Thread: Need help removing "mm27nov[1].exe", and other
View Single Post
Old 01-20-2008, 07:42 AM   #3 (permalink)
polishsocca11
Registered User
 
Join Date: Jan 2008
Posts: 6
OS: xp


Re: Need help removing "mm27nov[1].exe", and other
Hey, thanks for the quick reply everything seemed to go well with the scans, here are teh results (report.txt, main.txt)


SDFix: Version 1.129

Run by Tomek on Sun 01/20/2008 at 09:00 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Tomek\Desktop\SDFix

Safe Mode:
Checking Services:

Name:
FCI
Network Monitor
uaijiteb5ooyei

Path:
C:\WINDOWS\system32\svchost.exe:ext.exe
C:\Program Files\Network Monitor\netmon.exe service
C:\WINDOWS\system32\cjnr4r43236485.exe /service

FCI - Deleted
Network Monitor - Deleted
uaijiteb5ooyei - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Service mp32 - Deleted after Reboot
Service xpdx - Deleted after Reboot

Normal Mode:
Checking Files:

Trojan Files Found:

C:\344788~1 - Deleted
C:\Program Files\Helper\superfinderusa.dll - Deleted
C:\Program Files\Helper\superfindout.dll - Deleted
C:\Program Files\Temporary\kernInstall.exe - Deleted
C:\b?_log.txt - Deleted
C:\WINDOWS\Uninst2.htm - Deleted
C:\WINDOWS\Unist1.htm - Deleted
C:\WINDOWS\system32\xpdx.sys - Deleted
C:\WINDOWS\system32\dxdss.sys - Deleted



Folder C:\Program Files\Helper - Removed
Folder C:\Program Files\Network Monitor - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Temp\abW9 - Removed
Folder C:\WINDOWS\system32\f02WtR - Removed
Folder C:\WINDOWS\system32\rMa17yy - Removed


Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 09:29:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program glowny"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Documents and Settings\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\K94TI1W3\\WoWMovieDownloader-EnUS[1].exe"="C:\\Documents and Settings\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\K94TI1W3\\WoWMovieDownloader-EnUS[1].exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Warcraft III\\war3.exe"="C:\\Program Files\\Warcraft III\\war3.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\World of Warcraft\\WoW-1.6.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.6.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ilovepolishwomen\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\ilovepolishwomen\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\World of Warcraft\\WoW-1.5.1.4449-to-1.9.0.4937-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.5.1.4449-to-1.9.0.4937-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Documents and Settings\\User\\My Documents\\Tomek's Folder\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\User\\My Documents\\Tomek's Folder\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ilovepolishwomen\\day of defeat\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\ilovepolishwomen\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\matt23375\\half-life\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\matt23375\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Diablo\\diablo.exe"="C:\\Program Files\\Diablo\\diablo.exe:*:Enabled:Diablo"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Documents and Settings\\User\\My Documents\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\User\\My