Wox

Hi all,
my XP ThinkPad might be infected by keyloggers and other malware.
I just want a "clear" on it, or if it is not clear, I want to clear it.
Thanks

<ACTIVESCAN.TXT START>
Incident Status Location

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xa89681f.default\cookies.txt[.com.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xa89681f.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xa89681f.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xa89681f.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xa89681f.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xa89681f.default\cookies.txt[.toplist.cz/]
Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xa89681f.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xa89681f.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt

<ACTIVESCAN.TXT END>

<MAIN.TXT START>
Deckard's System Scanner v20071014.68
Run by Administrator on 2007-10-26 17:31:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-10-27 00:31:25 UTC - RP1 - ¨t²ÎÀˬdÂI


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-10-26 17:32:43
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\ESET\Eset Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ESET\Eset Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\FlashGet\flashget.exe
C:\Documents and Settings\Administrator\®à*±\dss.exe
C:\WINDOWS\system32\conime.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ³sµ²
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\Eset Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Startup Manager] "C:\Program Files\Advanced System Optimizer\startUp manager.exe"
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O8 - Extra context menu item: &¨Ï¥Î FlashGet ¤U¸ü - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &¥þ³¡¨Ï¥Î FlashGet ¤U¸ü - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: ¶×¥X¦Ü Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java ¥D±±¥x - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: °Ñ¦Ò¸ê®Æ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://68.96.160.54:86/kxhcm10.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1182946519109
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://129.57.20.46:1497/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{88660B64-BE7B-4103-B223-C07E27D7E1B2}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\Eset Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\ESET\Eset Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SiteAdvisor ªA°È (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSvc.exe


--
End of file - 9623 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 TPDiskPM - c:\windows\system32\drivers\tpdiskpm.sys <Not Verified; IBM Corporation; IBM SATA Power Management Driver>
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 TPInput - c:\windows\system32\drivers\tpinput.sys <Not Verified; IBM Corporation; IBM SATA Power Management Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe

S2 AcrSch2Svc (Acronis Scheduler2 Service) - "c:\program files\common files\acronis\schedule2\schedul2.exe" (file missing)
S3 ACS (ACU Configuration Service) - c:\windows\system32\acs.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\NSC1100\4&3863886D&0
Manufacturer:
Name:
PNP Device ID: ACPI\NSC1100\4&3863886D&0
Service:

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\MOUSE\0000
Manufacturer: IBM Corporation
Name:
PNP Device ID: ROOT\MOUSE\0000
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-10-26 1747 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-10-12 15:00:00 418 --a------ C:\WINDOWS\Tasks\Norton(TM) Security Scan.job
2007-10-12 15:00:00 424 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2007-09-21 19:27:27 178 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
2007-09-21 19:26:41 288 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
2007-06-27 05:49:31 316 --a------ C:\WINDOWS\Tasks\PMTask.job


-- Files created between 2007-09-26 and 2007-10-26 -----------------------------

2007-10-26 17:16:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Systweak
2007-10-26 17:13:02 0 d-------- C:\Program Files\Advanced System Optimizer
2007-10-23 21:42:56 0 d-------- C:\Program Files\a-squared Free
2007-10-23 21:39:55 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-19 19:31:17 0 d-------- C:\Program Files\SpywareBlaster
2007-10-12 14:48:41 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-10-12 13:45:59 0 d-------- C:\Program Files\AusLogics Disk Defrag
2007-09-30 10:52:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Eset
2007-09-30 10:51:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Eset


-- Find3M Report ---------------------------------------------------------------

2007-10-26 17:26:26 0 d-------- C:\Program Files\FlashGet
2007-10-26 07:09:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2007-10-24 16:40:10 0 d-------- C:\Program Files\Windows Defender
2007-10-24 16:36:09 0 d-------- C:\Program Files\Google
2007-10-24 06:46:00 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-23 21:34:36 0 d-------- C:\Program Files\Norton Security Scan
2007-10-12 14:49:13 0 d-------- C:\Program Files\CCleaner
2007-10-09 17:00:35 0 d-------- C:\Program Files\Common Files\Real
2007-10-09 17:00:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-10-09 17:00:33 0 d-------- C:\Program Files\Common Files
2007-10-07 16:42:34 0 d-------- C:\Program Files\Real
2007-10-07 16:42:05 348160 --a------ C:\WINDOWS\system32\msvcr71.dll <Not Verified; Microsoft Corporation; MicrosoftR Visual Studio .NET>
2007-10-07 16:42:05 499712 --a------ C:\WINDOWS\system32\msvcp71.dll <Not Verified; Microsoft Corporation; MicrosoftR Visual Studio .NET>
2007-09-30 15:04:33 0 d-------- C:\Program Files\Eset Nod32
2007-09-30 10:11:58 0 d-------- C:\Program Files\PC Tools Firewall Plus
2007-09-21 19:24:20 0 d-------- C:\Program Files\Microsoft LifeCam
2007-09-09 21:19:48 0 d-------- C:\Program Files\Clean MemXP
2007-09-07 05:37:49 0 d-------- C:\Program Files\SiteAdvisor
2007-09-05 21:43:31 3154 --a------ C:\WINDOWS\mozver.dat
2007-09-05 21:43:30 0 d-------- C:\Program Files\Panda Security


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006/03/02 ¤W¤È 06:00]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005/04/03 ¤U¤È 09:43]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004/11/07 ¤U¤È 08:17]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004/11/07 ¤U¤È 08:17]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005/04/13 ¤W¤È 10:01]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2004/02/04 ¤W¤È 03:39]
"TP4EX"="tp4ex.exe" [2004/11/11 ¤W¤È 10:07 C:\WINDOWS\system32\TP4EX.exe]
"TrackPointSrv"="tp4serv.exe" [2005/06/12 ¤U¤È 12:52 C:\WINDOWS\system32\tp4serv.exe]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [2003/07/14 ¤W¤È 07:57]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [2003/07/14 ¤W¤È 07:57]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2007/04/10 ¤U¤È 02:46]
"egui"="C:\Program Files\Eset\Eset Smart Security\egui.exe" [2007/09/21 ¤W¤È 09:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006/03/02 ¤W¤È 06:00]
"Startup Manager"="C:\Program Files\Advanced System Optimizer\startUp manager.exe" [2007/06/22 ¤W¤È 11:55]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"=ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)
"NoResolveSearch"=0 (0x0)
"ClearRecentDocsOnExit"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2004/08/12 ¤W¤È 05:11 24576 C:\WINDOWS\system32\tphklock.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2276aa6-25e0-11dc-b331-0013ce77aeb7}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe




-- End of Deckard's System Scanner: finished at 2007-10-26 17:33:09 ------------
<MAIN.TXT END>

Attached Files

extra.txt (14.6 KB, 0 views)