Thread: Need help removing "mm27nov[1].exe", and other
View Single Post
Old 01-19-2008, 11:49 AM   #1 (permalink)
polishsocca11
Registered User
 
Join Date: Jan 2008
Posts: 6
OS: xp


Need help removing "mm27nov[1].exe", and other
I seem to have caught a by teh title above and althogh my symantec antivirus catches and supposedly deletes it, it keeps re-appearing, usually paired with anotehr .exe file such as 702595621.exe. Also getting pop-ups on internet explorer for teh first tiem ever.I have a 8 files located in my symantec quarntine listed as downloaders and trojan.adclickers... im sure thers plenty more that the scan hasnt picked up. I attached teh panda scan text and extra text from dds.Heres the dds log:


Deckard's System Scanner v20071014.68
Run by Tomek on 2008-01-19 13:26:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-01-19 18:27:14 UTC - RP283 - Deckard's System Scanner Restore Point
1: 2008-01-18 19:55:37 UTC - RP282 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-19 13:31:18
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonNT.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Common Files\AOL\1163036108\ee\aolsoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Tomek\Local Settings\Temporary Internet Files\Content.IE5\AZGF9IJ2\dss[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.roadrunner.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfindout.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - C:\WINDOWS\system32\iphttphl2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1163036108\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [cjnr4r42986185] C:\WINDOWS\system32\cjnr4r42986185.exe
O4 - HKLM\..\Run: [nlkfev76087652] C:\WINDOWS\system32\nlkfev76087652.exe
O4 - HKLM\..\Run: [cjnr4r42192690] C:\WINDOWS\system32\cjnr4r42192690.exe
O4 - HKLM\..\Run: [cjnr4r43639770] C:\WINDOWS\system32\cjnr4r43639770.exe
O4 - HKLM\..\Run: [nlkfev72724542] C:\WINDOWS\system32\nlkfev72724542.exe
O4 - HKLM\..\Run: [cjnr4r476025] C:\WINDOWS\system32\cjnr4r476025.exe
O4 - HKLM\..\Run: [cjnr4r47663240] C:\WINDOWS\system32\cjnr4r47663240.exe
O4 - HKLM\..\Run: [cjnr4r41198495] C:\WINDOWS\system32\cjnr4r41198495.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dior4f43929931] C:\WINDOWS\system32\dior4f43929931.exe
O4 - HKLM\..\Run: [mlsdf8h3548229] C:\WINDOWS\system32\mlsdf8h3548229.exe
O4 - HKLM\..\Run: [cjnr4r42264435] C:\WINDOWS\system32\cjnr4r42264435.exe
O4 - HKLM\..\Run: [nlkfev79403662] C:\WINDOWS\system32\nlkfev79403662.exe
O4 - HKLM\..\Run: [cjnr4r42273260] C:\WINDOWS\system32\cjnr4r42273260.exe
O4 - HKLM\..\Run: [sklrr7y4712878] C:\WINDOWS\system32\sklrr7y4712878.exe