Documents\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\Tomek\\.limewire\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Tomek\\.limewire\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\Tomek\\My Documents\\.limewire\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Tomek\\My Documents\\.limewire\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\Tomek\\My Documents\\LimeWire\\.limewire\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Tomek\\My Documents\\LimeWire\\.limewire\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\Tomek\\My Documents\\Tomeks Folder\\LimeWire\\.limewire\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Tomek\\My Documents\\Tomeks Folder\\LimeWire\\.limewire\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1163036108\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1163036108\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1163036108\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1163036108\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\Tomek\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 26 Nov 2006 162 A..H. --- "C:\Program Files\QuickTime\~$qttask.exe"
Sun 26 Nov 2006 162 A..H. --- "C:\Program Files\Symantec AntiVirus\~$VPTray.exe"
Wed 13 Apr 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 26 Nov 2006 162 A..H. --- "C:\Program Files\Common Files\AOL\Launch\~$llaunch.exe"
Sun 26 Nov 2006 162 A..H. --- "C:\Program Files\Java\jre1.5.0_06\bin\~$usched.exe"
Thu 9 Aug 2007 126,976 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Tomek\LOCALS~1\Temp\~10C.tmp"
Fri 17 Aug 2007 126,976 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Tomek\LOCALS~1\Temp\~11B.tmp"
Tue 10 Apr 2007 126,976 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Tomek\LOCALS~1\Temp\~12.tmp"
Fri 7 Sep 2007 215,040 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Tomek\LOCALS~1\Temp\~15D.tmp"
Fri 10 Aug 2007 126,976 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Tomek\LOCALS~1\Temp\~2C.tmp"
Sun 22 Jul 2007 126,976 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Tomek\LOCALS~1\Temp\~40.tmp"
Mon 13 Aug 2007 126,976 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Tomek\LOCALS~1\Temp\~5A.tmp"
Mon 23 Jul 2007 126,976 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Tomek\LOCALS~1\Temp\~5C.tmp"
Sun 2 Sep 2007 214,528 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Tomek\LOCALS~1\Temp\~5F.tmp"
Sat 21 Jul 2007 126,976 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Tomek\LOCALS~1\Temp\~641.tmp"
Sat 7 Apr 2007 122,880 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Tomek\LOCALS~1\Temp\~723.tmp"
Sun 8 Apr 2007 122,880 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Tomek\LOCALS~1\Temp\~8.tmp"
Sun 19 Aug 2007 126,976 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Tomek\LOCALS~1\Temp\~832.tmp"
Mon 20 Aug 2007 214,528 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Tomek\LOCALS~1\Temp\~874.tmp"
Sat 11 Aug 2007 126,976 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Tomek\LOCALS~1\Temp\~9.tmp"
Tue 4 Sep 2007 214,528 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Tomek\LOCALS~1\Temp\~A7.tmp"
Mon 16 Jul 2007 126,976 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Tomek\LOCALS~1\Temp\~D0.tmp"
Thu 16 Aug 2007 126,976 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Tomek\LOCALS~1\Temp\~D3.tmp"
Mon 9 Apr 2007 122,880 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Tomek\LOCALS~1\Temp\~F.tmp"

Finished!



Deckard's System Scanner v20071014.68
Run by Tomek on 2008-01-20 09:35:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-20 09:36:42
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonNT.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Common Files\AOL\1163036108\ee\aolsoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Tomek\Desktop\dss[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.roadrunner.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - C:\WINDOWS\system32\iphttphl2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1163036108\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [cjnr4r42986185] C:\WINDOWS\system32\cjnr4r42986185.exe
O4 - HKLM\..\Run: [nlkfev76087652] C:\WINDOWS\system32\nlkfev76087652.exe
O4 - HKLM\..\Run: [cjnr4r42192690] C:\WINDOWS\system32\cjnr4r42192690.exe
O4 - HKLM\..\Run: [cjnr4r43639770] C:\WINDOWS\system32\cjnr4r43639770.exe
O4 - HKLM\..\Run: [nlkfev72724542] C:\WINDOWS\system32\nlkfev72724542.exe
O4 - HKLM\..\Run: [cjnr4r476025] C:\WINDOWS\system32\cjnr4r476025.exe
O4 - HKLM\..\Run: [cjnr4r47663240] C:\WINDOWS\system32\cjnr4r47663240.exe
O4 - HKLM\..\Run: [cjnr4r41198495] C:\WINDOWS\system32\cjnr4r41198495.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dior4f43929931] C:\WINDOWS\system32\dior4f43929931.exe
O4 - HKLM\..\Run: [mlsdf8h3548229] C:\WINDOWS\system32\mlsdf8h3548229.exe
O4 - HKLM\..\Run: [cjnr4r42264435] C:\WINDOWS\system32\cjnr4r42264435.exe
O4 - HKLM\..\Run: [nlkfev79403662] C:\WINDOWS\system32\nlkfev79403662.exe
O4 - HKLM\..\Run: [cjnr4r42273260] C:\WINDOWS\system32\cjnr4r42273260.exe
O4 - HKLM\..\Run: [sklrr7y4712878] C:\WINDOWS\system32\sklrr7y4712878.exe
O4 - HKLM\..\Run: [dior4f47934371] C:\WINDOWS\system32\dior4f47934371.exe
O4 - HKLM\..\Run: [sklrr7y9546028] C:\WINDOWS\system32\sklrr7y9546028.exe
O4 - HKLM\..\Run: [nlkfev79015397] C:\WINDOWS\system32\nlkfev79015397.exe
O4 - HKLM\..\Run: [sklrr7y5688178] C:\WINDOWS\system32\sklrr7y5688178.exe
O4 - HKLM\..\Run: [sklrr7y2715978] C:\WINDOWS\system32\sklrr7y2715978.exe
O4 - HKLM\..\Run: [cjnr4r46193640] C:\WINDOWS\system32\cjnr4r46193640.exe
O4 - HKLM\..\Run: [nlkfev77533962] C:\WINDOWS\system32\nlkfev77533962.exe
O4 - HKLM\..\Run: [sklrr7y6312728] C:\WINDOWS\system32\sklrr7y6312728.exe
O4 - HKLM\..\Run: [cjnr4r43337735] C:\WINDOWS\system32\cjnr4r43337735.exe
O4 - HKLM\..\Run: [sklrr7y8168548] C:\WINDOWS\system32\sklrr7y8168548.exe
O4 - HKLM\..\Run: [sklrr7y1871983] C:\WINDOWS\system32\sklrr7y1871983.exe
O4 - HKLM\..\Run: [sklrr7y7508933] C:\WINDOWS\system32\sklrr7y7508933.exe
O4 - HKLM\..\Run: [nlkfev71825087] C:\WINDOWS\system32\nlkfev71825087.exe
O4 - HKLM\..\Run: [nlkfev73246982] C:\WINDOWS\system32\nlkfev73246982.exe
O4 - HKLM\..\Run: [dior4f47282931] C:\WINDOWS\system32\dior4f47282931.exe
O4 - HKLM\..\Run: [nlkfev75326202] C:\WINDOWS\system32\nlkfev75326202.exe
O4 - HKLM\..\Run: [mlsdf8h8887034] C:\WINDOWS\system32\mlsdf8h8887034.exe
O4 - HKLM\..\Run: [dior4f43695691] C:\WINDOWS\system32\dior4f43695691.exe
O4 - HKLM\..\Run: [nlkfev74649652] C:\WINDOWS\system32\nlkfev74649652.exe
O4 - HKLM\..\Run: [cjnr4r44112275] C:\WINDOWS\system32\cjnr4r44112275.exe
O4 - HKLM\..\Run: [sklrr7y2746243] C:\WINDOWS\system32\sklrr7y2746243.exe
O4 - HKLM\..\Run: [mlsdf8h1076759] C:\WINDOWS\system32\mlsdf8h1076759.exe
O4 - HKLM\..\Run: [cjnr4r43726670] C:\WINDOWS\system32\cjnr4r43726670.exe
O4 - HKLM\..\Run: [mlsdf8h2532124] C:\WINDOWS\system32\mlsdf8h2532124.exe
O4 - HKLM\..\Run: [cjnr4r44741090] C:\WINDOWS\system32\cjnr4r44741090.exe
O4 - HKLM\..\Run: [mlsdf8h7618944] C:\WINDOWS\system32\mlsdf8h7618944.exe
O4 - HKLM\..\Run: [mlsdf8h8742639] C:\WINDOWS\system32\mlsdf8h8742639.exe
O4 - HKLM\..\Run: [cjnr4r43416115] C:\WINDOWS\system32\cjnr4r43416115.exe
O4 - HKLM\..\Run: [cjnr4r47649280] C:\WINDOWS\system32\cjnr4r47649280.exe
O4 - HKLM\..\Run: [sklrr7y3730863] C:\WINDOWS\system32\sklrr7y3730863.exe
O4 - HKLM\..\Run: [cjnr4r43236485] C:\WINDOWS\system32\cjnr4r43236485.exe
O4 - HKLM\..\Run: [dior4f49385346] C:\WINDOWS\system32\dior4f49385346.exe
O4 - HKLM\..\Run: [sklrr7y6004428] C:\WINDOWS\system32\sklrr7y6004428.exe
O4 - HKLM\..\Run: [sklrr7y996773] C:\WINDOWS\system32\sklrr7y996773.exe
O4 - HKLM\..\Run: [sklrr7y1053608] C:\WINDOWS\system32\sklrr7y1053608.exe
O4 - HKLM\..\Run: [mlsdf8h7611949] C:\WINDOWS\system32\mlsdf8h7611949.exe
O4 - HKLM\..\Run: [cjnr4r497715] C:\WINDOWS\system32\cjnr4r497715.exe
O4 - HKLM\..\Run: [A2E1F63A] C:\WINDOWS\system32\nlkfev77134272.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [troy44] C:\WINDOWS\troy44.exe
O4 - HKLM\..\Run: [Kernel32_sysdamper] C:\WINDOWS\system32\drivers\sysdamp.exe
O4 - HKLM\..\RunServices: [cjnr4r42986185] C:\WINDOWS\system32\cjnr4r42986185.exe
O4 - HKLM\..\RunServices: [nlkfev76087652] C:\WINDOWS\system32\nlkfev76087652.exe
O4 - HKLM\..\RunServices: [cjnr4r42192690] C:\WINDOWS\system32\cjnr4r42192690.exe
O4 - HKLM\..\RunServices: [cjnr4r43639770] C:\WINDOWS\system32\cjnr4r43639770.exe
O4 - HKLM\..\RunServices: [nlkfev72724542] C:\WINDOWS\system32\nlkfev72724542.exe
O4 - HKLM\..\RunServices: [cjnr4r476025] C:\WINDOWS\system32\cjnr4r476025.exe
O4 - HKLM\..\RunServices: [cjnr4r47663240] C:\WINDOWS\system32\cjnr4r47663240.exe
O4 - HKLM\..\RunServices: [cjnr4r41198495] C:\WINDOWS\system32\cjnr4r41198495.exe
O4 - HKLM\..\RunServices: [dior4f43929931] C:\WINDOWS\system32\dior4f43929931.exe
O4 - HKLM\..\RunServices: [mlsdf8h3548229] C:\WINDOWS\system32\mlsdf8h3548229.exe
O4 - HKLM\..\RunServices: [cjnr4r42264435] C:\WINDOWS\system32\cjnr4r42264435.exe
O4 - HKLM\..\RunServices: [nlkfev79403662] C:\WINDOWS\system32\nlkfev79403662.exe
O4 - HKLM\..\RunServices: [cjnr4r42273260] C:\WINDOWS\system32\cjnr4r42273260.exe
O4 - HKLM\..\RunServices: [sklrr7y4712878] C:\WINDOWS\system32\sklrr7y4712878.exe
O4 - HKLM\..\RunServices: [dior4f47934371] C:\WINDOWS\system32\dior4f47934371.exe
O4 - HKLM\..\RunServices: [sklrr7y9546028] C:\WINDOWS\system32\sklrr7y9546028.exe
O4 - HKLM\..\RunServices: [nlkfev79015397] C:\WINDOWS\system32\nlkfev79015397.exe
O4 - HKLM\..\RunServices: [sklrr7y5688178] C:\WINDOWS\system32\sklrr7y5688178.exe
O4 - HKLM\..\RunServices: [sklrr7y2715978] C:\WINDOWS\system32\sklrr7y2715978.exe
O4 - HKLM\..\RunServices: [cjnr4r46193640] C:\WINDOWS\system32\cjnr4r46193640.exe
O4 - HKLM\..\RunServices: [nlkfev77533962] C:\WINDOWS\system32\nlkfev77533962.exe
O4 - HKLM\..\RunServices: [sklrr7y6312728] C:\WINDOWS\system32\sklrr7y6312728.exe
O4 - HKLM\..\RunServices: [cjnr4r43337735] C:\WINDOWS\system32\cjnr4r43337735.exe
O4 - HKLM\..\RunServices: [sklrr7y8168548] C:\WINDOWS\system32\sklrr7y8168548.exe
O4 - HKLM\..\RunServices: [sklrr7y1871983] C:\WINDOWS\system32\sklrr7y1871983.exe
O4 - HKLM\..\RunServices: [sklrr7y7508933] C:\WINDOWS\system32\sklrr7y7508933.exe
O4 - HKLM\..\RunServices: [nlkfev71825087] C:\WINDOWS\system32\nlkfev71825087.exe
O4 - HKLM\..\RunServices: [nlkfev73246982] C:\WINDOWS\system32\nlkfev73246982.exe
O4 - HKLM\..\RunServices: [dior4f47282931] C:\WINDOWS\system32\dior4f47282931.exe
O4 - HKLM\..\RunServices: [nlkfev75326202] C:\WINDOWS\system32\nlkfev75326202.exe
O4 - HKLM\..\RunServices: [mlsdf8h8887034] C:\WINDOWS\system32\mlsdf8h8887034.exe
O4 - HKLM\..\RunServices: [dior4f43695691] C:\WINDOWS\system32\dior4f43695691.exe
O4 - HKLM\..\RunServices: [nlkfev74649652] C:\WINDOWS\system32\nlkfev74649652.exe
O4 - HKLM\..\RunServices: [cjnr4r44112275] C:\WINDOWS\system32\cjnr4r44112275.exe
O4 - HKLM\..\RunServices: [sklrr7y2746243] C:\WINDOWS\system32\sklrr7y2746243.exe
O4 - HKLM\..\RunServices: [mlsdf8h1076759] C:\WINDOWS\system32\mlsdf8h1076759.exe
O4 - HKLM\..\RunServices: [cjnr4r43726670] C:\WINDOWS\system32\cjnr4r43726670.exe
O4 - HKLM\..\RunServices: [mlsdf8h2532124] C:\WINDOWS\system32\mlsdf8h2532124.exe
O4 - HKLM\..\RunServices: [cjnr4r44741090] C:\WINDOWS\system32\cjnr4r44741090.exe
O4 - HKLM\..\RunServices: [mlsdf8h7618944] C:\WINDOWS\system32\mlsdf8h7618944.exe
O4 - HKLM\..\RunServices: [mlsdf8h8742639] C:\WINDOWS\system32\mlsdf8h8742639.exe
O4 - HKLM\..\RunServices: [cjnr4r43416115] C:\WINDOWS\system32\cjnr4r43416115.exe
O4 - HKLM\..\RunServices: [cjnr4r47649280] C:\WINDOWS\system32\cjnr4r47649280.exe
O4 - HKLM\..\RunServices: [sklrr7y3730863] C:\WINDOWS\system32\sklrr7y3730863.exe
O4 - HKLM\..\RunServices: [cjnr4r43236485] C:\WINDOWS\system32\cjnr4r43236485.exe
O4 - HKLM\..\RunServices: [dior4f49385346] C:\WINDOWS\system32\dior4f49385346.exe
O4 - HKLM\..\RunServices: [sklrr7y6004428] C:\WINDOWS\system32\sklrr7y6004428.exe
O4 - HKLM\..\RunServices: [sklrr7y996773] C:\WINDOWS\system32\sklrr7y996773.exe
O4 - HKLM\..\RunServices: [sklrr7y1053608] C:\WINDOWS\system32\sklrr7y1053608.exe
O4 - HKLM\..\RunServices: [mlsdf8h7611949] C:\WINDOWS\system32\mlsdf8h7611949.exe
O4 - HKLM\..\RunServices: [cjnr4r497715] C:\WINDOWS\system32\cjnr4r497715.exe
O4 - HKLM\..\RunServices: [A2E1F63A] C:\WINDOWS\system32\nlkfev77134272.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1200715576843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1200715543375
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonNT.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
O23 - Service: Microsoft NAT Service (MSNAT) - Unknown owner - C:\WINDOWS\system32\msnat.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe


--
End of file - 15481 bytes

-- Files created between 2007-12-20 and 2008-01-20 -----------------------------

2008-01-20 08:59:22 0 d-------- C:\WINDOWS\ERUNT
2008-01-18 23:00:18 0 d-------- C:\Program Files\SpywareBlaster
2008-01-18 2105 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-18 15:33:43 10624 --a------ C:\WINDOWS\system32\drivers\pxark.sys <Not Verified; ; Prevx CSI>
2008-01-18 15:33:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-18 15:33:33 0 d-------- C:\Documents and Settings\Tomek\Application Data\PrevxCSI
2008-01-15 14:37:33 258127 --a------ C:\WINDOWS\system32\sysdamp.exe
2008-01-15 14:37:19 212008 --a------ C:\WINDOWS\system32\iphttphl2.dll
2008-01-15 14:37:19 58880 --a------ C:\uxgq.exe
2008-01-15 14:36:04 0 d-------- C:\WINDOWS\system32\edcA17
2008-01-11 17:54:34 0 d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2008-01-11 16:49:21 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-01-11 16:49:21 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-01-01 20:28:14 0 d-------- C:\WINDOWS\system32\ardCo17


-- Find3M Report ---------------------------------------------------------------

2008-01-20 09:25:26 0 d-------- C:\Program Files\Symantec AntiVirus
2008-01-18 22:14:57 0 d-------- C:\Program Files\Google
2008-01-18 22:12:07 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-18 22:09:21 0 d-------- C:\Program Files\AIM6
2008-01-18 20:59:45 0 d-------- C:\Program Files\Viewpoint
2008-01-11 17:54:50 0 d--h----- C:\Program Files\InstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB}]
01/15/2008 02:37 PM 212008 --a------ C:\WINDOWS\system32\iphttphl2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/12/2004 02:18 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/24/2006 02:24 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1163036108\ee\AOLSoftware.exe" [05/09/2006 07:24 PM]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/2006 11:59 AM]
"cjnr4r42986185"="C:\WINDOWS\system32\cjnr4r42986185.exe" []
"nlkfev76087652"="C:\WINDOWS\system32\nlkfev76087652.exe" []
"cjnr4r42192690"="C:\WINDOWS\system32\cjnr4r42192690.exe" []
"cjnr4r43639770"="C:\WINDOWS\system32\cjnr4r43639770.exe" []
"nlkfev72724542"="C:\WINDOWS\system32\nlkfev72724542.exe" []
"cjnr4r476025"="C:\WINDOWS\system32\cjnr4r476025.exe" []
"cjnr4r47663240"="C:\WINDOWS\system32\cjnr4r47663240.exe" []
"cjnr4r41198495"="C:\WINDOWS\system32\cjnr4r41198495.exe" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"dior4f43929931"="C:\WINDOWS\system32\dior4f43929931.exe" []
"mlsdf8h3548229"="C:\WINDOWS\system32\mlsdf8h3548229.exe" []
"cjnr4r42264435"="C:\WINDOWS\system32\cjnr4r42264435.exe" []
"nlkfev79403662"="C:\WINDOWS\system32\nlkfev79403662.exe" []
"cjnr4r42273260"="C:\WINDOWS\system32\cjnr4r42273260.exe" []
"sklrr7y4712878"="C:\WINDOWS\system32\sklrr7y4712878.exe" []
"dior4f47934371"="C:\WINDOWS\system32\dior4f47934371.exe" []
"sklrr7y9546028"="C:\WINDOWS\system32\sklrr7y9546028.exe" []
"nlkfev79015397"="C:\WINDOWS\system32\nlkfev79015397.exe" []
"sklrr7y5688178"="C:\WINDOWS\system32\sklrr7y5688178.exe" []
"sklrr7y2715978"="C:\WINDOWS\system32\sklrr7y2715978.exe" []
"cjnr4r46193640"="C:\WINDOWS\system32\cjnr4r46193640.exe" []
"nlkfev77533962"="C:\WINDOWS\system32\nlkfev77533962.exe" []
"sklrr7y6312728"="C:\WINDOWS\system32\sklrr7y6312728.exe" []
"cjnr4r43337735"="C:\WINDOWS\system32\cjnr4r43337735.exe" []
"sklrr7y8168548"="C:\WINDOWS\system32\sklrr7y8168548.exe" []
"sklrr7y1871983"="C:\WINDOWS\system32\sklrr7y1871983.exe" []
"sklrr7y7508933"="C:\WINDOWS\system32\sklrr7y7508933.exe" []
"nlkfev71825087"="C:\WINDOWS\system32\nlkfev71825087.exe" []
"nlkfev73246982"="C:\WINDOWS\system32\nlkfev73246982.exe" []
"dior4f47282931"="C:\WINDOWS\system32\dior4f47282931.exe" []
"nlkfev75326202"="C:\WINDOWS\system32\nlkfev75326202.exe" []
"mlsdf8h8887034"="C:\WINDOWS\system32\mlsdf8h8887034.exe" []
"dior4f43695691"="C:\WINDOWS\system32\dior4f43695691.exe" []
"nlkfev74649652"="C:\WINDOWS\system32\nlkfev74649652.exe" []
"cjnr4r44112275"="C:\WINDOWS\system32\cjnr4r44112275.exe" []
"sklrr7y2746243"="C:\WINDOWS\system32\sklrr7y2746243.exe" []
"mlsdf8h1076759"="C:\WINDOWS\system32\mlsdf8h1076759.exe" []
"cjnr4r43726670"="C:\WINDOWS\system32\cjnr4r43726670.exe" []
"mlsdf8h2532124"="C:\WINDOWS\system32\mlsdf8h2532124.exe" []
"cjnr4r44741090"="C:\WINDOWS\system32\cjnr4r44741090.exe" []
"mlsdf8h7618944"="C:\WINDOWS\system32\mlsdf8h7618944.exe" []
"mlsdf8h8742639"="C:\WINDOWS\system32\mlsdf8h8742639.exe" []
"cjnr4r43416115"="C:\WINDOWS\system32\cjnr4r43416115.exe" []
"cjnr4r47649280"="C:\WINDOWS\system32\cjnr4r47649280.exe" []
"sklrr7y3730863"="C:\WINDOWS\system32\sklrr7y3730863.exe" []
"cjnr4r43236485"="C:\WINDOWS\system32\cjnr4r43236485.exe" []
"dior4f49385346"="C:\WINDOWS\system32\dior4f49385346.exe" []
"sklrr7y6004428"="C:\WINDOWS\system32\sklrr7y6004428.exe" []
"sklrr7y996773"="C:\WINDOWS\system32\sklrr7y996773.exe" []
"sklrr7y1053608"="C:\WINDOWS\system32\sklrr7y1053608.exe" []
"mlsdf8h7611949"="C:\WINDOWS\system32\mlsdf8h7611949.exe" []
"cjnr4r497715"="C:\WINDOWS\system32\cjnr4r497715.exe" []
"A2E1F63A"="C:\WINDOWS\system32\nlkfev77134272.exe" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []
"troy44"="C:\WINDOWS\troy44.exe" []
"Kernel32_sysdamper"="C:\WINDOWS\system32\drivers\sysdamp.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/01/2006 01:32 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/20/2007 04:45 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"cjnr4r42986185"=C:\WINDOWS\system32\cjnr4r42986185.exe
"nlkfev76087652"=C:\WINDOWS\system32\nlkfev76087652.exe
"cjnr4r42192690"=C:\WINDOWS\system32\cjnr4r42192690.exe
"cjnr4r43639770"=C:\WINDOWS\system32\cjnr4r43639770.exe
"nlkfev72724542"=C:\WINDOWS\system32\nlkfev72724542.exe
"cjnr4r476025"=C:\WINDOWS\system32\cjnr4r476025.exe
"cjnr4r47663240"=C:\WINDOWS\system32\cjnr4r47663240.exe
"cjnr4r41198495"=C:\WINDOWS\system32\cjnr4r41198495.exe
"dior4f43929931"=C:\WINDOWS\system32\dior4f43929931.exe
"mlsdf8h3548229"=C:\WINDOWS\system32\mlsdf8h3548229.exe
"cjnr4r42264435"=C:\WINDOWS\system32\cjnr4r42264435.exe
"nlkfev79403662"=C:\WINDOWS\system32\nlkfev79403662.exe
"cjnr4r42273260"=C:\WINDOWS\system32\cjnr4r42273260.exe
"sklrr7y4712878"=C:\WINDOWS\system32\sklrr7y4712878.exe
"dior4f47934371"=C:\WINDOWS\system32\dior4f47934371.exe
"sklrr7y9546028"=C:\WINDOWS\system32\sklrr7y9546028.exe
"nlkfev79015397"=C:\WINDOWS\system32\nlkfev79015397.exe
"sklrr7y5688178"=C:\WINDOWS\system32\sklrr7y5688178.exe
"sklrr7y2715978"=C:\WINDOWS\system32\sklrr7y2715978.exe
"cjnr4r46193640"=C:\WINDOWS\system32\cjnr4r46193640.exe
