Thread: Vundo Again
View Single Post
Old 12-04-2007, 04:27 AM   #1 (permalink)
mariuszca
Registered User
 
Join Date: Dec 2007
Posts: 4
OS: XP prof SP2


Vundo Again
Hallo
My McAffe 8.0 found Vundo infection about 2 week ago.
I used Symantec Trojan.Vundo Removal Tool and Windows Worms Door Cleaner to close ports and every thing seems good until yestarday.

McAffe monit me:

2007-12-03 16:05:05 Usunięte ZARZĄDZANIE NT\SYSTEM svchost.exe C:\System Volume Information\_restore{95D5ED81-2D40-489E-8862-CD184F9A099D}\RP6\A0000834.dll Vundo (Koń trojański)
2007-12-03 18:35:44 Wersja aparatu skanowania = 5.2.00
2007-12-03 18:35:44 Wersja pliku DAT = 5176
2007-12-03 18:35:44 Liczba sygnatur wirusów w pliku EXTRA.DAT = Brak
2007-12-03 18:35:44 Nazwy wirusów, które można wykryć dzięki plikowi EXTRA.DAT = Brak
2007-12-03 19:07:13 Usunięte ZARZĄDZANIE NT\SYSTEM svchost.exe C:\System Volume Information\_restore{95D5ED81-2D40-489E-8862-CD184F9A099D}\RP6\A0000836.dll Vundo (Koń trojański)

My system is WinXP prof SP2 with all updates from microsoft, I have install Spybot-SD too.
I did all 5 steps that You recomended.
Please help me with this.


main.txt
Deckard's System Scanner v20071014.68
Run by mariusz_User on 2007-12-04 11:51:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
9: 2007-12-04 10:51:36 UTC - RP9 - Deckard's System Scanner Restore Point
8: 2007-12-04 07:11:20 UTC - RP8 - Software Distribution Service 3.0
7: 2007-12-03 13:34:39 UTC - RP7 - Punkt kontrolny systemu
6: 2007-12-02 12:24:53 UTC - RP6 - Punkt kontrolny systemu
5: 2007-11-29 17:34:47 UTC - RP5 - Installed VPN Client


-- First Restore Point --
1: 2007-11-26 07:40:08 UTC - RP1 - Punkt kontrolny systemu


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as mariusz.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:22, on 2007-12-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall dla Windows XP\FireSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\taskswitch.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lenovo\NPDIRECT\NPDTray.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall dla Windows XP\FireTray.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Psi\psi.exe
C:\Program Files\MMTaskbar\MultiMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\mariusz_User\Pulpit\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\mariusz_User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://firefox.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2C80EAD3-74CD-4700-83A4-AA878CD1C03C} - (no file)
O2 - BHO: (no name) - {3ED74DAC-C3E9-45D4-950A-BDD8EF574F62} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [iyyuefcx] C:\ldckbrqw.bat
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a favorites
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NPDTRAY] C:\PROGRA~1\Lenovo\NPDIRECT\NPDTray.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Launcher.lnk = C:\Program Files\mariusz\sua.exe
O4 - Startup: Psi.lnk = C:\Program Files\Psi\psi.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe
O4 - Global Startup: Zasobnik programu McAfee Desktop Firewall.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0B47CC56-1AD0-4994-8EE2-CFB0848E1467} (ProtektorEnroll Control) - https://ra.mariusz.pl/ProtEnroll.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1194918740328
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - AppInit_DLLs: msjt3032Patch.dll
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall dla Windows XP\FireSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

