Thread: Help
View Single Post
Old 08-07-2007, 09:16 AM   #1 (permalink)
wcoleman
Registered User
 
Join Date: Aug 2007
Posts: 9
OS: xp


Help
Could someone please help?


Deckard's System Scanner v20070804.61
Run by SERVICE DIRECTOR on 2007-08-07 at 10:52:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as SERVICE DIRECTOR.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:51 AM, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\SERVICE DIRECTOR\Desktop\anti virus\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SERVICE DIRECTOR.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\efcddbc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {621CB9E4-F0B2-47DF-833C-F4CDAA925184} - C:\Program Files\MSN Gaming Zone\meso2.dll
O2 - BHO: (no name) - {68DFA3C0-332B-19FA-7C02-4DB67F3DF0CD} - (no file)
O2 - BHO: 0 - {8B3C74D6-15DB-48C7-B19D-91A04343B657} - C:\Program Files\Windows NT\qufaxy.dll (file missing)
O2 - BHO: (no name) - {C525B337-45F3-4F8E-A69F-908DA829A5B5} - C:\Program Files\MSN Gaming Zone\meso4444.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\xglbrdkh.dll
O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\dnsersnd.dll (file missing)
O2 - BHO: (no name) - {F9D8BB38-3C69-4A70-8953-8C47DEB2CDF6} - C:\Program Files\MSN Gaming Zone\meso83122.dll (file missing)
O2 - BHO: (no name) - {FB6748C1-2752-4FD8-A75E-ABC3FAC209CA} - C:\WINDOWS\system32\ddaby.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WinCore32.exe] C:\WINDOWS\system32\WinCore32.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [DCOM Server 20509] rundll32.exe "C:\Documents and Settings\LocalService\Application Data\Microsoft\jqtwb.dll",run (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [irdmelt] 4E7.tmp (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: E-mail.lnk = ?
O4 - Global Startup: NETWORKLOGON.BAT
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: AdobeControl - http://www.lennoxdavenet.net/webdynp...obeControl.CAB
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://www.asdealernet.com/EBiz/App...Apps/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documents\Settings\bot.dll
O20 - Winlogon Notify: ddaby - C:\WINDOWS\system32\ddaby.dll
O20 - Winlogon Notify: efcddbc - C:\WINDOWS\SYSTEM32\efcddbc.dll
O21 - SSODL: FyLIyVw - {583CE3E0-F296-494A-40FA-ADC075B474C2} - C:\WINDOWS\system32\kha.dll (file missing)
O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - C:\WINDOWS\system32\pkuh.dll
O22 - SharedTaskScheduler: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - C:\WINDOWS\system32\pkuh.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Crystal Query Server - Unknown owner - C:\Program Files\Seagate Software\Query Server\querysrv.exe
O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\lipjnaw.exe (file missing)

