors\size2_il.cur,C:\WINDOWS\cursors\size1_il.cur,C:\WINDOWS\cursors\move_il.cur,C:\WINDOWS\cursors\up_il.cur"
"ׁ\5\x5f4\5׀\5\x5c3\5״\5\x5f4\5\xf88d\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5)?"="C:\WINDOWS\cursors\arrow_m.cur,C:\WINDOWS\cursors\help_m.cur,C:\WINDOWS\cursors\wait_m.cur,C:\WINDOWS\cursors\busy_m.cur,C:\WINDOWS\cursors\cross_m.cur,C:\WINDOWS\cursors\beam_m.cur,C:\WINDOWS\cursors\pen_m.cur,C:\WINDOWS\cursors\no_m.cur,C:\WINDOWS\cursors\size4_m.cur,C:\WINDOWS\cursors\size3_m.cur,C:\WINDOWS\cursors\size2_m.cur,C:\WINDOWS\cursors\size1_m.cur,C:\WINDOWS\cursors\move_m.cur,C:\WINDOWS\cursors\up_m.cur"
"ׁ\5\x5f4\5׀\5\x5c3\5״\5\x5f4\5\xf88d\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5 ?\xf892\5\x5c0\5ס\5\x5c3\5)?"="C:\WINDOWS\cursors\arrow_l.cur,C:\WINDOWS\cursors\help_l.cur,C:\WINDOWS\cursors\wait_l.cur,C:\WINDOWS\cursors\busy_l.cur,C:\WINDOWS\cursors\cross_l.cur,C:\WINDOWS\cursors\beam_l.cur,C:\WINDOWS\cursors\pen_l.cur,C:\WINDOWS\cursors\no_l.cur,C:\WINDOWS\cursors\size4_l.cur,C:\WINDOWS\cursors\size3_l.cur,C:\WINDOWS\cursors\size2_l.cur,C:\WINDOWS\cursors\size1_l.cur,C:\WINDOWS\cursors\move_l.cur,C:\WINDOWS\cursors\up_l.cur"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\GrpConv\MapGroups]
"\xf892\5\5\x5f3\5׳\5\xf88d\5\xf891\5"="גײט\י׳ח"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35CD480D-16FA-F999-65D5-8534217FF352}]

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\\Program Files\\eMule\\emule.exe"="H:\\Program Files\\eMule\\emule.exe:*:Enabled:TLN eMule MOD v6.0 [v0.47a]"
"C:\\Program Files\\eMule XvooM 3.0\\eMule XvooM 3.0.exe"="C:\\Program Files\\eMule XvooM 3.0\\eMule XvooM 3.0.exe:*:Enabled:eMule"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\WebTV\\webtv.exe"="C:\\Program Files\\WebTV\\webtv.exe:*:Enabled:webtv"
"C:\\Program Files\\Spikko\\SpikkoPhone.exe"="C:\\Program Files\\Spikko\\SpikkoPhone.exe:*:Enabled: "
"C:\\Program Files\\RayV\\RayV\\RayV.exe"="C:\\Program Files\\RayV\\RayV\\RayV.exe:*:Enabled:RayV"
"C:\\Program Files\\ooVoo\\ooVoo.exe"="C:\\Program Files\\ooVoo\\ooVoo.exe:*:Enabled:ooVoo"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Yahoo!J\\Messenger\\YPagerj.exe"="C:\\Program Files\\Yahoo!J\\Messenger\\YPagerj.exe:*:Enabled:Yahoo!???????"
"C:\\Program Files\\Yahoo!J\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!J\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\WinFtp Server\\WFTPSRV.exe"="C:\\Program Files\\WinFtp Server\\WFTPSRV.exe:*:Enabled:WinFtp Server"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Wed 31 Jul 2002 100 ..SH. --- "C:\WINDOWS\WSYS049.SYS"
Sun 17 Feb 2008 38,912 ...H. --- "C:\Documents and Settings\Owner\™…Œ‡ „’…ƒ„\~WRL0629.tmp"
Tue 19 Feb 2008 37,376 ...H. --- "C:\Documents and Settings\Owner\™…Œ‡ „’…ƒ„\~WRL0939.tmp"
Sat 15 Dec 2007 34,304 ...H. --- "C:\Documents and Settings\Owner\™…Œ‡ „’…ƒ„\~WRL3108.tmp"
Tue 12 Feb 2008 24,064 ...H. --- "C:\Documents and Settings\Owner\™…Œ‡ „’…ƒ„\~WRL3220.tmp"
Fri 13 Jun 2008 27,136 A..H. --- "C:\Documents and Settings\Owner\My Documents\~WRL2239.tmp"
Wed 27 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 15 Oct 2007 54,272 ...H. --- "C:\Documents and Settings\Owner\™…Œ‡ „’…ƒ„\caoching\~WRL0001.tmp"
Wed 30 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\734c918b43359bcdbde50b62df605e5f\BITF.tmp"
Sun 17 Feb 2008 36,352 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL3693.tmp"

Finished!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP