Thread: HJT help!
View Single Post
Old 08-06-2007, 10:37 PM   #5 (permalink)
HoAfCr
Registered User
 
Join Date: Jun 2006
Posts: 30
OS: XP


Re: HJT help!
Deckard's System Scanner v20070804.61
Run by Kevin on 2007-08-06 at 21:29:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Kevin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:54 PM, on 8/6/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Winamp\winampa.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINNT\system32\taskmgr.exe
D:\Program Files\$$$$$$$$$$$$$$$$\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kevin.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {857A461D-8D96-4996-A4A0-AEA0A2535B86} - C:\WINNT\system32\efcccdd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B233F9B9-8058-49FC-9386-E12FB2E207BC} - C:\WINNT\system32\gebcd.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINNT\system32\qkydqqjm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - D:\Program Files\Bodog Poker\BPGame.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1175971104859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1175972679609
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: efcccdd - C:\WINNT\SYSTEM32\efcccdd.dll
O20 - Winlogon Notify: gebcd - C:\WINNT\system32\gebcd.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 1: Google Advanced Search - http://www.google.com/advanced_search?hl=en

--
End of file - 8837 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 StarOpen - c:\winnt\system32\drivers\staropen.sys
R3 NaiAvFilter1 - c:\winnt\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>

S3 XDva004 - c:\winnt\system32\xdva004.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_10DE&DEV_00E8&SUBSYS_34011019&REV_A2\3&13C0B0C5&0&12
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_10DE&DEV_00E8&SUBSYS_34011019&REV_A2\3&13C0B0C5&0&12
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_05741317&REV_11\4&3191A3E6&0&4870
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_05741317&REV_11\4&3191A3E6&0&4870
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_00E0&SUBSYS_33830EE4&REV_04\4&3191A3E6&0&5270
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_00E0&SUBSYS_33830EE4&REV_04\4&3191A3E6&0&5270
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-08-01 16:18:01 284 --a------ C:\WINNT\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-07-06 and 2007-08-06 -----------------------------

2007-08-06 21:11:43 0 d-------- C:\WINNT\system32\ActiveScan
2007-08-06 16:03:15 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_454.dat
2007-08-06 15:25:31 0 d-------- C:\Program Files\Trend Micro
2007-08-06 03:48:47 125504 --a------ C:\WINNT\system32\opqfyrff.dll
2007-08-06 03:45:47 4672 --a------ C:\WINNT\system32\xjhuautm.exe
2007-08-06 03:42:47 4672 --a------ C:\WINNT\system32\ckcrhbuc.exe
2007-08-06 02:48:48 4672 --a------ C:\WINNT\system32\bvenrovp.exe
2007-08-06 02:40:18 4672 --a------ C:\WINNT\system32\sluclkqk.exe
2007-08-05 16:08:54 0 d-------- C:\Documents and Settings\Kevin\Application Data\SopCast
2007-08-05 16:08:53 0 d-------- C:\Program Files\SopCast
2007-08-05 12:38:06 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_434.dat
2007-08-05 12:33:02 0 d-------- C:\Documents and Settings\Kevin\.housecall6.6
2007-08-05 11:56:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-05 02:46:08 4672 --a------ C:\WINNT\system32\ksvcgjwn.exe
2007-08-05 02:43:11 125504 --a------ C:\WINNT\system32\qrucqflq.dll
2007-08-05 02:37:08 4672 --a------ C:\WINNT\system32\sjngxyve.exe
2007-08-04 13:02:49 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_400.dat
2007-08-04 02:38:05 125504 --a------ C:\WINNT\system32\sbpetcme.dll
2007-08-04 02:38:01 4672 --a------ C:\WINNT\system32\ckeuccal.exe
2007-08-04 02:35:09 4672 --a------ C:\WINNT\system32\atfvoghd.exe
2007-08-03 13:29:28 125504 --a------ C:\WINNT\system32\rqyxceym.dll
2007-08-03 02:43:57 69184 --a------ C:\WINNT\system32\qkydqqjm.dll
2007-08-03 02:40:55 4672 --a------ C:\WINNT\system32\eyaldsjf.exe
2007-08-03 02:36:50 66112 --a------ C:\WINNT\system32\ciqpkbux.exe
2007-08-03 02:35:13 4672 --a------ C:\WINNT\system32\nwnhuqgr.exe
2007-08-03 02:33:32 1767512 ---hs---- C:\WINNT\system32\dcbeg.bak2
2007-07-29 12:08:32 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_428.dat
2007-07-26 13:38:55 0 d-------- C:\Documents and Settings\Kevin\Application Data\Stamps.com Internet Postage
2007-07-26 13:36:36 0 d-a------ C:\Program Files\Stamps.com Internet Postage
2007-07-24 1406 4096 --a------ C:\WINNT\system32\crash
2007-07-23 14:11:15 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_42c.dat
2007-07-21 15:23:15 266336 --a------ C:\WINNT\system32\gebcd.dll
2007-07-21 15:18:09 31254 -----n--- C:\WINNT\system32\efcccdd.dll
2007-07-19 03:38:09 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-16 18:35:46 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_480.dat
2007-07-15 09:55:49 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_478.dat
2007-07-10 15:00:24 0 d-------- C:\Program Files\iPod
2007-07-10 13:09:13 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_470.dat


-- Find3M Report ---------------------------------------------------------------

2007-08-06 21:04:58 0 d-------- C:\Program Files\Viewpoint
2007-07-29 20:31:06 0 d-------- C:\Documents and Settings\Kevin\Application Data\LimeWire
2007-07-26 13:41:31 0 d-------- C:\Program Files\MySpace
2007-07-26 00:38:46 0 d-------- C:\Documents and Settings\Kevin\Application Data\Yahoo!
2007-07-15 03:35:55 1018392 ---h----- C:\WINNT\ShellIconCache
2007-07-10 14:57:31 0 d-------- C:\Program Files\Apple Software Update
2007-07-05 05:05:35 0 d-------- C:\Documents and Settings\Kevin\Application Data\ZoomBrowser EX
2007-07-04 21:20:35 0 d-------- C:\Documents and Settings\Kevin\Application Data\MySpace
2007-07-04 16:44:59 0 d-------- C:\Program Files\Canon
2007-07-04 16:44:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-04 16:35:16 0 d-------- C:\Program Files\Common Files\Canon
2007-07-04 16:35:06 0 d-a------ C:\Program Files\Common Files
2007-06-22 19:02:06 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_234.dat
2007-06-22 18:53:02 109753 --a------ C:\WINNT\hpoins11.dat
2007-06-22 18:52:47 0 d-------- C:\Program Files\Hewlett-Packard
2007-06-22 18:52:38 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-06-22 18:52:08 0 d-------- C:\Program Files\HP
2007-06-17 10:46:06 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_408.dat
2007-06-14 21:17:30 0 d-------- C:\Documents and Settings\Kevin\Application Data\Viewpoint
2007-06-11 23:32:11 0 d-------- C:\Program Files\Common Files\InstallShield
2007-06-10 17:57:15 0 d-------- C:\Program Files\AIM6
2007-06-07 22:32:24 0 d-------- C:\Documents and Settings\Kevin\Application Data\Apple Computer
2007-06-07 22:31:30 0 d-------- C:\Program Files\QuickTime
2007-06-07 04:16:22 0 d-------- C:\Documents and Settings\Kevin\Application Data\Adobe
2007-06-07 04:09:54 0 d-------- C:\Program Files\Common Files\Adobe
2007-06-07 04:08:24 2914 --a------ C:\WINNT\mozver.dat
2007-06-03 1753 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4c0.dat
2007-05-31 23:13:47 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3d0.dat
2007-05-29 18:19:08 50176 --a------ C:\WINNT\system32\reg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-05-28 23:34:10 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_444.dat
2007-05-26 18:31:08 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_430.dat
2007-05-26 17:55:51 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4a8.dat
2007-05-26 17:45:46 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_bf4.dat
2007-05-23 09:00:01 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3cc.dat
2007-05-20 14:15:51 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_398.dat
2007-05-09 02:31:25 2528 --a------ C:\Documents and Settings\Kevin\Application Data\$_hpcst$.hpc


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{857A461D-8D96-4996-A4A0-AEA0A2535B86}]
07/21/07 03:18p 31254 --------- C:\WINNT\system32\efcccdd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B233F9B9-8058-49FC-9386-E12FB2E207BC}]
07/21/07 03:23p 266336 --a------ C:\WINNT\system32\gebcd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
08/03/07 02:44a 69184 --a------ C:\WINNT\system32\qkydqqjm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 12:05p C:\WINNT\system32\mobsync.exe]
"SoundMan"="SOUNDMAN.EXE" [11/17/06 05:42a C:\WINNT\soundman.exe]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/29/03 07:10a]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [09/10/03 03:11a]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/09/07 01:02a]
"CTHelper"="CTHELPER.EXE" [08/11/06 02:56p C:\WINNT\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [08/11/06 02:56p C:\WINNT\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/07 03:43a]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/09/07 06:53p]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [04/25/07 08:44a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/07 09:41a]
"mdioccrqwd"="c:\winnt\system32\mdioccrqwd.exe" [08/01/07 12:39p]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [02/20/01 01:09p C:\WINNT\system32\CTFMON.EXE]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"@"="" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/06 12:35p]
"Aim6"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [03/12/07 01:49p]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/27/07 03:22p]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [05/25/05 12:12p]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{857A461D-8D96-4996-A4A0-AEA0A2535B86}"= C:\WINNT\system32\efcccdd.dll [07/21/07 03:18p 31254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcccdd]
efcccdd.dll 07/21/07 03:18p 31254 C:\WINNT\system32\efcccdd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcd]
C:\WINNT\system32\gebcd.dll 07/21/07 03:23p 266336 C:\WINNT\system32\gebcd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2007-08-06 at 21:31:42 ---------
Attached Files
File Type: txt extra.txt (15.1 KB, 0 views)
HoAfCr is offline