--
End of file - 8138 bytes

-- Files created between 2007-07-07 and 2007-08-07 -----------------------------

2007-08-07 10:53:17 0 d-------- C:\Program Files\Trend Micro
2007-08-07 10:45:57 2758 --a------ C:\WINDOWS\system32\windows_log_328680
2007-08-07 10:44:17 73376 --a------ C:\WINDOWS\system32\windows_log_328059
2007-08-07 10:35:38 84241 --a------ C:\WINDOWS\system32\windows_log_324438
2007-08-07 10:33:53 21312 --a------ C:\WINDOWS\choice.exe
2007-08-07 10:05:52 3250 --a------ C:\WINDOWS\system32\windows_log_303933
2007-08-07 09:53:07 204 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2007-08-07 09:53:07 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware>
2007-08-07 09:47:46 8730 --a------ C:\WINDOWS\system32\windows_log_309235
2007-08-07 09:18:43 0 d-------- C:\ie-spyad
2007-08-07 09:15:42 0 d-------- C:\Program Files\SpywareBlaster
2007-08-07 09:07:30 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-07 08:34:30 67120 --a------ C:\WINDOWS\system32\windows_log_264434
2007-08-07 08:27:53 69184 --a------ C:\WINDOWS\system32\xglbrdkh.dll
2007-08-07 08:19:26 56345 --a------ C:\WINDOWS\system32\windows_log_279913
2007-08-06 17:18:06 61090 --a------ C:\WINDOWS\system32\windows_log_130515
2007-08-06 17:09:44 75366 --a------ C:\WINDOWS\system32\windows_log_94804
2007-08-06 16:25:11 0 d-------- C:\Program Files\Windows Defender
2007-08-06 16:13:15 55497 --a------ C:\WINDOWS\system32\windows_log_95217
2007-08-06 15:59:51 50361 --a------ C:\WINDOWS\system32\windows_log_113741
2007-08-06 15:52:39 0 d-------- C:\WINDOWS\network diagnostic
2007-08-06 15:51:28 53059 --a------ C:\WINDOWS\system32\windows_log_101592
2007-08-06 15:29:41 64342 --a------ C:\WINDOWS\system32\windows_log_6359
2007-08-06 13:43:15 27322 --a------ C:\WINDOWS\system32\windows_log_68012
2007-08-06 13:23:44 72137 --a------ C:\WINDOWS\system32\windows_log_34141
2007-08-06 10:45:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-06 09:40:56 0 d-------- C:\Documents and Settings\SERVICE DIRECTOR\Application Data\Grisoft
2007-08-06 08:14:37 0 --a------ C:\WINDOWS\tahtyemkme.exe
2007-08-06 08:14:29 1725075 ---hs---- C:\WINDOWS\system32\ybadd.bak2
2007-08-06 08:14:24 72731 --a------ C:\WINDOWS\jugjuygbt.exe
2007-08-03 18:07:20 48423 --a------ C:\WINDOWS\hntrguytr_exe.vir
2007-08-03 18:07:20 47140 --a------ C:\WINDOWS\esagtrhtr.exe
2007-08-03 17:59:13 0 --a------ C:\WINDOWS\system32\windows_log_0
2007-08-03 17:53:56 169984 --a------ C:\WINDOWS\system32\pkuh.dll
2007-08-03 17:53:18 20171 --a------ C:\WINDOWS\system32\21531871841.dll
2007-08-03 17:38:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2007-08-03 17:38:54 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2007-08-03 17:28:58 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMonitor
2007-08-03 17:28:54 79872 --a------ C:\WINDOWS\system32\drivers\FOPN.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2007-08-03 17:28:41 0 d-------- C:\Program Files\Common Files\WinAntiSpyware 2007
2007-08-03 17:28:39 0 d-------- C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007
2007-08-03 17:27:37 6467 ---hs---- C:\WINDOWS\system32\ybadd.bak1
2007-08-03 17:27:18 228960 -----n--- C:\WINDOWS\system32\ddaby.dll
2007-08-03 17:24:18 169984 --a------ C:\WINDOWS\system32\qjwcee.dll
2007-08-03 17:24:18 20171 --a------ C:\WINDOWS\system32\21241849641.dll
2007-08-03 17:23:43 10 --a------ C:\WINDOWS\system32\kr_done1
2007-08-03 17:23:40 155648 --a------ C:\WINDOWS\system32\WinCore32.exe
2007-08-03 17:23:24 0 dr------- C:\Documents and Settings\LocalService\Favorites
2007-08-03 17:23:17 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2007-08-03 17:23:14 31681 --a------ C:\WINDOWS\system32\vedxga4m1et4.exe
2007-08-03 17:23:09 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2007-08-03 17:23:06 0 d-------- C:\Documents and Settings\NetworkService\Start Menu
2007-08-03 17:23:03 16384 --a------ C:\WINDOWS\system32\vedxga3me2.exe
2007-08-03 17:23:03 8705 --a------ C:\WINDOWS\system32\vedxg4am1et2.exe
2007-08-03 17:22:54 1174796 --a------ C:\Documents and Settings\NetworkService\Application Data\Install.dat
2007-08-03 17:22:54 1174796 --a------ C:\Documents and Settings\LocalService\Application Data\Install.dat
2007-08-03 17:22:53 9591 --a------ C:\WINDOWS\system32\dllh8jkd1q7.exe
2007-08-03 17:22:52 9591 --a------ C:\WINDOWS\system32\dllh8jkd1q6.exe
2007-08-03 17:22:52 0 d-------- C:\Program Files\?ystem
2007-08-03 17:22:51 9591 --a------ C:\WINDOWS\system32\dllh8jkd1q5.exe
2007-08-03 17:22:51 23927 --a------ C:\WINDOWS\system32\dllh8jkd1q2.exe
2007-08-03 17:22:50 6519 --a------ C:\WINDOWS\system32\dllh8jkd1q1.exe
2007-08-03 17:22:46 15 --a------ C:\WINDOWS\system32\dllh8jkd1q8.exe
2007-08-03 17:22:43 929 --a------ C:\WINDOWS\system32\winpfz32.sys
2007-08-03 17:22:40 12289 --a------ C:\WINDOWS\system32\kernelwind32.exe
2007-08-03 17:22:31 169147 --a------ C:\WINDOWS\TTC-4444.exe
2007-08-03 17:22:26 30208 --a------ C:\WINDOWS\csrss.exe <Not Verified; TSoft; csrss>
2007-08-03 17:22:24 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2007-08-03 17:22:24 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-08-03 17:22:16 0 d-------- C:\WINDOWS\system32\b06FdUe
2007-08-03 17:22:16 536352 -r-hs---- C:\WINDOWS\lipjnawA.exe <Not Verified; System Service; System Monitor Service>
2007-08-03 17:22:10 0 d-------- C:\WINDOWS\system32\win
2007-08-03 17:22:10 0 d-------- C:\WINDOWS\system32\W3
2007-08-03 17:22:10 0 d-------- C:\WINDOWS\system32\E5
2007-08-03 17:22:10 0 d-------- C:\WINDOWS\system32\C9
2007-08-03 17:22:10 0 d-------- C:\WINDOWS\system32\C5
2007-08-03 17:22:10 0 d-------- C:\WINDOWS\system32\C3
2007-08-03 17:22:10 0 d-------- C:\WINDOWS\system32\C1
2007-08-03 17:22:07 31254 -----n--- C:\WINDOWS\system32\efcddbc.dll
2007-08-03 17:22:07 0 d-------- C:\WINDOWS\system32\b02FdUe
2007-08-03 17:22:07 0 d-------- C:\Temp
2007-07-17 11:27:12 56320 --a------ C:\WINDOWS\b122.exe


-- Find3M Report ---------------------------------------------------------------

2007-08-07 10:12:44 0 d-------- C:\Program Files\MSN Gaming Zone
2007-08-07 10:10:16 0 d-------- C:\Program Files\Messenger
2007-08-07 10:08:43 0 d-------- C:\Program Files\Digital Line Detect
2007-08-06 09:44:22 0 d-------- C:\Program Files\Windows NT
2007-08-06 09:11:47 0 d-------- C:\Program Files\Dell
2007-08-06 09:09:46 0 d-------- C:\Program Files\Common Files
2007-08-03 18:02:00 0 d-------- C:\Program Files\?ystem
2007-08-03 17:22:40 16 --a------ C:\Documents and Settings\SERVICE DIRECTOR\Application Data\.rdr.ini
2007-06-25 09:54:32 53248 --a------ C:\WINDOWS\uni_eh44.exe <Not Verified; ; uni_eh44.exe>
2007-06-25 09:53:26 53248 --a------ C:\WINDOWS\uninst1014.exe <Not Verified; ; uninst1016>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3964D8D6-86D0-493A-B460-A805B5401114}]
08/03/2007 05:22 PM 31254 --------- C:\WINDOWS\system32\efcddbc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{621CB9E4-F0B2-47DF-833C-F4CDAA925184}]
08/02/2007 09:43 AM 282624 --a------ C:\Program Files\MSN Gaming Zone\meso2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68DFA3C0-332B-19FA-7C02-4DB67F3DF0CD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B3C74D6-15DB-48C7-B19D-91A04343B657}]
C:\Program Files\Windows NT\qufaxy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C525B337-45F3-4F8E-A69F-908DA829A5B5}]
08/02/2007 09:43 AM 282624 --a------ C:\Program Files\MSN Gaming Zone\meso4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
08/07/2007 08:27 AM 69184 --a------ C:\WINDOWS\system32\xglbrdkh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9D8BB38-3C69-4A70-8953-8C47DEB2CDF6}]
C:\Program Files\MSN Gaming Zone\meso83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB6748C1-2752-4FD8-A75E-ABC3FAC209CA}]
08/03/2007 05:27 PM 228960 --------- C:\WINDOWS\system32\ddaby.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 02:01 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/05/2005 09:05 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/07/2006 07:52 PM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 11:32 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 05:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Brave-Sentry"=C:\Program Files\BraveSentry\BraveSentry.exe
"WinPop"=C:\Program Files\WinPop\winpop.exe