O4 - HKLM\..\Run: [dior4f47934371] C:\WINDOWS\system32\dior4f47934371.exe
O4 - HKLM\..\Run: [sklrr7y9546028] C:\WINDOWS\system32\sklrr7y9546028.exe
O4 - HKLM\..\Run: [nlkfev79015397] C:\WINDOWS\system32\nlkfev79015397.exe
O4 - HKLM\..\Run: [sklrr7y5688178] C:\WINDOWS\system32\sklrr7y5688178.exe
O4 - HKLM\..\Run: [sklrr7y2715978] C:\WINDOWS\system32\sklrr7y2715978.exe
O4 - HKLM\..\Run: [cjnr4r46193640] C:\WINDOWS\system32\cjnr4r46193640.exe
O4 - HKLM\..\Run: [nlkfev77533962] C:\WINDOWS\system32\nlkfev77533962.exe
O4 - HKLM\..\Run: [sklrr7y6312728] C:\WINDOWS\system32\sklrr7y6312728.exe
O4 - HKLM\..\Run: [cjnr4r43337735] C:\WINDOWS\system32\cjnr4r43337735.exe
O4 - HKLM\..\Run: [sklrr7y8168548] C:\WINDOWS\system32\sklrr7y8168548.exe
O4 - HKLM\..\Run: [sklrr7y1871983] C:\WINDOWS\system32\sklrr7y1871983.exe
O4 - HKLM\..\Run: [sklrr7y7508933] C:\WINDOWS\system32\sklrr7y7508933.exe
O4 - HKLM\..\Run: [nlkfev71825087] C:\WINDOWS\system32\nlkfev71825087.exe
O4 - HKLM\..\Run: [nlkfev73246982] C:\WINDOWS\system32\nlkfev73246982.exe
O4 - HKLM\..\Run: [dior4f47282931] C:\WINDOWS\system32\dior4f47282931.exe
O4 - HKLM\..\Run: [nlkfev75326202] C:\WINDOWS\system32\nlkfev75326202.exe
O4 - HKLM\..\Run: [mlsdf8h8887034] C:\WINDOWS\system32\mlsdf8h8887034.exe
O4 - HKLM\..\Run: [dior4f43695691] C:\WINDOWS\system32\dior4f43695691.exe
O4 - HKLM\..\Run: [nlkfev74649652] C:\WINDOWS\system32\nlkfev74649652.exe
O4 - HKLM\..\Run: [cjnr4r44112275] C:\WINDOWS\system32\cjnr4r44112275.exe
O4 - HKLM\..\Run: [sklrr7y2746243] C:\WINDOWS\system32\sklrr7y2746243.exe
O4 - HKLM\..\Run: [mlsdf8h1076759] C:\WINDOWS\system32\mlsdf8h1076759.exe
O4 - HKLM\..\Run: [cjnr4r43726670] C:\WINDOWS\system32\cjnr4r43726670.exe
O4 - HKLM\..\Run: [mlsdf8h2532124] C:\WINDOWS\system32\mlsdf8h2532124.exe
O4 - HKLM\..\Run: [cjnr4r44741090] C:\WINDOWS\system32\cjnr4r44741090.exe
O4 - HKLM\..\Run: [mlsdf8h7618944] C:\WINDOWS\system32\mlsdf8h7618944.exe
O4 - HKLM\..\Run: [mlsdf8h8742639] C:\WINDOWS\system32\mlsdf8h8742639.exe
O4 - HKLM\..\Run: [cjnr4r43416115] C:\WINDOWS\system32\cjnr4r43416115.exe
O4 - HKLM\..\Run: [cjnr4r47649280] C:\WINDOWS\system32\cjnr4r47649280.exe
O4 - HKLM\..\Run: [sklrr7y3730863] C:\WINDOWS\system32\sklrr7y3730863.exe
O4 - HKLM\..\Run: [cjnr4r43236485] C:\WINDOWS\system32\cjnr4r43236485.exe
O4 - HKLM\..\Run: [dior4f49385346] C:\WINDOWS\system32\dior4f49385346.exe
O4 - HKLM\..\Run: [sklrr7y6004428] C:\WINDOWS\system32\sklrr7y6004428.exe
O4 - HKLM\..\Run: [sklrr7y996773] C:\WINDOWS\system32\sklrr7y996773.exe
O4 - HKLM\..\Run: [sklrr7y1053608] C:\WINDOWS\system32\sklrr7y1053608.exe
O4 - HKLM\..\Run: [mlsdf8h7611949] C:\WINDOWS\system32\mlsdf8h7611949.exe
O4 - HKLM\..\Run: [cjnr4r497715] C:\WINDOWS\system32\cjnr4r497715.exe
