Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SD FIX report


  • Please log in to reply

#1
suzyokubo

suzyokubo

    New Member

  • Member
  • Pip
  • 2 posts
I a sending you the report from the SD fix Please help me solve this problem.
My computer is still infected
  • 0

Advertisements


#2
suzyokubo

suzyokubo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
SDFix: Version 1.194
Run by Owner on Fri 06/27/2008 at 07:41 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Owner\F245~1\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 08:04:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\xf892\5\5\x5c0\5\xf891\5 ?\x5c0\5\5״\5׀\5\x5f4\5 ?\xf892\5נ\5\xf88d\5״\5 ?P?C?I? ?\xf892\5\x5c1\5ס\5ׁ\5ׁ\5 ?D?P?8?3?8?1?5? ?\5\xf890\5 ?N?a?t?i?o?n?a?l? ?S?e?m?i?c?o?n?d?u?c?t?o?r?"=str(7):"1\0"
"\xf88d\5ײ\5\xf88d\5\x5c0\5\5 ?\x5c0\5\xf88d\5׀\5װ\5״\5\x5c0\5-?\x5c0\5\x5c3\5ס\5\xf891\5"=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?\16 1?3?9?4? ?N?e?t?\16 "=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?A?s?y?n?c? ?\5\xf890\5 ?R?A?S?"=str(7):"1\0"
"\xf892\5\xf88d\5׀\5\xf88d\5-?\xf88d\5ײ\5\xf88d\5\x5c0\5נ\5 ?\5\xf890\5 ?\xf892\5\5ע\5\xf892\5\xf893\5 ?\xf892\5׀\5ס\5\5"=str(7):"1\0002\0003\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\Shares]
"\xf892\5\x5c3\5װ\5ׁ\5\5"=str(7):"CSCFlags=0\0MaxUses=4294967295\0Path=Microsoft Office Document Image Writer,LocalsplOnly\0Permissions=0\0Remark=Microsoft Office Document Image Writer\0Type=1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\xf892\5\5\x5c0\5\xf891\5 ?\x5c0\5\5״\5׀\5\x5f4\5 ?\xf892\5נ\5\xf88d\5״\5 ?P?C?I? ?\xf892\5\x5c1\5ס\5ׁ\5ׁ\5 ?D?P?8?3?8?1?5? ?\5\xf890\5 ?N?a?t?i?o?n?a?l? ?S?e?m?i?c?o?n?d?u?c?t?o?r?"=str(7):"1\0"
"\xf88d\5ײ\5\xf88d\5\x5c0\5\5 ?\x5c0\5\xf88d\5׀\5װ\5״\5\x5c0\5-?\x5c0\5\x5c3\5ס\5\xf891\5"=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?\16 1?3?9?4? ?N?e?t?\16 "=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?A?s?y?n?c? ?\5\xf890\5 ?R?A?S?"=str(7):"1\0"
"\xf892\5\xf88d\5׀\5\xf88d\5-?\xf88d\5ײ\5\xf88d\5\x5c0\5נ\5 ?\5\xf890\5 ?\xf892\5\5ע\5\xf892\5\xf893\5 ?\xf892\5׀\5ס\5\5"=str(7):"1\0002\0003\0004\0"
"נ\5\5׳\5\xf893\5 ?B?l?u?e?t?o?o?t?h? ?(?״\5\5\5 ?\5׳\5\5ס\5״\5\5 ?\x5c0\5\xf88d\5\5\xf88d\5\5)?"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00025b013a34]
"000e7b2ac2f7"=hex:7c,f7,1d,0e,3f,54,24,97,40,57,3c,ec,0b,38,ec,a1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lanmanserver\Shares]
"\xf892\5\x5c3\5װ\5ׁ\5\5"=str(7):"CSCFlags=0\0MaxUses=4294967295\0Path=Microsoft Office Document Image Writer,LocalsplOnly\0Permissions=0\0Remark=Microsoft Office Document Image Writer\0Type=1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\xf892\5\5\x5c0\5\xf891\5 ?\x5c0\5\5״\5׀\5\x5f4\5 ?\xf892\5נ\5\xf88d\5״\5 ?P?C?I? ?\xf892\5\x5c1\5ס\5ׁ\5ׁ\5 ?D?P?8?3?8?1?5? ?\5\xf890\5 ?N?a?t?i?o?n?a?l? ?S?e?m?i?c?o?n?d?u?c?t?o?r?"=str(7):"1\0"
"\xf88d\5ײ\5\xf88d\5\x5c0\5\5 ?\x5c0\5\xf88d\5׀\5װ\5״\5\x5c0\5-?\x5c0\5\x5c3\5ס\5\xf891\5"=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?\16 1?3?9?4? ?N?e?t?\16 "=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?A?s?y?n?c? ?\5\xf890\5 ?R?A?S?"=str(7):"1\0"
"\xf892\5\xf88d\5׀\5\xf88d\5-?\xf88d\5ײ\5\xf88d\5\x5c0\5נ\5 ?\5\xf890\5 ?\xf892\5\5ע\5\xf892\5\xf893\5 ?\xf892\5׀\5ס\5\5"=str(7):"1\0002\0003\0004\0"
"נ\5\5׳\5\xf893\5 ?B?l?u?e?t?o?o?t?h? ?(?״\5\5\5 ?\5׳\5\5ס\5״\5\5 ?\x5c0\5\xf88d\5\5\xf88d\5\5)?"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b013a34]
"000e7b2ac2f7"=hex:7c,f7,1d,0e,3f,54,24,97,40,57,3c,ec,0b,38,ec,a1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares]
"\xf892\5\x5c3\5װ\5ׁ\5\5"=str(7):"CSCFlags=0\0MaxUses=4294967295\0Path=Microsoft Office Document Image Writer,LocalsplOnly\0Permissions=0\0Remark=Microsoft Office Document Image Writer\0Type=1\0"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\x5c1\5״\5\xf88d\5״\5\5 ?\xf892\5\x5f3\5\x5c3\5\xf890\5 ?\5\xf890\5 ?W?i?n?d?o?w?s?"="",,,,,,,,,,,,,""
"נ\5׀\5װ\5\5נ\5 ?\5\xf890\5 ?W?i?n?d?o?w?s?"=""C:\WINDOWS\Cursors\rainbow.ani,,C:\WINDOWS\Cursors\appstart.ani,C:\WINDOWS\Cursors\hourglas.ani,C:\WINDOWS\Cursors\cross.cur,,,,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,,""
"\xf890\5\x5c1\5\xf893\5 ?\5\xf890\5\5-?\xf892\5\xf88d\5\xf892\5\x5c3\5\xf88d\5"=""C:\WINDOWS\Cursors\3dwarro.cur,,C:\WINDOWS\Cursors\appstar3.ani,C:\WINDOWS\Cursors\hourgla3.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dwno.cur,C:\WINDOWS\Cursors\3dwns.cur,C:\WINDOWS\Cursors\3dwwe.cur,C:\WINDOWS\Cursors\3dwnwse.cur,C:\WINDOWS\Cursors\3dwnesw.cur,C:\WINDOWS\Cursors\3dwmove.cur,""
"\xf88d\5\x5c3\5\xf88d\5\xf88d\5\xf891\5 ?1?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\hand.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\hnodrop.cur,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
"\xf88d\5\x5c3\5\xf88d\5\xf88d\5\xf891\5 ?2?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\handwait.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\handno.ani,C:\WINDOWS\Cursors\handns.ani,C:\WINDOWS\Cursors\handwe.ani,C:\WINDOWS\Cursors\handnwse.ani,C:\WINDOWS\Cursors\handnesw.ani,C:\WINDOWS\Cursors\hmove.cur,""
"\x5c3\5\xf88d\5׀\5ס\5ע\5\x5c0\5ס\5״\5"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\dinosaur.ani,C:\WINDOWS\Cursors\dinosau2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\banana.ani,C:\WINDOWS\Cursors\3dsns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dsnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dsmove.cur,""
"ׁ\5\x5c2\5׀\5ס\5\xf893\5 ?\xf892\5\xf88d\5ס\5\5\xf893\5"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\horse.ani,C:\WINDOWS\Cursors\barber.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\coin.ani,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
"\xf892\5׀\5ײ\5\x5f3\5"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\drum.ani,C:\WINDOWS\Cursors\metronom.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\piano.ani,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
"\xf892\5ס\5\x5c2\5\x5c3\5\xf890\5"=""C:\WINDOWS\Cursors\larrow.cur,,C:\WINDOWS\Cursors\lappstrt.cur,C:\WINDOWS\Cursors\lwait.cur,C:\WINDOWS\Cursors\lcross.cur,C:\WINDOWS\Cursors\libeam.cur,,C:\WINDOWS\Cursors\lnodrop.cur,C:\WINDOWS\Cursors\lns.cur,C:\WINDOWS\Cursors\lwe.cur,C:\WINDOWS\Cursors\lnwse.cur,C:\WINDOWS\Cursors\lnesw.cur,C:\WINDOWS\Cursors\lmove.cur,""
"\5\xf88d\5׀\5ס\5\xf88d\5\xf88d\5\xf891\5"=""C:\WINDOWS\Cursors\fillitup.ani,,C:\WINDOWS\Cursors\raindrop.ani,C:\WINDOWS\Cursors\counter.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\wagtail.ani,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,""
"\x5c0\5״\5\x5c3\5 ?\5\xf890\5\5-?\xf892\5\xf88d\5\xf892\5\x5c3\5\xf88d\5"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\appstar2.ani,C:\WINDOWS\Cursors\hourgla2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dgno.cur,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
"\5\x5f3\5ס\5״\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\5\x5f3\5ס\5״\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\5\x5f3\5ס\5״\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5 ?\xf892\5\x5c0\5ס\5\x5c3\5)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
"ײ\5\x5c1\5ׂ\5\xf88d\5\xf891\5 ?נ\5װ\5ס\5\xf88f\5\xf88d\5\xf891\5 ?\5\xf890\5 ?W?i?n?d?o?w?s?"="C:\WINDOWS\cursors\arrow_i.cur,C:\WINDOWS\cursors\help_i.cur,C:\WINDOWS\cursors\wait_i.cur,C:\WINDOWS\cursors\busy_i.cur,C:\WINDOWS\cursors\cross_i.cur,C:\WINDOWS\cursors\beam_i.cur,C:\WINDOWS\cursors\pen_i.cur,C:\WINDOWS\cursors\no_i.cur,C:\WINDOWS\cursors\size4_i.cur,C:\WINDOWS\cursors\size3_i.cur,C:\WINDOWS\cursors\size2_i.cur,C:\WINDOWS\cursors\size1_i.cur,C:\WINDOWS\cursors\move_i.cur,C:\WINDOWS\cursors\up_i.cur"
"ײ\5\x5c1\5ׂ\5\xf88d\5\xf891\5 ?נ\5װ\5ס\5\xf88f\5\xf88d\5\xf891\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5)?"="C:\WINDOWS\cursors\arrow_im.cur,C:\WINDOWS\cursors\help_im.cur,C:\WINDOWS\cursors\wait_im.cur,C:\WINDOWS\cursors\busy_im.cur,C:\WINDOWS\cursors\cross_im.cur,C:\WINDOWS\cursors\beam_im.cur,C:\WINDOWS\cursors\pen_im.cur,C:\WINDOWS\cursors\no_im.cur,C:\WINDOWS\cursors\size4_im.cur,C:\WINDOWS\cursors\size3_im.cur,C:\WINDOWS\cursors\size2_im.cur,C:\WINDOWS\cursors\size1_im.cur,C:\WINDOWS\cursors\move_im.cur,C:\WINDOWS\cursors\up_im.cur"
"ײ\5\x5c1\5ׂ\5\xf88d\5\xf891\5 ?נ\5װ\5ס\5\xf88f\5\xf88d\5\xf891\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5 ?\xf892\5\x5c0\5ס\5\x5c3\5)?"="C:\WINDOWS\cursors\arrow_il.cur,C:\WINDOWS\cursors\help_il.cur,C:\WINDOWS\cursors\wait_il.cur,C:\WINDOWS\cursors\busy_il.cur,C:\WINDOWS\cursors\cross_il.cur,C:\WINDOWS\cursors\beam_il.cur,C:\WINDOWS\cursors\pen_il.cur,C:\WINDOWS\cursors\no_il.cur,C:\WINDOWS\cursors\size4_il.cur,C:\WINDOWS\cursors\size3_il.cur,C:\WINDOWS\cursors\size2_il.cur,C:\WINDOWS\cursors\size1_il.cur,C:\WINDOWS\cursors\move_il.cur,C:\WINDOWS\cursors\up_il.cur"
"ׁ\5\x5f4\5׀\5\x5c3\5״\5\x5f4\5\xf88d\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5)?"="C:\WINDOWS\cursors\arrow_m.cur,C:\WINDOWS\cursors\help_m.cur,C:\WINDOWS\cursors\wait_m.cur,C:\WINDOWS\cursors\busy_m.cur,C:\WINDOWS\cursors\cross_m.cur,C:\WINDOWS\cursors\beam_m.cur,C:\WINDOWS\cursors\pen_m.cur,C:\WINDOWS\cursors\no_m.cur,C:\WINDOWS\cursors\size4_m.cur,C:\WINDOWS\cursors\size3_m.cur,C:\WINDOWS\cursors\size2_m.cur,C:\WINDOWS\cursors\size1_m.cur,C:\WINDOWS\cursors\move_m.cur,C:\WINDOWS\cursors\up_m.cur"
"ׁ\5\x5f4\5׀\5\x5c3\5״\5\x5f4\5\xf88d\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5 ?\xf892\5\x5c0\5ס\5\x5c3\5)?"="C:\WINDOWS\cursors\arrow_l.cur,C:\WINDOWS\cursors\help_l.cur,C:\WINDOWS\cursors\wait_l.cur,C:\WINDOWS\cursors\busy_l.cur,C:\WINDOWS\cursors\cross_l.cur,C:\WINDOWS\cursors\beam_l.cur,C:\WINDOWS\cursors\pen_l.cur,C:\WINDOWS\cursors\no_l.cur,C:\WINDOWS\cursors\size4_l.cur,C:\WINDOWS\cursors\size3_l.cur,C:\WINDOWS\cursors\size2_l.cur,C:\WINDOWS\cursors\size1_l.cur,C:\WINDOWS\cursors\move_l.cur,C:\WINDOWS\cursors\up_l.cur"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\GrpConv\MapGroups]
"\xf892\5\5\x5f3\5׳\5\xf88d\5\xf891\5"="גײט\י׳ח"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35CD480D-16FA-F999-65D5-8534217FF352}]

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\\Program Files\\eMule\\emule.exe"="H:\\Program Files\\eMule\\emule.exe:*:Enabled:TLN eMule MOD v6.0 [v0.47a]"
"C:\\Program Files\\eMule XvooM 3.0\\eMule XvooM 3.0.exe"="C:\\Program Files\\eMule XvooM 3.0\\eMule XvooM 3.0.exe:*:Enabled:eMule"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\WebTV\\webtv.exe"="C:\\Program Files\\WebTV\\webtv.exe:*:Enabled:webtv"
"C:\\Program Files\\Spikko\\SpikkoPhone.exe"="C:\\Program Files\\Spikko\\SpikkoPhone.exe:*:Enabled: "
"C:\\Program Files\\RayV\\RayV\\RayV.exe"="C:\\Program Files\\RayV\\RayV\\RayV.exe:*:Enabled:RayV"
"C:\\Program Files\\ooVoo\\ooVoo.exe"="C:\\Program Files\\ooVoo\\ooVoo.exe:*:Enabled:ooVoo"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Yahoo!J\\Messenger\\YPagerj.exe"="C:\\Program Files\\Yahoo!J\\Messenger\\YPagerj.exe:*:Enabled:Yahoo!???????"
"C:\\Program Files\\Yahoo!J\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!J\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\WinFtp Server\\WFTPSRV.exe"="C:\\Program Files\\WinFtp Server\\WFTPSRV.exe:*:Enabled:WinFtp Server"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Wed 31 Jul 2002 100 ..SH. --- "C:\WINDOWS\WSYS049.SYS"
Sun 17 Feb 2008 38,912 ...H. --- "C:\Documents and Settings\Owner\™…Œ‡ „’…ƒ„\~WRL0629.tmp"
Tue 19 Feb 2008 37,376 ...H. --- "C:\Documents and Settings\Owner\™…Œ‡ „’…ƒ„\~WRL0939.tmp"
Sat 15 Dec 2007 34,304 ...H. --- "C:\Documents and Settings\Owner\™…Œ‡ „’…ƒ„\~WRL3108.tmp"
Tue 12 Feb 2008 24,064 ...H. --- "C:\Documents and Settings\Owner\™…Œ‡ „’…ƒ„\~WRL3220.tmp"
Fri 13 Jun 2008 27,136 A..H. --- "C:\Documents and Settings\Owner\My Documents\~WRL2239.tmp"
Wed 27 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 15 Oct 2007 54,272 ...H. --- "C:\Documents and Settings\Owner\™…Œ‡ „’…ƒ„\caoching\~WRL0001.tmp"
Wed 30 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\734c918b43359bcdbde50b62df605e5f\BITF.tmp"
Sun 17 Feb 2008 36,352 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL3693.tmp"

Finished!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP