Thread: Help - Win32:SecBar-B, Win32:Tiny-JC, dday.dll
View Single Post
Old 12-03-2007, 03:08 PM   #4 (permalink)
wildkingcobra
Registered User
 
wildkingcobra's Avatar
 
Join Date: Dec 2007
Location: Sydney - Australia
Posts: 15
OS: XP SP2


EEK! Re: Help - Win32:SecBar-B, Win32:Tiny-JC, dday.dll
Hello TheBruce1
Firstly a huge THANK YOU for your willingness to help.

I downloaded the dss package and ran it. It came up with a few strange windows - it was trying to install my MYOB accounting package and not able to find install CD's(www.myob.com.au).... so I hit cancel on those windows and dss seemed to progress on its way. During it's information collecting AVAST alarm went off with the following:
C:\windows\system32\gcgqcixc.exe
Win32:Tiny-JC
and a second time with
c:\windows\system32\unidskkt.dll
Win32:ConHook-CF

I moved these two items to the Avast CHEST.

The Deckards Main.txt follows

Deckard's System Scanner v20071014.68
Run by SHS on 2007-12-04 08:47:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
110: 2007-12-03 21:47:38 UTC - RP110 - Deckard's System Scanner Restore Point
109: 2007-12-03 06:05:14 UTC - RP109 - System Checkpoint
108: 2007-12-02 00:20:44 UTC - RP108 - System Checkpoint
107: 2007-12-01 00:00:38 UTC - RP107 - Software Distribution Service 3.0
106: 2007-11-30 23:58:45 UTC - RP106 - System Checkpoint


-- First Restore Point --
1: 2007-11-29 06:55:52 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as SHS.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:04 AM, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Free Download Manager\fum\fum.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\SHS\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SHS.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {162C6BC2-E852-4D45-B139-E8A6737F1054} - C:\WINDOWS\system32\khfccyy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {9EC29433-05F3-4EEA-A92B-D67855471909} - C:\WINDOWS\system32\ddayy.dll
O2 - BHO: {2f7faf81-3504-df88-bfa4-d7b7351a0b1c} - {c1b0a153-7b7d-4afb-88fd-405318faf7f2} - C:\WINDOWS\system32\uflcgjjd.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [887f99b3] rundll32.exe "C:\WINDOWS\system32\sxvgvkwn.dll",b
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1188817036593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188817027671
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify: khfccyy - C:\WINDOWS\SYSTEM32\khfccyy.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

--
End of file - 8154 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071202-200028-589 O4 - HKLM\..\Run: [887f99b3] rundll32.exe "C:\WINDOWS\system32\yypofmad.dll",b
backup-20071202-200123-284 O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ghttqchy.exe (file missing)

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes; CDRTools>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 DomainService - c:\windows\system32\ghttqchy.exe /service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-09-24 1035 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-04 and 2007-12-04 -----------------------------

2007-12-03 13:20:33 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-03 11:21:46 76864 --a------ C:\WINDOWS\system32\uflcgjjd.dll
2007-12-03 11:13:26 85056 --a------ C:\WINDOWS\system32\sxvgvkwn.dll
2007-12-02 11:43:28 78400 --a------ C:\WINDOWS\system32\tpdqxbix.dll
2007-12-02 11:41:28 85056 --a------ C:\WINDOWS\system32\yypofmad.dll
2007-12-02 11:39:54 0 --a------ C:\WINDOWS\system32\gcgqcixc.exe
2007-12-02 11:37:38 0 --a------ C:\WINDOWS\system32\uridskkt.dll
2007-12-02 11:00:19 71232 --a------ C:\WINDOWS\system32\rgwmgpsq.exe <Not Verified; ; DDC>
2007-12-01 16:17:44 0 d-------- C:\VundoFix Backups
2007-12-01 15:22:32 0 d-------- C:\Documents and Settings\SHS\Application Data\Grisoft
2007-12-01 15:22:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-01 15:10:24 0 d-------- C:\Program Files\Trend Micro
2007-12-01 14:39:19 0 dr-h----- C:\Documents and Settings\SHS\Recent
2007-12-01 1417 0 d-------- C:\Documents and Settings\SHS\.housecall6.6
2007-12-01 13:55:35 0 d-------- C:\WINDOWS\pss
2007-12-01 11:01:40 78912 --a------ C:\WINDOWS\system32\beqomain.dll
2007-11-29 19:25:37 0 d-------- C:\Documents and Settings\SHS\Application Data\DivX
2007-11-29 19:09:17 0 d-------- C:\Documents and Settings\All Users\Application Data\ALM
2007-11-29 19:08:11 0 d-------- C:\Program Files\Bonjour
2007-11-29 18:49:21 0 d-------- C:\WINDOWS\system32\appmgmt
2007-11-29 18:43:58 0 d-------- C:\Program Files\MagicISO
2007-11-29 17:55:41 190809 --ahs---- C:\WINDOWS\system32\yyadd.ini2
2007-11-29 17:55:36 333408 --a------ C:\WINDOWS\system32\ddayy.dll
2007-11-29 17:50:33 36352 --a------ C:\WINDOWS\system32\khfccyy.dll
2007-11-29 17:37:20 0 d-------- C:\Program Files\PowerISO
2007-11-29 17:24:09 0 d-------- C:\Program Files\DivX
2007-11-28 22:25:12 1353 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-11-27 19:25:13 0 d-------- C:\Program Files\eBay
2007-11-27 19:25:13 0 d-------- C:\Documents and Settings\All Users\eBay
2007-11-25 17:10:06 0 d-------- C:\Documents and Settings\SHS\Application Data\FileZilla
2007-11-25 17:09:38 0 d-------- C:\Program Files\FileZilla Client
2007-11-24 16:36:21 0 d-------- C:\Documents and Settings\SHS\Application Data\Easy Thumbnails
2007-11-24 16:36:14 0 d-------- C:\Program Files\Easy Thumbnails