O4 - HKLM\..\Run: [A2E1F63A] C:\WINDOWS\system32\nlkfev77134272.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000512.exe 61A847B5BBF72813329B385373FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E2C2832217339926033AAC
O4 - HKLM\..\Run: [troy44] C:\WINDOWS\troy44.exe
O4 - HKLM\..\Run: [Kernel32_sysdamper] C:\WINDOWS\system32\drivers\sysdamp.exe
O4 - HKLM\..\RunServices: [cjnr4r42986185] C:\WINDOWS\system32\cjnr4r42986185.exe
O4 - HKLM\..\RunServices: [nlkfev76087652] C:\WINDOWS\system32\nlkfev76087652.exe
O4 - HKLM\..\RunServices: [cjnr4r42192690] C:\WINDOWS\system32\cjnr4r42192690.exe
O4 - HKLM\..\RunServices: [cjnr4r43639770] C:\WINDOWS\system32\cjnr4r43639770.exe
O4 - HKLM\..\RunServices: [nlkfev72724542] C:\WINDOWS\system32\nlkfev72724542.exe
O4 - HKLM\..\RunServices: [cjnr4r476025] C:\WINDOWS\system32\cjnr4r476025.exe
O4 - HKLM\..\RunServices: [cjnr4r47663240] C:\WINDOWS\system32\cjnr4r47663240.exe
O4 - HKLM\..\RunServices: [cjnr4r41198495] C:\WINDOWS\system32\cjnr4r41198495.exe
O4 - HKLM\..\RunServices: [dior4f43929931] C:\WINDOWS\system32\dior4f43929931.exe
O4 - HKLM\..\RunServices: [mlsdf8h3548229] C:\WINDOWS\system32\mlsdf8h3548229.exe
O4 - HKLM\..\RunServices: [cjnr4r42264435] C:\WINDOWS\system32\cjnr4r42264435.exe
O4 - HKLM\..\RunServices: [nlkfev79403662] C:\WINDOWS\system32\nlkfev79403662.exe
O4 - HKLM\..\RunServices: [cjnr4r42273260] C:\WINDOWS\system32\cjnr4r42273260.exe
O4 - HKLM\..\RunServices: [sklrr7y4712878] C:\WINDOWS\system32\sklrr7y4712878.exe
O4 - HKLM\..\RunServices: [dior4f47934371] C:\WINDOWS\system32\dior4f47934371.exe
O4 - HKLM\..\RunServices: [sklrr7y9546028] C:\WINDOWS\system32\sklrr7y9546028.exe
O4 - HKLM\..\RunServices: [nlkfev79015397] C:\WINDOWS\system32\nlkfev79015397.exe
O4 - HKLM\..\RunServices: [sklrr7y5688178] C:\WINDOWS\system32\sklrr7y5688178.exe
O4 - HKLM\..\RunServices: [sklrr7y2715978] C:\WINDOWS\system32\sklrr7y2715978.exe
O4 - HKLM\..\RunServices: [cjnr4r46193640] C:\WINDOWS\system32\cjnr4r46193640.exe
O4 - HKLM\..\RunServices: [nlkfev77533962] C:\WINDOWS\system32\nlkfev77533962.exe
O4 - HKLM\..\RunServices: [sklrr7y6312728] C:\WINDOWS\system32\sklrr7y6312728.exe
O4 - HKLM\..\RunServices: [cjnr4r43337735] C:\WINDOWS\system32\cjnr4r43337735.exe
O4 - HKLM\..\RunServices: [sklrr7y8168548] C:\WINDOWS\system32\sklrr7y8168548.exe
O4 - HKLM\..\RunServices: [sklrr7y1871983] C:\WINDOWS\system32\sklrr7y1871983.exe
O4 - HKLM\..\RunServices: [sklrr7y7508933] C:\WINDOWS\system32\sklrr7y7508933.exe
O4 - HKLM\..\RunServices: [nlkfev71825087] C:\WINDOWS\system32\nlkfev71825087.exe
O4 - HKLM\..\RunServices: [nlkfev73246982] C:\WINDOWS\system32\nlkfev73246982.exe
O4 - HKLM\..\RunServices: [dior4f47282931] C:\WINDOWS\system32\dior4f47282931.exe
O4 - HKLM\..\RunServices: [nlkfev75326202] C:\WINDOWS\system32\nlkfev75326202.exe
O4 - HKLM\..\RunServices: [mlsdf8h8887034] C:\WINDOWS\system32\mlsdf8h8887034.exe
O4 - HKLM\..\RunServices: [dior4f43695691] C:\WINDOWS\system32\dior4f43695691.exe
O4 - HKLM\..\RunServices: [nlkfev74649652] C:\WINDOWS\system32\nlkfev74649652.exe
O4 - HKLM\..\RunServices: [cjnr4r44112275] C:\WINDOWS\system32\cjnr4r44112275.exe
O4 - HKLM\..\RunServices: [sklrr7y2746243] C:\WINDOWS\system32\sklrr7y2746243.exe
O4 - HKLM\..\RunServices: [mlsdf8h1076759] C:\WINDOWS\system32\mlsdf8h1076759.exe
O4 - HKLM\..\RunServices: [cjnr4r43726670] C:\WINDOWS\system32\cjnr4r43726670.exe
O4 - HKLM\..\RunServices: [mlsdf8h2532124] C:\WINDOWS\system32\mlsdf8h2532124.exe
O4 - HKLM\..\RunServices: [cjnr4r44741090] C:\WINDOWS\system32\cjnr4r44741090.exe
O4 - HKLM\..\RunServices: [mlsdf8h7618944] C:\WINDOWS\system32\mlsdf8h7618944.exe
O4 - HKLM\..\RunServices: [mlsdf8h8742639] C:\WINDOWS\system32\mlsdf8h8742639.exe
O4 - HKLM\..\RunServices: [cjnr4r43416115] C:\WINDOWS\system32\cjnr4r43416115.exe
O4 - HKLM\..\RunServices: [cjnr4r47649280] C:\WINDOWS\system32\cjnr4r47649280.exe
O4 - HKLM\..\RunServices: [sklrr7y3730863] C:\WINDOWS\system32\sklrr7y3730863.exe
O4 - HKLM\..\RunServices: [cjnr4r43236485] C:\WINDOWS\system32\cjnr4r43236485.exe
O4 - HKLM\..\RunServices: [dior4f49385346] C:\WINDOWS\system32\dior4f49385346.exe
O4 - HKLM\..\RunServices: [sklrr7y6004428] C:\WINDOWS\system32\sklrr7y6004428.exe
O4 - HKLM\..\RunServices: [sklrr7y996773] C:\WINDOWS\system32\sklrr7y996773.exe
O4 - HKLM\..\RunServices: [sklrr7y1053608] C:\WINDOWS\system32\sklrr7y1053608.exe
O4 - HKLM\..\RunServices: [mlsdf8h7611949] C:\WINDOWS\system32\mlsdf8h7611949.exe
O4 - HKLM\..\RunServices: [cjnr4r497715] C:\WINDOWS\system32\cjnr4r497715.exe
O4 - HKLM\..\RunServices: [A2E1F63A] C:\WINDOWS\system32\nlkfev77134272.exe
O4 - HKLM\..\RunOnce: [RemoveInstallPath] cmd.exe C:\WINDOWS\system32\cmd.exe /c rmdir /S /Q "C:\PROGRA~1\Dot1XCfg" > nul
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1200715576843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1200715543375
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonNT.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
O23 - Service: Microsoft NAT Service (MSNAT) - Unknown owner - C:\WINDOWS\system32\msnat.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe service
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Print Spooler Service (uaijiteb5ooyei) - Unknown owner - C:\WINDOWS\system32\cjnr4r43236485.exe /service
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe


--
End of file - 16530 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 SIODRV - c:\windows\system32\drivers\siodrv.sys <Not Verified; Intel Corporation; Intel(R) Active Monitor>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 SMBios (Intel (R) System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel (R) System Management BIOS Driver>
R3 smbusp (Intel(R) SMBus 2.0 Driver) - c:\windows\system32\drivers\smb.sys <Not Verified; Intel Corporation; Intel(R) SMBus Controller>

S3 dump_wmimmc - c:\ijji\english\gunbound revolution\gameguard\dump_wmimmc.sys (file missing)
S3 Jukebox3 - c:\windows\system32\drivers\ctpdusb.sys (file missing)
S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel(R) iQVW32.SYS>
S3 npkcrypt - c:\program files\gravity\ro\npkcrypt.sys (file missing)
S3 npkycryp - c:\program files\gravity\ro\npkycryp.sys (file missing)
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 pxark - c:\windows\system32\drivers\pxark.sys <Not Verified; ; Prevx CSI>
S3 STEAMDVR - c:\program files\valve\steam\bin\x86\steamdvr.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 imonNT (Intel(R) Active Monitor) - c:\program files\intel\intel(r) active monitor\imonnt.exe <Not Verified; Intel Corp.; Intel(R) Active Monitor>

S2 Creative Service for CDROM Access - c:\windows\system32\ctsvccda.exe (file missing)
S2 FCI - c:\windows\system32\svchost.exe:ext.exe (file missing)
S2 MDM (Machine Debug Manager) - "c:\program files\common files\microsoft shared\vs7debug\mdm.exe" (file missing)
S2 MSNAT (Microsoft NAT Service) - "c:\windows\system32\msnat.exe" (file missing)
S2 Network Monitor - c:\program files\network monitor\netmon.exe service (file missing)
S2 uaijiteb5ooyei (Print Spooler Service) - c:\windows\system32\cjnr4r43236485.exe /service (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_1040&SUBSYS_10008086&REV_00\4&29817089&0&10F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_1040&SUBSYS_10008086&REV_00\4&29817089&0&10F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-01-19 13:00:01 256 --ah----- C:\WINDOWS\Tasks\AF20026B907BB563.job


-- Files created between 2007-12-19 and 2008-01-19 -----------------------------

2008-01-18 23:00:18 0 d-------- C:\Program Files\SpywareBlaster
2008-01-18 22:51:28 65 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2008-01-18 22:51:28 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware>
2008-01-18 2105 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-18 2101 0 d-------- C:\WINDOWS\LastGood
2008-01-18 15:33:43 10624 --a------ C:\WINDOWS\system32\drivers\pxark.sys <Not Verified; ; Prevx CSI>
2008-01-18 15:33:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-18 15:33:33 0 d-------- C:\Documents and Settings\Tomek\Application Data\PrevxCSI
2008-01-15 14:37:34 2 --a------ C:\344788627
2008-01-15 14:37:33 258127 --a------ C:\WINDOWS\system32\sysdamp.exe
2008-01-15 14:37:24 54764 --a------ C:\WINDOWS\system32\dxdss.sys
2008-01-15 14:37:19 212008 --a------ C:\WINDOWS\system32\iphttphl2.dll
2008-01-15 14:37:19 58880 --a------ C:\uxgq.exe
2008-01-15 14:36:04 0 d-------- C:\WINDOWS\system32\edcA17
2008-01-11 17:54:34 0 d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2008-01-11 16:49:21 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-01-11 16:49:21 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-01-02 12:12:27 0 d-------- C:\Program Files\Temporary
2008-01-01 20:29:56 0 d-------- C:\Program Files\Helper
2008-01-01 20:29:06 54764 --a------ C:\WINDOWS\system32\xpdx.sys
2008-01-01 20:28:14 0 d-------- C:\WINDOWS\system32\ardCo17


-- Find3M Report ---------------------------------------------------------------

2008-01-18 22:24:36 0 d-------- C:\Program Files\Symantec AntiVirus
2008-01-18 22:14:57 0 d-------- C:\Program Files\Google
2008-01-18 22:12:07 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-18 22:09:21 0 d-------- C:\Program Files\AIM6
2008-01-18 20:59:45 0 d-------- C:\Program Files\Viewpoint
2008-01-11 17:54:50 0 d--h----- C:\Program Files\InstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
01/18/2008 03:51 PM 15872 --a------ C:\Program Files\Helper\superfindout.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}]
01/18/2008 03:51 PM 15872 --a------ C:\Program Files\Helper\superfindout.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB}]
01/15/2008 02:37 PM 212008 --a------ C:\WINDOWS\system32\iphttphl2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/12/2004 02:18 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/24/2006 02:24 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1163036108\ee\AOLSoftware.exe" [05/09/2006 07:24 PM]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/2006 11:59 AM]
"cjnr4r42986185"="C:\WINDOWS\system32\cjnr4r42986185.exe" []
"nlkfev76087652"="C:\WINDOWS\system32\nlkfev76087652.exe" []
"cjnr4r42192690"="C:\WINDOWS\system32\cjnr4r42192690.exe" []
"cjnr4r43639770"="C:\WINDOWS\system32\cjnr4r43639770.exe" []
"nlkfev72724542"="C:\WINDOWS\system32\nlkfev72724542.exe" []
"cjnr4r476025"="C:\WINDOWS\system32\cjnr4r476025.exe" []
"cjnr4r47663240"="C:\WINDOWS\system32\cjnr4r47663240.exe" []
"cjnr4r41198495"="C:\WINDOWS\system32\cjnr4r41198495.exe" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"dior4f43929931"="C:\WINDOWS\system32\dior4f43929931.exe" []
"mlsdf8h3548229"="C:\WINDOWS\system32\mlsdf8h3548229.exe" []
"cjnr4r42264435"="C:\WINDOWS\system32\cjnr4r42264435.exe" []
"nlkfev79403662"="C:\WINDOWS\system32\nlkfev79403662.exe" []
"cjnr4r42273260"="C:\WINDOWS\system32\cjnr4r42273260.exe" []
"sklrr7y4712878"="C:\WINDOWS\system32\sklrr7y4712878.exe" []
"dior4f47934371"="C:\WINDOWS\system32\dior4f47934371.exe" []
"sklrr7y9546028"="C:\WINDOWS\system32\sklrr7y9546028.exe" []
"nlkfev79015397"="C:\WINDOWS\system32\nlkfev79015397.exe" []
"sklrr7y5688178"="C:\WINDOWS\system32\sklrr7y5688178.exe" []
"sklrr7y2715978"="C:\WINDOWS\system32\sklrr7y2715978.exe" []
"cjnr4r46193640"="C:\WINDOWS\system32\cjnr4r46193640.exe" []
"nlkfev77533962"="C:\WINDOWS\system32\nlkfev77533962.exe" []
"sklrr7y6312728"="C:\WINDOWS\system32\sklrr7y6312728.exe" []
"cjnr4r43337735"="C:\WINDOWS\system32\cjnr4r43337735.exe" []
"sklrr7y8168548"="C:\WINDOWS\system32\sklrr7y8168548.exe" []
"sklrr7y1871983"="C:\WINDOWS\system32\sklrr7y1871983.exe" []
"sklrr7y7508933"="C:\WINDOWS\system32\sklrr7y7508933.exe" []
"nlkfev71825087"="C:\WINDOWS\system32\nlkfev71825087.exe" []
"nlkfev73246982"="C:\WINDOWS\system32\nlkfev73246982.exe" []
"dior4f47282931"="C:\WINDOWS\system32\dior4f47282931.exe" []
"nlkfev75326202"="C:\WINDOWS\system32\nlkfev75326202.exe" []
"mlsdf8h8887034"="C:\WINDOWS\system32\mlsdf8h8887034.exe" []
"dior4f43695691"="C:\WINDOWS\system32\dior4f43695691.exe" []
"nlkfev74649652"="C:\WINDOWS\system32\nlkfev74649652.exe" []
"cjnr4r44112275"="C:\WINDOWS\system32\cjnr4r44112275.exe" []
"sklrr7y2746243"="C:\WINDOWS\system32\sklrr7y2746243.exe" []
"mlsdf8h1076759"="C:\WINDOWS\system32\mlsdf8h1076759.exe" []
"cjnr4r43726670"="C:\WINDOWS\system32\cjnr4r43726670.exe" []
"mlsdf8h2532124"="C:\WINDOWS\system32\mlsdf8h2532124.exe" []
"cjnr4r44741090"="C:\WINDOWS\system32\cjnr4r44741090.exe" []
"mlsdf8h7618944"="C:\WINDOWS\system32\mlsdf8h7618944.exe" []
"mlsdf8h8742639"="C:\WINDOWS\system32\mlsdf8h8742639.exe" []
"cjnr4r43416115"="C:\WINDOWS\system32\cjnr4r43416115.exe" []
"cjnr4r47649280"="C:\WINDOWS\system32\cjnr4r47649280.exe" []
"sklrr7y3730863"="C:\WINDOWS\system32\sklrr7y3730863.exe" []
"cjnr4r43236485"="C:\WINDOWS\system32\cjnr4r43236485.exe" []
"dior4f49385346"="C:\WINDOWS\system32\dior4f49385346.exe" []
"sklrr7y6004428"="C:\WINDOWS\system32\sklrr7y6004428.exe" []
"sklrr7y996773"="C:\WINDOWS\system32\sklrr7y996773.exe" []
"sklrr7y1053608"="C:\WINDOWS\system32\sklrr7y1053608.exe" []
"mlsdf8h7611949"="C:\WINDOWS\system32\mlsdf8h7611949.exe" []
"cjnr4r497715"="C:\WINDOWS\system32\cjnr4r497715.exe" []
"A2E1F63A"="C:\WINDOWS\system32\nlkfev77134272.exe" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []
"runner1"="C:\WINDOWS\mrofinu1000512.exe" []
"troy44"="C:\WINDOWS\troy44.exe" []
"Kernel32_sysdamper"="C:\WINDOWS\system32\drivers\sysdamp.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/01/2006 01:32 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/20/2007 04:45 PM]
"kernel"="C:\Program Files\kernel\kernel.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"RemoveInstallPath"=cmd.exe C:\WINDOWS\system32\cmd.exe /c rmdir /S /Q "C:\PROGRA~1\Dot1XCfg" > nul

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"cjnr4r42986185"=C:\WINDOWS\system32\cjnr4r42986185.exe
"nlkfev76087652"=C:\WINDOWS\system32\nlkfev76087652.exe
"cjnr4r42192690"=C:\WINDOWS\system32\cjnr4r42192690.exe
"cjnr4r43639770"=C:\WINDOWS\system32\cjnr4r43639770.exe
"nlkfev72724542"=C:\WINDOWS\system32\nlkfev72724542.exe
"cjnr4r476025"=C:\WINDOWS\system32\cjnr4r476025.exe
"cjnr4r47663240"=C:\WINDOWS\system32\cjnr4r47663240.exe
"cjnr4r41198495"=C:\WINDOWS\system32\cjnr4r41198495.exe
"dior4f43929931"=C:\WINDOWS\system32\dior4f43929931.exe
"mlsdf8h3548229"=C:\WINDOWS\system32\mlsdf8h3548229.exe
"cjnr4r42264435"=C:\WINDOWS\system32\cjnr4r42264435.exe
"nlkfev79403662"=C:\WINDOWS\system32\nlkfev79403662.exe
"cjnr4r42273260"=C:\WINDOWS\system32\cjnr4r42273260.exe
"sklrr7y4712878"=C:\WINDOWS\system32\sklrr7y4712878.exe
"dior4f47934371"=C:\WINDOWS\system32\dior4f47934371.exe
"sklrr7y9546028"=C:\WINDOWS\system32\sklrr7y9546028.exe
"nlkfev79015397"=C:\WINDOWS\system32\nlkfev79015397.exe
"sklrr7y5688178"=C:\WINDOWS\system32\sklrr7y5688178.exe
"sklrr7y2715978"=C:\WINDOWS\system32\sklrr7y2715978.exe
"cjnr4r46193640"=C:\WINDOWS\system32\cjnr4r46193640.exe
"nlkfev77533962"=C:\WINDOWS\system32\nlkfev77533962.exe
"sklrr7y6312728"=C:\WINDOWS\system32\sklrr7y6312728.exe
"cjnr4r43337735"=C:\WINDOWS\system32\cjnr4r43337735.exe
"sklrr7y8168548"=C:\WINDOWS\system32\sklrr7y8168548.exe
"sklrr7y1871983"=C:\WINDOWS\system32\sklrr7y1871983.exe
"sklrr7y7508933"=C:\WINDOWS\system32\sklrr7y7508933.exe
"nlkfev71825087"=C:\WINDOWS\system32\nlkfev71825087.exe
"nlkfev73246982"=C:\WINDOWS\system32\nlkfev73246982.exe
"dior4f47282931"=C:\WINDOWS\system32\dior4f47282931.exe
"nlkfev75326202"=C:\WINDOWS\system32\nlkfev75326202.exe
"mlsdf8h8887034"=C:\WINDOWS\system32\mlsdf8h8887034.exe
"dior4f43695691"=C:\WINDOWS\system32\dior4f43695691.exe
"nlkfev74649652"=C:\WINDOWS\system32\nlkfev74649652.exe
"cjnr4r44112275"=C:\WINDOWS\system32\cjnr4r44112275.exe
"sklrr7y2746243"=C:\WINDOWS\system32\sklrr7y2746243.exe
"mlsdf8h1076759"=C:\WINDOWS\system32\mlsdf8h1076759.exe
"cjnr4r43726670"=C:\WINDOWS\system32\cjnr4r43726670.exe
"mlsdf8h2532124"=C:\WINDOWS\system32\mlsdf8h2532124.exe
"cjnr4r44741090"=C:\WINDOWS\system32\cjnr4r44741090.exe
"mlsdf8h7618944"=C:\WINDOWS\system32\mlsdf8h7618944.exe
"mlsdf8h8742639"=C:\WINDOWS\system32\mlsdf8h8742639.exe
"cjnr4r43416115"=C:\WINDOWS\system32\cjnr4r43416115.exe
"cjnr4r47649280"=C:\WINDOWS\system32\cjnr4r47649280.exe
"sklrr7y3730863"=C:\WINDOWS\system32\sklrr7y3730863.exe
"cjnr4r43236485"=C:\WINDOWS\system32\cjnr4r43236485.exe
"dior4f49385346"=C:\WINDOWS\system32\dior4f49385346.exe
"sklrr7y6004428"=C:\WINDOWS\system32\sklrr7y6004428.exe
"sklrr7y996773"=C:\WINDOWS\system32\sklrr7y996773.exe
"sklrr7y1053608"=C:\WINDOWS\system32\sklrr7y1053608.exe
"mlsdf8h7611949"=C:\WINDOWS\system32\mlsdf8h7611949.exe
"cjnr4r497715"=C:\WINDOWS\system32\cjnr4r497715.exe
"A2E1F63A"=C:\WINDOWS\system32\nlkfev77134272.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\04cg0ryk.dll]
RUNDLL32.EXE 04cg0ryk.dll,b 12805156

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\64 CHIC FAST TRAY]
C:\Documents and Settings\All Users\Application Data\GLOBALDOG64CHIC\Hideamen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Biasheart]
C:\DOCUME~1\User\APPLIC~1\antielse\Onlinebashwin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
"C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
"C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CU1]
C:\Program Files\Common Files\VCClient\VCClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CU2]
C:\Program Files\Common Files\VCClient\VCMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
"C:\Program Files\Gadu-Gadu\gg.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\httskm]
C:\WINDOWS\system32\httskm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMONTRAY]
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QOELOADER]
"C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SP2 Connection Patcher]
"C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
C:\Program Files\webHancer\Programs\whagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
C:\Program Files\webHancer\Programs\whsurvey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsysupd]
C:\windows\winsysupd.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cc575c4-fb84-11d8-8e10-806d6172696f}]
AutoRun\command- E:\Setup.exe

*Newly Created Service* - GTNDIS5
*Newly Created Service* - RKPAVPROC



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.doubleclick.net
127.0.0.1 ad.preferances.com
127.0.0.1 ad.doubleclick.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.washingtonpost.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.infospace.com

687 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-01-19 13:33:54 ------------
Attached Files
File Type: txt extra.txt (24.6 KB, 2 views)
File Type: txt Activescan.txt (16.5 KB, 0 views)
polishsocca11 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here