Thread: XP Infected with malware ProgDav and AntiVir XP 2008 fake program
View Single Post
Old 08-14-2008, 06:02 AM   #5 (permalink)
j_sollars
Registered User
 
Join Date: Jul 2008
Posts: 14
OS: XP


Re: XP Infected with malware ProgDav and AntiVir XP 2008 fake program
Here is the main.txt file.

Deckard's System Scanner v20071014.68
Run by bthrasher on 2008-08-14 06:57:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 91% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as bthrasher.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:00 AM, on 8/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sharp\Sharpdesk\IndexTray.exe
C:\Program Files\Sharp\Sharpdesk\Indexer.exe
C:\PROGRA~1\Sharp\SHARPD~1\Indexer.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files\Sharp\Sharpdesk\FtpServer.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Sharp\Sharpdesk\nsapp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Timeslips\TSTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\bthrasher\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\BTHRAS~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.111.*
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe"
O4 - HKLM\..\Run: [Indexer] "C:\Program Files\Sharp\Sharpdesk\Indexer.exe"
O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKLM\..\Run: [TypeRegChecker] "C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe"
O4 - HKLM\..\Run: [FtpServer.exe] "C:\Program Files\Sharp\Sharpdesk\FtpServer.exe" -usedefault
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [SymLnch] "C:\DOCUME~1\ADMINI~1.SWL\APPLIC~1\Symantec\Layouts\NORTON~1\1500~1.60\SYMALL~1\NIS_RE~1\90100\Support\SymLnch\SymLnch.exe" "C:\DOCUME~1\ADMINI~1.SWL\APPLIC~1\Symantec\Layouts\NORTON~1\1500~1.60\SYMALL~1\NIS_RE~1\90100\Setup.exe" "/SCANUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [TSTimer] "C:\Program Files\Timeslips\TSTimer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Lookup on CD - c:\AHD4withThesaurus\ahd.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Lookup on CD - {CB9CDC2D-0AB4-4031-A1F7-E9B4070CE521} - c:\AHD4withThesaurus\ahd.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://mail1/ConnectComputer/nshelp.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1121454892203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SWLAW.local
O17 - HKLM\Software\..\Telephony: DomainName = SWLAW.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6BCB16E-816D-4A01-9073-9B0132D8B32F}: NameServer = 192.168.111.10,12.166.24.72,12.166.24.73
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SWLAW.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: cru629.dat??h?5.1,avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 9185 bytes

-- Files created between 2008-07-14 and 2008-08-14 -----------------------------

2008-08-03 17:47:46 0 d-------- C:\Program Files\SpywareBlaster
2008-08-03 16:18:34 0 d-------- C:\Program Files\Panda Security
2008-08-03 16:00:07 0 d-------- C:\Program Files\Trend Micro
2008-07-30 08:12:49 0 d-------- C:\Documents and Settings\proberts\Recent
2008-07-30 08:12:49 0 d-------- C:\Documents and Settings\kwalls\Recent
2008-07-30 08:12:49 0 d-------- C:\Documents and Settings\bthrasher\Recent
2008-07-30 08:12:49 0 d-------- C:\Documents and Settings\bthrasher.BETH\Recent
2008-07-30 08:12:49 0 d-------- C:\Documents and Settings\All Users\Recent
2008-07-30 08:12:49 0 d-------- C:\Documents and Settings\Administrator\Recent
2008-07-30 08:12:49 0 d-------- C:\Documents and Settings\administrator.SWLAW\Recent
2008-07-30 08:12:49 0 d-------- C:\Documents and Settings\__sbs_netsetup__\Recent
2008-07-30 08:11:29 0 d-------- C:\Documents and Settings\proberts\Cookies
2008-07-30 08:11:29 0 d-------- C:\Documents and Settings\kwalls\Cookies
2008-07-30 08:11:29 0 d-------- C:\Documents and Settings\bthrasher.BETH\Cookies
2008-07-30 08:11:29 0 d-------- C:\Documents and Settings\All Users\Cookies
2008-07-30 08:11:29 0 d-------- C:\Documents and Settings\Administrator\Cookies
2008-07-30 08:11:29 0 d-------- C:\Documents and Settings\administrator.SWLAW\Cookies
2008-07-30 08:11:29 0 d-------- C:\Documents and Settings\__sbs_netsetup__\Cookies
2008-07-29 19:00:11 0 d-------- C:\Documents and Settings\administrator.SWLAW\Application Data\Lavasoft
2008-07-29 18:52:07 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-29 18:48:54 164 --a------ C:\install.dat
2008-07-29 18:48:24 0 d-------- C:\Program Files\Lavasoft
2008-07-29 18:35:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-07-29 18:35:16 0 d-------- C:\Temp
2008-07-29 18:11:40 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-29 18:11:18 0 d-------- C:\Program Files\Hitman Pro
2008-07-25 09:34:22 0 d--h----- C:\$AVG8.VAULT$
2008-07-25 08:58:38 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-25 08:58:24 0 d-------- C:\Program Files\AVG
2008-07-25 08:58:24 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-25 08:07:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-25 08:04:50 0 d-------- C:\WINDOWS\pss
2008-07-25 08:03:27 0 d-------- C:\Documents and Settings\administrator.SWLAW\Application Data\U3
2008-07-24 19:48:58 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-24 18:31:28 0 d-------- C:\Documents and Settings\administrator.SWLAW\Application Data\Macromedia
2008-07-24 18:13:39 0 d-------- C:\Documents and Settings\administrator.SWLAW\Application Data\rhc5scj0e96j
2008-07-24 16:51:31 0 d-------- C:\Program Files\rhc5scj0e96j
2008-07-24 16:49:09 60928 --a------ C:\WINDOWS\system32\blphc1scj0e96j.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-07-24 11:05:24 14772 --a------ C:\WINDOWS\otedody.sys
2008-07-24 11:05:24 18165 --a------ C:\WINDOWS\hazupexory.dat
2008-07-24 11:05:24 17564 --a------ C:\Program Files\Common Files\lupynuhum.scr
2008-07-24 11:05:24 19041 --a------ C:\Program Files\Common Files\juhufema.dll
2008-07-24 11:05:24 17878 --a------ C:\Documents and Settings\bthrasher\Application Data\synedere.dat
2008-07-24 11:05:24 10767 --a------ C:\Documents and Settings\bthrasher\Application Data\otisunehe.reg
2008-07-24 11:05:24 10643 --a------ C:\Documents and Settings\bthrasher\Application Data\okypuga.sys
2008-07-24 11:05:24 18494 --a------ C:\Documents and Settings\bthrasher\Application Data\kuwy.com
2008-07-24 11:05:24 19041 --a------ C:\Documents and Settings\All Users\Application Data\yvunezas.sys
2008-07-24 11:05:24 12451 --a------ C:\Documents and Settings\All Users\Application Data\yrovekyq.reg
2008-07-24 11:05:24 12813 --a------ C:\Documents and Settings\All Users\Application Data\yhik.exe
2008-07-24 11:05:24 17374 --a------ C:\Documents and Settings\All Users\Application Data\witicuz.scr
2008-07-24 11:05:24 14175 --a------ C:\Documents and Settings\All Users\Application Data\lovo.com
2008-07-24 11:05:24 14872 --a------ C:\Documents and Settings\All Users\Application Data\kicysuqa.scr
2008-07-15 15:09:21 0 d-------- C:\Program Files\Sun


-- Find3M Report ---------------------------------------------------------------

2008-08-13 17:33:36 0 d-------- C:\Program Files\Messenger
2008-08-12 09:50:45 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-08-07 12:56:10 0 d-------- C:\Documents and Settings\bthrasher\Application Data\Wal-Mart Digital Photo Manager
2008-07-29 18:48:13 0 d-------- C:\Program Files\Common Files
2008-07-25 08:09:08 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-24 11:05:24 10923 --a------ C:\Documents and Settings\bthrasher\Application Data\yneco.ban
2008-07-24 11:05:24 15559 --a------ C:\Documents and Settings\bthrasher\Application Data\rymibyd.dl
2008-07-24 11:05:24 11243 --a------ C:\Documents and Settings\bthrasher\Application Data\javofojix.ban
2008-07-15 15:08:25 0 d-------- C:\Program Files\Java
2008-06-05 13:37:21 2528 --a------ C:\Documents and Settings\bthrasher\Application Data\$_hpcst$.hpc
2008-05-15 12:09:57 501438 --a------ C:\Documents and Settings\bthrasher\Application Data\fontlst2.opf


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/26/2004 09:04 AM]
"StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [02/27/2004 12:29 PM]
"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [05/20/2004 11:40 AM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [01/07/2004 02:02 PM]
"IndexTray"="C:\Program Files\Sharp\Sharpdesk\IndexTray.exe" [09/14/2004 03:53 PM]
"Indexer"="C:\Program Files\Sharp\Sharpdesk\Indexer.exe" [09/14/2004 03:54 PM]
"SharpTray"="C:\Program Files\Sharp\Sharpdesk\SharpTray.exe" [09/14/2004 04:02 PM]
"TypeRegChecker"="C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe" [09/14/2004 03:55 PM]
"FtpServer.exe"="C:\Program Files\Sharp\Sharpdesk\FtpServer.exe" [09/13/2004 06:07 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/17/2005 08:31 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 03:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 03:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 03:50 PM]
"WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [06/18/2006 02:56 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [08/04/2004 06:00 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/25/2008 08:58 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TSTimer"="C:\Program Files\Timeslips\TSTimer.exe" [11/01/2004 04:55 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/18/2007 09:44 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SymLnch"="C:\DOCUME~1\ADMINI~1.SWL\APPLIC~1\Symantec\Layouts\NORTON~1\1500~1.60\SYMALL~1\NIS_RE~1\90100\Support\SymLnch\SymLnch.exe" "C:\DOCUME~1\ADMINI~1.SWL\APPLIC~1\Symantec\Layouts\NORTON~1\1500~1.60\SYMALL~1\NIS_RE~1\90100\Setup.exe" "/SCANUPREBOOT /temp /patched"

C:\Documents and Settings\bthrasher\Start Menu\Programs\Startup\
DESKTOP.INI [8/11/2004 6:15:06 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/11/2004 6:15:06 PM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 3:40:46 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=cru629.dat??h?5.1,avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rxd38.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2008-08-14 06:58:45 ------------
j_sollars is offline