--
End of file - 9581 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 FirePM (McAfee Desktop Firewall Policy Manager Driver) - c:\windows\system32\drivers\firepm.sys <Not Verified; Networks Associates Technology, Inc.; McAfee Desktop Firewall>
R1 FireTDI (McAfee Desktop Firewall TDI Driver) - c:\windows\system32\drivers\firetdi.sys <Not Verified; Networks Associates Technology, Inc.; McAfee Desktop Firewall>
R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys
R2 FireHook (McAfee Desktop Firewall Network Driver) - c:\windows\system32\drivers\firehook.sys <Not Verified; Networks Associates Technology, Inc.; McAfee Desktop Firewall>
R2 VMnetBridge (VMware Bridge Protocol) - c:\windows\system32\drivers\vmnetbridge.sys <Not Verified; VMware, Inc.; VMware bridge driver (32-bit)>
R2 VMnetuserif (VMware Network Application Interface) - c:\windows\system32\drivers\vmnetuserif.sys <Not Verified; VMware, Inc.; VMware network application interface driver (32-bit)>
R2 vmx86 (VMware vmx86) - c:\windows\system32\drivers\vmx86.sys <Not Verified; VMware, Inc.; VMware kernel driver>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 firelm01 - c:\windows\system32\drivers\firelm01.sys
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>

S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 acs (Atheros Configuration Service) - c:\windows\system32\acs.exe <Not Verified; Atheros; Atheros Configuration Service (ACS)>
R2 FireSvc (McAfee Desktop Firewall Service) - "c:\program files\network associates\mcafee desktop firewall dla windows xp\firesvc.exe" <Not Verified; Networks Associates Technology, Inc.; McAfee Desktop Firewall>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 SUService (System Update) - "c:\program files\lenovo\system update\suservice.exe" <Not Verified; Lenovo Group Limited; ThinkVantage System Update Service>
S4 TVT Scheduler - "c:\program files\common files\lenovo\scheduler\tvtsched.exe" <Not Verified; Lenovo Group Limited; tvtsched Module>
S4 VMAuthdService (VMware Authorization Service) - c:\program files\vmware\vmware workstation\vmware-authd.exe <Not Verified; VMware, Inc.; VMware Workstation>
S4 VMnetDHCP (VMware DHCP Service) - c:\windows\system32\vmnetdhcp.exe <Not Verified; VMware, Inc.; VMware Workstation>
S4 VMware NAT Service - c:\windows\system32\vmnat.exe <Not Verified; VMware, Inc.; VMware Workstation>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
Description: Kontroler hosta Texas Instruments IEEE 1394 zgodny z OHCI
Device ID: PCI\VEN_104C&DEV_803A&SUBSYS_202E17AA&REV_00\4&6B16D5B&0&01F0
Manufacturer: Texas Instruments
Name: Kontroler hosta Texas Instruments IEEE 1394 zgodny z OHCI
PNP Device ID: PCI\VEN_104C&DEV_803A&SUBSYS_202E17AA&REV_00\4&6B16D5B&0&01F0
Service: ohci1394

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATM1200\4&38462492&0
Manufacturer:
Name:
PNP Device ID: ACPI\ATM1200\4&38462492&0
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2007-11-22 20:42:19 120 --a------ C:\WINDOWS\Tasks\Critical Battery Alarm Program.job
2007-11-22 11:20:10 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-11-19 10:24:17 314 --a------ C:\WINDOWS\Tasks\PMTask.job


-- Files created between 2007-11-04 and 2007-12-04 -----------------------------

2007-12-04 10:35:40 0 d-------- C:\ie-spyad_zo
2007-12-04 10:32:56 0 d-------- C:\Program Files\SpywareBlaster
2007-12-04 09:22:23 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-04 08:11:27 0 d-------- C:\WINDOWS\LastGood
2007-12-03 16:40:46 0 d-------- C:\Program Files\Trend Micro
2007-12-02 17:17:21 0 d--h----- C:\WINDOWS\PIF
2007-11-29 18:35:41 8 --a------ C:\WINDOWS\system32\success
2007-11-29 18:34:50 135168 --a------ C:\WINDOWS\system32\vpnapi.dll
2007-11-29 18:34:48 0 d-------- C:\Program Files\Common Files\Deterministic Networks
2007-11-29 14:29:07 0 d-------- C:\Program Files\HP Product Bulletin
2007-11-28 20:27:34 376923 --a------ C:\WINDOWS\system32\wgapi.dll <Not Verified; Atheros; Atheros GUI API Library>
2007-11-28 20:27:34 344156 --a------ C:\WINDOWS\system32\wcapiU.dll <Not Verified; Atheros; Atheros Client API Library>
2007-11-28 20:27:34 364629 --a------ C:\WINDOWS\system32\acs.exe <Not Verified; Atheros; Atheros Configuration Service (ACS)>
2007-11-28 20:27:33 393216 --a------ C:\WINDOWS\system32\wcapi.dll <Not Verified; Atheros; Atheros Client API Library>
2007-11-28 20:27:33 147456 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-11-28 20:27:33 90112 --a------ C:\WINDOWS\system32\oemres.dll <Not Verified; Atheros Communications, Inc.; oemres>
2007-11-28 20:27:33 651264 --a------ C:\WINDOWS\system32\libeay32.dll
2007-11-28 20:27:33 303199 --a------ C:\WINDOWS\system32\athcfg20U.dll <Not Verified; Atheros; Atheros Configuration API Dynamic Link Library>
2007-11-28 20:27:33 114792 --a------ C:\WINDOWS\system32\athcfg20resU.dll <Not Verified; Atheros Communications, Inc.; Atheros Configuration API Res Dynamic Link Library>
2007-11-28 20:27:33 114766 --a------ C:\WINDOWS\system32\athcfg20res.dll <Not Verified; Atheros Communications, Inc.; Atheros Configuration API Res Dynamic Link Library>
2007-11-28 20:27:33 237568 --a------ C:\WINDOWS\system32\athcfg20.dll <Not Verified; Atheros; Atheros Configuration API Dynamic Link Library>
2007-11-28 20:27:33 77824 --a------ C:\WINDOWS\system32\athcfg11res.dll <Not Verified; Atheros Communications, Inc.; Atheros Configuration API Res Dynamic Link Library>
2007-11-28 20:27:33 372736 --a------ C:\WINDOWS\system32\athcfg11.dll <Not Verified; Atheros; Atheros Configuration API Dynamic Link Library>
2007-11-28 20:26:39 249925 --a------ C:\WINDOWS\system32\wsimd.dll <Not Verified; Atheros Communications, Inc.; wsimd>
2007-11-28 20:26:39 254023 --a------ C:\WINDOWS\system32\wsfwDS.dll <Not Verified; Atheros Communications, Inc.; wsfwds>
2007-11-28 20:26:39 82017 -ra------ C:\WINDOWS\system32\dsaNac.dll <Not Verified; Devicescape, Inc.; Devicescape NAC Notify DLL>
2007-11-28 20:26:39 1257566 -ra------ C:\WINDOWS\system32\dsa.dll <Not Verified; Devicescape; Devicescape Windows WPA Supplicant (Core 0.4.3)>
2007-11-28 20:26:05 118784 --a------ C:\WINDOWS\system32\ATHCFG10.DLL <Not Verified; Atheros; Atheros Configuration API Dynamic Link Library>
2007-11-22 15:13:26 0 d-------- C:\LiteStep
2007-11-22 12:16:08 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-22 11:53:03 0 d-------- C:\Rustbfix