-- Find3M Report ---------------------------------------------------------------

2007-12-04 08:50:37 0 d-------- C:\Documents and Settings\SHS\Application Data\Free Download Manager
2007-12-01 16:22:49 0 d-------- C:\Program Files\Free Download Manager
2007-11-29 21:33:11 0 d-------- C:\Documents and Settings\SHS\Application Data\Adobe
2007-11-29 19:08:06 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-27 19:26:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-25 20:22:30 0 d-------- C:\Documents and Settings\SHS\Application Data\gtk-2.0
2007-11-23 15:07:14 0 d-------- C:\Program Files\Powerbullet
2007-11-23 14:55:27 14317 --a------ C:\Program Files\Shower Therm Front 28c (211 x 451).jpg
2007-10-31 21:09:49 0 d-------- C:\Program Files\Common Files
2007-10-31 21:09:49 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-10-29 22:44:02 0 d-------- C:\Program Files\7-Zip
2007-10-27 12:37:01 0 d-------- C:\Documents and Settings\SHS\Application Data\Macromedia
2007-10-22 10:02:06 0 d-------- C:\Program Files\Java
2007-10-20 11:56:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 11:54:28 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-10-20 11:54:12 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-10-20 11:54:12 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-20 11:54:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-20 11:54:10 739840 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-18 20:02:34 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-10-15 1621 1565 --a------ C:\WINDOWS\mozver.dat
2007-10-12 11:52:24 1044480 -ra------ C:\WINDOWS\system32\roboex32.dll <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9.2>
2007-10-12 11:52:24 49152 -ra------ C:\WINDOWS\system32\inetwh32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2007-10-09 11:48:59 0 d-------- C:\Program Files\Yahoo!
2007-10-07 17:49:13 0 d-------- C:\Program Files\MSXML 6.0
2007-10-06 20:52:06 0 d-------- C:\Program Files\Inkscape
2007-10-06 20:50:07 0 d-------- C:\Documents and Settings\SHS\Application Data\Bullzip
2007-10-06 20:49:27 0 d-------- C:\Program Files\Bullzip
2007-10-06 20:48:27 0 d-------- C:\Program Files\gs
2007-10-06 20:44:40 0 d-------- C:\Program Files\Acro Software
2007-09-26 12:12:34 200704 --a------ C:\WINDOWS\system32\bzpdf.dll <Not Verified; BullZip; BullZip PDF Writer>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{162C6BC2-E852-4D45-B139-E8A6737F1054}]
29/11/2007 05:50 PM 36352 --a------ C:\WINDOWS\system32\khfccyy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9EC29433-05F3-4EEA-A92B-D67855471909}]
29/11/2007 05:55 PM 333408 --a------ C:\WINDOWS\system32\ddayy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c1b0a153-7b7d-4afb-88fd-405318faf7f2}]
03/12/2007 11:21 AM 76864 --a------ C:\WINDOWS\system32\uflcgjjd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [28/11/2005 04:55 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [28/11/2005 04:52 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [28/11/2005 04:55 PM]
"RTHDCPL"="RTHDCPL.EXE" [14/11/2006 08:21 PM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 09:04 PM C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 09:43 PM C:\WINDOWS\Alcmtr.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [26/10/2007 01:20 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 12:50 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 02:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 07:24 AM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [07/08/2007 11:05 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 08:25 PM]
"887f99b3"="C:\WINDOWS\system32\sxvgvkwn.dll" [03/12/2007 11:13 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [01/09/2007 12:13 AM]
"Free Upload Manager"="C:\Program Files\Free Download Manager\fum\fum.exe" [29/07/2007 09:13 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [3/08/2007 12:10:00 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{162C6BC2-E852-4D45-B139-E8A6737F1054}"= C:\WINDOWS\system32\khfccyy.dll [29/11/2007 05:50 PM 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfccyy]
khfccyy.dll 29/11/2007 05:50 PM 36352 C:\WINDOWS\system32\khfccyy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddayy.dll




-- End of Deckard's System Scanner: finished at 2007-12-04 08:51:18 ------------
Thanks a million in advance
wildkingcobra
Attached Files
File Type: txt extra.txt (16.1 KB, 2 views)
wildkingcobra is offline