C:\Documents and Settings\SERVICE DIRECTOR\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [6/7/2006 7:49:35 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"Wallpaper"=C:\WINDOWS\desktop.html

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304B20509}"= C:\WINDOWS\system32\pkuh.dll [08/03/2007 05:53 PM 169984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3964D8D6-86D0-493A-B460-A805B5401114}"= C:\WINDOWS\system32\efcddbc.dll [08/03/2007 05:22 PM 31254]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"FyLIyVw"= {583CE3E0-F296-494A-40FA-ADC075B474C2} - C:\WINDOWS\system32\kha.dll [ ]
"DCOM Server 20509"= {2C1CD3D7-86AC-4068-93BC-A02304B20509} - C:\WINDOWS\system32\pkuh.dll [08/03/2007 05:53 PM 169984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\botreg]
C:\Documents and Settings\All Users\Documents\Settings\bot.dll 08/03/2007 05:53 PM 12579 C:\Documents and Settings\All Users\Documents\Settings\bot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddaby]
C:\WINDOWS\system32\ddaby.dll 08/03/2007 05:27 PM 228960 C:\WINDOWS\system32\ddaby.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcddbc]
efcddbc.dll 08/03/2007 05:22 PM 31254 C:\WINDOWS\system32\efcddbc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll 01/12/2007 06:45 PM 10800 C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= c:\windows\system32\ldcore.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^SERVICE DIRECTOR^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\SERVICE DIRECTOR\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^SERVICE DIRECTOR^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\SERVICE DIRECTOR\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blwquest]
C:\WINDOWS\system32\schehwcq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Brave-Sentry]
C:\Program Files\BraveSentry\BraveSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\certds]
C:\WINDOWS\system32\cncersh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cseswp]
ipsaaykr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dsiknd]
C:\WINDOWS\system32\nbkdms.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
C:\WINDOWS\system32\rwintmdt.exe SKY009

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g4356cbvy63]
C:\WINDOWS\g4356cbvy63

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMyPC]
C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\irdmelt]
comeclvh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ismdoc]
C:\WINDOWS\system32\schlfuot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jsispsl]
C:\WINDOWS\system32\jdnems.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lipjnawA]
C:\WINDOWS\lipjnawA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBInstall]
C:\DOCUME~1\SERVIC~1\LOCALS~1\Temp\MBDownloader_876919.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu27.exe 61A847B5BBF72810358B2B27128065E9C084320161C4661227A755E9C2933154389A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
"C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service Pack 1]
C:\WINDOWS\system32\vedxg6ame4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
C:\WINDOWS\system32\kernelwind32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tyld]
"C:\Program Files\?ystem\?hkdsk.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uaol]
"C:\PROGRA~1\COMMON~1\ASEMBL~1\wuaclt.exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
C:\Program Files\Web Buying\v1.8.0\webbuying.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinCore32.exe]
C:\WINDOWS\system32\WinCore32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{CE-E3-3D-DF-ZN}]
c:\windows\system32\lsdsregr.exe SKY009

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Browser"=2 (0x2)
"BITS"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- End of Deckard's System Scanner: finished at 2007-08-07 at 10:54:37 ---------
Attached Files
File Type: txt Activescan.txt (17.6 KB, 0 views)
File Type: txt extra.txt (14.2 KB, 0 views)
File Type: txt main.txt (26.3 KB, 1 views)
Last edited by sUBs; 08-07-2007 at 09:56 AM.
wcoleman is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here