2007-11-22 11:11:06 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-11-22 11:11:06 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-11-22 11:11:06 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-11-22 11:11:06 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-11-22 11:11:06 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-11-22 11:11:03 0 d-------- C:\Program Files\Trojan Remover
2007-11-22 09:54:20 78238146 --a------ C:\rejestr15_11_2007.reg
2007-11-20 15:14:59 0 d-------- C:\Program Files\ABBYY FineReader 9.0
2007-11-20 14:21:52 0 d-------- C:\Program Files\English Translator 3
2007-11-20 14:15:09 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-20 08:44:50 0 d-------- C:\Program Files\MMTaskbar
2007-11-19 21:35:09 0 d-------- C:\WINDOWS\system32\NtmsData
2007-11-19 19:57:56 0 d-------- C:\VundoFix Backups
2007-11-19 18:16:41 78195 --a------ C:\WINDOWS\system32\hfetxifh.dll
2007-11-19 15:09:21 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-11-19 12:52:51 0 d-------- C:\Program Files\ABBYY FineReader 8.0 Professional Edition
2007-11-19 12:20:35 44993 --a------ C:\nbhsamd.exe
2007-11-19 10:47:50 85056 --a------ C:\WINDOWS\system32\keoslgmo.dll
2007-11-19 10:47:44 77255 --a------ C:\WINDOWS\system32\diigbujh.dll
2007-11-18 12:07:39 0 d-------- C:\Program Files\Windows Defender
2007-11-17 1537 0 d-------- C:\Program Files\SkanerOnline
2007-11-17 07:08:19 0 d-------- C:\quarantine
2007-11-17 07:08:07 78195 --a------ C:\WINDOWS\system32\lehftguj.dll
2007-11-15 17:00:14 163896 --a------ C:\WINDOWS\sequencer.exe
2007-11-15 16:59:37 0 d-------- C:\Program Files\Sonic
2007-11-15 16:59:37 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-11-15 16:59:15 0 d-------- C:\WINDOWS\system32\DLA
2007-11-15 16:59:13 0 d-------- C:\Program Files\Multimedia Center for Think Offerings
2007-11-15 16:55:06 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-11-15 11:51:13 1264 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-15 11:49:52 0 d-------- C:\Program Files\PowerQuest
2007-11-15 10:22:45 0 d-------- C:\Program Files\Microsoft Bootvis
2007-11-15 08:18:05 0 d--h----- C:\WINDOWS\$hf_mig$
2007-11-14 18:49:54 0 d-------- C:\Program Files\Winamp
2007-11-14 15:52:26 0 d-------- C:\WINDOWS\Internet Logs
2007-11-14 15:47:36 0 d-------- C:\Program Files\Cisco Systems
2007-11-14 15:39:44 0 d-------- C:\WINDOWS\CCBAA1F7E5E148B29ED9A79C6A37CE78.TMP
2007-11-14 15:31:22 0 d-------- C:\WINDOWS\14FCFE7CAB86428A9D2EBFB6F5A7AA6E.TMP
2007-11-14 15:28:21 113596 --a------ C:\WINDOWS\system32\dneinobj.dll <Not Verified; Deterministic Networks, Inc.; >
2007-11-14 13:51:23 0 d-------- C:\Program Files\Mozilla Sunbird
2007-11-14 12:43:37 0 d-------- C:\Program Files\IBM Standalone Solutions Configuration Tool
2007-11-14 12:27:36 0 d-------- C:\IBM_config
2007-11-14 11:47:21 0 d-------- C:\FS_config
2007-11-14 11:46:43 0 d-------- C:\Program Files\MSXML 6.0
2007-11-14 11:42:48 0 d-------- C:\WINDOWS\system32\pl-pl
2007-11-14 11:40:12 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-14 11:38:38 0 d-------- C:\Trilogy
2007-11-14 11:38:38 0 d-------- C:\Program Files\Crystal Decisions
2007-11-14 11:38:38 0 d-------- C:\Program Files\Common Files\Crystal Decisions
2007-11-14 11:38:15 0 d-------- C:\Program Files\Java Web Start
2007-11-14 11:38:00 0 d-------- C:\Program Files\Java
2007-11-14 11:37:16 0 d-------- C:\WINDOWS\system32\LogFiles
2007-11-14 11:37:16 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-14 11:35:01 0 d-------- C:\WINDOWS\l2schemas
2007-11-14 11:33:32 0 d-------- C:\WINDOWS\network diagnostic
2007-11-14 11:32:21 0 d-------- C:\hp_config
2007-11-14 11:28:58 0 d-------- C:\WINDOWS\ServicePackFiles
2007-11-14 11:26:13 0 d-------- C:\Program Files\CrazyPug Software
2007-11-14 11:23:37 0 d-------- C:\Program Files\MSBuild
2007-11-14 11:20:47 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-11-14 11:20:02 0 d-------- C:\Program Files\Reference Assemblies
2007-11-14 11:08:35 0 d-------- C:\Program Files\HighMAT CD Writing Wizard
2007-11-14 1152 0 d-------- C:\WINDOWS\system32\URTTEMP
2007-11-14 10:59:15 0 d-------- C:\Program Files\AutoPatcher
2007-11-14 09:19:29 0 d-------- C:\Program Files\SubEdit-Player
2007-11-14 09:01:43 0 d-------- C:\Program Files\Psi
2007-11-14 08:35:04 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2007-11-14 08:34:55 0 d-------- C:\Program Files\Common Files\Teleca Shared
2007-11-14 08:34:53 0 d-------- C:\Program Files\Sony Ericsson
2007-11-14 08:34:43 0 d-------- C:\WINDOWS\Downloaded Installations
2007-11-13 19:51:02 188 --a------ C:\WINDOWS\x
2007-11-13 19:50:02 0 d-------- C:\Program Files\ThinkVantage
2007-11-13 19:49:23 16384 -----n--- C:\WINDOWS\PWMBTHLP.EXE
2007-11-13 19:49:22 4442 -----n--- C:\WINDOWS\system32\drivers\TPPWRIF.SYS
2007-11-13 18:59:31 0 d-------- C:\WINDOWS\system32\(null)
2007-11-13 18:59:25 0 d-------- C:\Program Files\Common Files\Lenovo
2007-11-13 18:15:59 53248 -----n--- C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2007-11-13 18:15:59 1285632 -----n--- C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2007-11-13 18:15:59 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2007-11-13 18:15:59 0 d-------- C:\Program Files\Analog Devices
2007-11-13 18:15:58 45056 -----n--- C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2007-11-13 14:59:31 0 d-------- C:\Program Files\Intel
2007-11-13 14:54:37 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-11-13 14:44:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-13 14:43:53 0 d-------- C:\Program Files\Lenovo
2007-11-13 14:32:16 0 d-------- C:\WINDOWS\system32\Lang
2007-11-13 14:31:53 0 d-------- C:\Intel
2007-11-13 14:21:49 0 d-------- C:\WINDOWS\system32\appmgmt
2007-11-13 13:56:22 58048 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
2007-11-13 13:56:21 108256 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>
2007-11-13 03:39:25 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-11-13 03:16:26 0 d-------- C:\Program Files\TrueCrypt
2007-11-13 02:47:09 0 d-------- C:\Program Files\MSXML 4.0
2007-11-13 02:40:59 0 d-------- C:\WINDOWS\pss
2007-11-13 02:40:23 1495552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll <Not Verified; PGP Corporation; PGPsdk>
2007-11-13 02:17:53 0 d-------- C:\Program Files\Common Files\Cisco Systems