"nlkfev77533962"=C:\WINDOWS\system32\nlkfev77533962.exe
"sklrr7y6312728"=C:\WINDOWS\system32\sklrr7y6312728.exe
"cjnr4r43337735"=C:\WINDOWS\system32\cjnr4r43337735.exe
"sklrr7y8168548"=C:\WINDOWS\system32\sklrr7y8168548.exe
"sklrr7y1871983"=C:\WINDOWS\system32\sklrr7y1871983.exe
"sklrr7y7508933"=C:\WINDOWS\system32\sklrr7y7508933.exe
"nlkfev71825087"=C:\WINDOWS\system32\nlkfev71825087.exe
"nlkfev73246982"=C:\WINDOWS\system32\nlkfev73246982.exe
"dior4f47282931"=C:\WINDOWS\system32\dior4f47282931.exe
"nlkfev75326202"=C:\WINDOWS\system32\nlkfev75326202.exe
"mlsdf8h8887034"=C:\WINDOWS\system32\mlsdf8h8887034.exe
"dior4f43695691"=C:\WINDOWS\system32\dior4f43695691.exe
"nlkfev74649652"=C:\WINDOWS\system32\nlkfev74649652.exe
"cjnr4r44112275"=C:\WINDOWS\system32\cjnr4r44112275.exe
"sklrr7y2746243"=C:\WINDOWS\system32\sklrr7y2746243.exe
"mlsdf8h1076759"=C:\WINDOWS\system32\mlsdf8h1076759.exe
"cjnr4r43726670"=C:\WINDOWS\system32\cjnr4r43726670.exe
"mlsdf8h2532124"=C:\WINDOWS\system32\mlsdf8h2532124.exe
"cjnr4r44741090"=C:\WINDOWS\system32\cjnr4r44741090.exe
"mlsdf8h7618944"=C:\WINDOWS\system32\mlsdf8h7618944.exe
"mlsdf8h8742639"=C:\WINDOWS\system32\mlsdf8h8742639.exe
"cjnr4r43416115"=C:\WINDOWS\system32\cjnr4r43416115.exe
"cjnr4r47649280"=C:\WINDOWS\system32\cjnr4r47649280.exe
"sklrr7y3730863"=C:\WINDOWS\system32\sklrr7y3730863.exe
"cjnr4r43236485"=C:\WINDOWS\system32\cjnr4r43236485.exe
"dior4f49385346"=C:\WINDOWS\system32\dior4f49385346.exe
"sklrr7y6004428"=C:\WINDOWS\system32\sklrr7y6004428.exe
"sklrr7y996773"=C:\WINDOWS\system32\sklrr7y996773.exe
"sklrr7y1053608"=C:\WINDOWS\system32\sklrr7y1053608.exe
"mlsdf8h7611949"=C:\WINDOWS\system32\mlsdf8h7611949.exe
"cjnr4r497715"=C:\WINDOWS\system32\cjnr4r497715.exe
"A2E1F63A"=C:\WINDOWS\system32\nlkfev77134272.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\04cg0ryk.dll]
RUNDLL32.EXE 04cg0ryk.dll,b 12805156

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\64 CHIC FAST TRAY]
C:\Documents and Settings\All Users\Application Data\GLOBALDOG64CHIC\Hideamen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Biasheart]
C:\DOCUME~1\User\APPLIC~1\antielse\Onlinebashwin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
"C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
"C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CU1]
C:\Program Files\Common Files\VCClient\VCClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CU2]
C:\Program Files\Common Files\VCClient\VCMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
"C:\Program Files\Gadu-Gadu\gg.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\httskm]
C:\WINDOWS\system32\httskm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMONTRAY]
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QOELOADER]
"C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SP2 Connection Patcher]
"C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
C:\Program Files\webHancer\Programs\whagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
C:\Program Files\webHancer\Programs\whsurvey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsysupd]
C:\windows\winsysupd.exe

*Newly Created Service* - GTNDIS5
*Newly Created Service* - MP32
*Newly Created Service* - XPDX



-- End of Deckard's System Scanner: finished at 2008-01-20 09:37:52 ------------
polishsocca11 is offline