Thread: help needed with Malware takeover
View Single Post
Old 08-13-2007, 04:11 PM   #7 (permalink)
sunshine863
Registered User
 
Join Date: Aug 2007
Location: Australia
Posts: 9
OS: XP home edition


Re: help needed with Malware takeover
You guys are just terrific. Below is the log as requested along with the attach. I have also noticed that I can't use system restore as there is a missing file - 'framedyn.dll' ?Not sure if this is also part of this ....
I'll look forward to your reply
Cheers

********************************************************



Deckard's System Scanner v20070809.63
Run by Draha Pitner on 2007-08-14 at 07:42:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as Draha Pitner.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:47:16, on 14/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime Alternative\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Draha Pitner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Draha Pitner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: MSVPS System - {47C54F02-1B28-45F1-AE46-B5CDFB6E7926} - C:\WINDOWS\duocore.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Windows Update System Shell] svhostcs32.exe
O4 - HKLM\..\Run: [Windows Management] stmb32.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\RunServices: [Windows Update System Shell] svhostcs32.exe
O4 - HKLM\..\RunServices: [Windows Management] stmb32.exe
O4 - HKCU\..\Run: [Windows Management] stmb32.exe
O4 - HKCU\..\Run: [Windows Update System Shell] svhostcs32.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue Registry Booster2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\Run: [Windows Management] stmb32.exe (User '?')
O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\Run: [Windows Update System Shell] svhostcs32.exe (User '?')
O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (User '?')
O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\Run: [WebCamRT.exe] (User '?')
O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\Run: [Uniblue Registry Booster2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S (User '?')
O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe (User '?')
O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Windows Update System Shell] svhostcs32.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Windows Update System Shell] svhostcs32.exe (User 'Default user')
O4 - S-1-5-21-2732481820-3784550950-147138153-1005 Startup: .protected (User '?')
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Cordless DUALphone Startup.lnk = C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1158240005171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158277898062
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: wmpenv - {19E771C0-5F75-4691-8B1F-11855E532EF3} - C:\WINDOWS\wmpenv.dll
O21 - SSODL: wmpconf - {AAD1B5DF-F350-4664-A7C3-6525A1FF7634} - C:\WINDOWS\wmpconf.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 12102 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 ScFBPNT2 (CanoScan FBP2 Port Driver) - c:\windows\system32\drivers\scfbpnt2.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

4 NMIndexingService - c:\program files\common files\ahead\lib\nmindexingservice.exe (file missing)
2 RichVideo (Cyberlink RichVideo Service(CRVS)) - c:\program files\cyberlink\shared files\richvideo.exe
3 WmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2007-09-16 16:40:11 436 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6D791AA4-65E9-479C-9BF6-2BA8647125D1}.job
2007-08-06 09:24:00 274 --a------ C:\WINDOWS\Tasks\Backup.job
2007-04-15 09:25:50 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-07-14 and 2007-08-14 -----------------------------

2007-08-14 07:46:41 0 d-------- C:\Program Files\Trend Micro
2007-08-13 19:09:38 0 d-------- C:\Program Files\SpywareBlaster
2007-08-13 15:49:29 0 d-------- C:\WINDOWS\privacy_danger
2007-08-13 07:29:56 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-12 16:03:13 0 d-------- C:\VundoFix Backups
2007-08-11 21:12:05 0 d-------- C:\Program Files\Enigma Software Group
2007-08-10 19:55:54 188416 --a------ C:\WINDOWS\wmpenv.dll <Not Verified; ; IEXPLORE>
2007-08-10 19:55:54 221184 --a------ C:\WINDOWS\wmpconf.dll
2007-08-10 19:55:53 188416 --a------ C:\WINDOWS\duocore.dll <Not Verified; ; BhoNew Module>
2007-08-10 19:54:34 0 d-------- C:\Program Files\VideoAccessCodec
2007-07-19 15:55:09 0 d-------- C:\etax2007


-- Find3M Report ---------------------------------------------------------------

2007-09-17 08:56:29 0 d-------- C:\Program Files\Java
2007-08-14 07:28:09 0 d-------- C:\Documents and Settings\Draha Pitner\Application Data\Skype
2007-08-13 17:19:49 0 d-------- C:\Program Files\QuickTime Alternative
2007-08-13 17:15:24 0 d-------- C:\Program Files\iTunes
2007-08-13 17:13:15 0 d-------- C:\Program Files\Cordless USB Phone
2007-08-13 17:10:46 0 d-------- C:\Program Files\BigFix
2007-08-13 08:50:16 0 d-------- C:\Program Files\Messenger
2007-08-11 19:32:39 2058849 --a------ C:\ieSpellSetup251106.exe
2007-07-11 19:17:36 0 d-------- C:\Documents and Settings\Draha Pitner\Application Data\Adobe
2007-07-09 14:04:53 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-05 20:40:45 0 d-------- C:\Program Files\UserZoom
2007-06-07 19:05:12 78992 --a----c- C:\Documents and Settings\Draha Pitner\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}]
10/08/2007 03:43 188416 --a------ C:\WINDOWS\duocore.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [15/10/2002 23:18]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [16/10/2002 17:05]
"CHotkey"="mHotkey.exe" [24/07/2002 05:09 C:\WINDOWS\mHotkey.exe]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [08/10/2002 20:03]
"SoundMan"="SOUNDMAN.EXE" [15/04/2005 11:01 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [10/12/2002 17:54]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [28/07/2007 08:03]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [06/12/2005 12:08]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [24/11/2005 16:01]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [15/09/2006 13:21]
"Windows Update System Shell"="svhostcs32.exe" []
"Windows Management"="stmb32.exe" []
"NWEReboot"="" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [23/11/2006 15:10]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [05/12/2006 22:55]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 16:40]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [27/04/2007 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/06/2007 16:51]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [26/04/2007 16:04]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Management"="stmb32.exe" []
"Windows Update System Shell"="svhostcs32.exe" []
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [14/07/2000 06:00]
"WebCamRT.exe"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 17:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [01/06/2006 13:32]
"Uniblue Registry Booster2"="C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe" []
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [18/05/2007 13:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Update System Shell"=svhostcs32.exe
"Windows Management"=stmb32.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows Update System Shell"=svhostcs32.exe
"Windows Management"=stmb32.exe

C:\Documents and Settings\Draha Pitner\Start Menu\Programs\Startup\
.protected [11/08/2007 19:52:11]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
.protected [11/08/2007 19:52:11]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [27/10/2006 15:41:14]
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [26/09/2006 20:19:53]
Cordless DUALphone Startup.lnk - C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe [15/09/2006 13:35:17]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 00:01:04]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wmpenv"= {19E771C0-5F75-4691-8B1F-11855E532EF3} - C:\WINDOWS\wmpenv.dll [10/08/2007 03:43 188416]
"wmpconf"= {AAD1B5DF-F350-4664-A7C3-6525A1FF7634} - C:\WINDOWS\wmpconf.dll [10/08/2007 03:43 221184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-08-14 at 07:52:28 ---------
Attached Files
File Type: txt extra.txt (12.1 KB, 0 views)
sunshine863 is offline