-- Find3M Report ---------------------------------------------------------------

2007-12-04 10:00:52 0 d-------- C:\Program Files\ThinkVantage Fingerprint Software
2007-12-04 09:52:10 0 d-------- C:\Program Files\Gadu-Gadu
2007-11-29 18:48:25 497126 --a------ C:\WINDOWS\system32\perfh015.dat
2007-11-29 18:48:25 88794 --a------ C:\WINDOWS\system32\perfc015.dat
2007-11-29 18:34:48 0 d-------- C:\Program Files\Common Files
2007-11-22 11:11:03 0 d-------- C:\Documents and Settings\mariusz_User\Dane aplikacji\Simply Super Software
2007-11-19 21:19:23 0 d-------- C:\Documents and Settings\mariusz_User\Dane aplikacji\Adobe
2007-11-19 15:18:49 0 d-------- C:\Documents and Settings\mariusz_User\Dane aplikacji\Grisoft
2007-11-19 12:55:22 0 d-------- C:\Documents and Settings\mariusz_User\Dane aplikacji\ABBYY
2007-11-18 18:18:50 0 d-------- C:\Documents and Settings\mariusz_User\Dane aplikacji\Sonic
2007-11-18 18:18:29 0 d-------- C:\Documents and Settings\mariusz_User\Dane aplikacji\Leadertech
2007-11-15 15:01:59 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-15 12:01:03 0 d-------- C:\Documents and Settings\mariusz_User\Dane aplikacji\Ahead
2007-11-14 18:50:07 0 d-------- C:\Documents and Settings\mariusz_User\Dane aplikacji\Winamp
2007-11-14 14:02:11 0 d-------- C:\Program Files\mariusz
2007-11-14 13:51:29 0 d-------- C:\Documents and Settings\mariusz_User\Dane aplikacji\Mozilla
2007-11-14 11:39:05 0 d-------- C:\Program Files\Common Files\InstallShield
2007-11-14 1109 0 d-------- C:\Program Files\Messenger
2007-11-14 10:12:43 0 d-------- C:\Documents and Settings\mariusz_User\Dane aplikacji\TrueCrypt
2007-11-14 08:40:29 0 d-------- C:\Documents and Settings\mariusz_User\Dane aplikacji\Teleca
2007-11-14 08:39:43 0 d-------- C:\Documents and Settings\mariusz_User\Dane aplikacji\Sony Ericsson
2007-11-13 19:51:05 0 d-------- C:\Program Files\ThinkPad
2007-11-13 03:46:51 0 d-------- C:\Documents and Settings\mariusz_User\Dane aplikacji\Thunderbird
2007-11-13 02:41:08 0 d-------- C:\Program Files\Network Associates
2007-11-13 02:41:08 0 d-------- C:\Program Files\Common Files\Network Associates


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C80EAD3-74CD-4700-83A4-AA878CD1C03C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ED74DAC-C3E9-45D4-950A-BDD8EF574F62}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2007-09-28 13:28 C:\WINDOWS\system32\TpShocks.exe]
"PSQLLauncher"="C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" [2007-03-08 16:48]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [2006-11-17 03:06]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2004-02-19 12:07]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 15:06]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-21 01:19]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 09:11]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 14:49]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 02:33]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-21 01:19]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30]
"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-03-23 02:02]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-11-22 11:08]
"iyyuefcx"="C:\ldckbrqw.bat" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]
"TrueCrypt"="C:\Program Files\TrueCrypt\TrueCrypt.exe" [2007-05-03 21:21]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44]
"NPDTRAY"="C:\PROGRA~1\Lenovo\NPDIRECT\NPDTray.exe" [2007-04-10 03:03]

C:\Documents and Settings\mariusz_User\Menu Start\Programy\Autostart\
Launcher.lnk - C:\Program Files\mariusz\sua.exe [2002-02-28 13:31:46]
Psi.lnk - C:\Program Files\Psi\psi.exe [2006-01-11 14:54:54]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-27 17:43:30]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-11-29 18:34:50]
MultiMon Taskbar.lnk - C:\Program Files\MMTaskbar\MultiMon.exe [2007-11-20 08:44:50]
Zasobnik programu McAfee Desktop Firewall.lnk - C:\Program Files\Network Associates\McAfee Desktop Firewall dla Windows XP\FireTray.exe [2007-08-08 07:41:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2007-03-08 17:08 89600 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 16:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-14 11:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=msjt3032Patch.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkjh.dll
"Notification Packages"= scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^SBW-Autoupdate.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\SBW-Autoupdate.lnk
backup=C:\WINDOWS\pss\SBW-Autoupdate.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"VMware NAT Service"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"TVT Scheduler"=2 (0x2)
"TPHDEXLGSVC"=2 (0x2)
"SUService"=2 (0x2)
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"IBMPMSVC"=2 (0x2)
"btwdins"=2 (0x2)
"WinDefend"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a901a06b-9185-11dc-9257-005056c00008}]
AutoRun\command- K:\USBNB.exe

*Newly Created Service* - ENTDRV51



-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7489 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-12-04 11:56:35 ------------
Attached Files
File Type: txt extra.txt (31.3 KB, 1 views)
mariuszca is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here